909fdfeef66f20a0ce6275b334f8eec552f50222c0acb9f759f01a2c8c418d4b

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2025, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cryptic Installer.exe
Size

12.1MB
MD5

26115ce9c0aa825be82c500004825308
SHA1

0883c65e4c063b61647865d58cd3a3d46324365b
SHA256

909fdfeef66f20a0ce6275b334f8eec552f50222c0acb9f759f01a2c8c418d4b
SHA512

1368efd81bd46c02703e39008b19635ebd3c9ea98b32d7ac3b90f11b09c286d9b45511dd1aee3e9f6998ee7ecb7f81c9f2cdb9ccea142cf09cdc6ebbaa5882d4
SSDEEP

98304:b1FLZ04/tavoCAifjWKqgpvlYFDU2f8u06rA7BxMooQlititz12d:XT/taACAiCWvlYr8u0JrgQli6

Score

8^/10

defense_evasion discovery execution trojan

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
4772	powershell.exe
700	powershell.exe
3008	powershell.exe
776	powershell.exe
3008	powershell.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Cryptic Installer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
32	raw.githubusercontent.com
35	raw.githubusercontent.com
36	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133850985028907506"	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
700	powershell.exe
700	powershell.exe
700	powershell.exe
3008	powershell.exe
3008	powershell.exe
3008	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
2688	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeDebugPrivilege	700	powershell.exe
Token: SeDebugPrivilege	3008	powershell.exe
Token: SeIncreaseQuotaPrivilege	3008	powershell.exe
Token: SeSecurityPrivilege	3008	powershell.exe
Token: SeTakeOwnershipPrivilege	3008	powershell.exe
Token: SeLoadDriverPrivilege	3008	powershell.exe
Token: SeSystemProfilePrivilege	3008	powershell.exe
Token: SeSystemtimePrivilege	3008	powershell.exe
Token: SeProfSingleProcessPrivilege	3008	powershell.exe
Token: SeIncBasePriorityPrivilege	3008	powershell.exe
Token: SeCreatePagefilePrivilege	3008	powershell.exe
Token: SeBackupPrivilege	3008	powershell.exe
Token: SeRestorePrivilege	3008	powershell.exe
Token: SeShutdownPrivilege	3008	powershell.exe
Token: SeDebugPrivilege	3008	powershell.exe
Token: SeSystemEnvironmentPrivilege	3008	powershell.exe
Token: SeRemoteShutdownPrivilege	3008	powershell.exe
Token: SeUndockPrivilege	3008	powershell.exe
Token: SeManageVolumePrivilege	3008	powershell.exe
Token: 33	3008	powershell.exe
Token: 34	3008	powershell.exe
Token: 35	3008	powershell.exe
Token: 36	3008	powershell.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4164	Cryptic Installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 2688	4164	Cryptic Installer.exe	86
PID 4164 wrote to memory of 2688	4164	Cryptic Installer.exe	86
PID 2688 wrote to memory of 3900	2688	msedgewebview2.exe	87
PID 2688 wrote to memory of 3900	2688	msedgewebview2.exe	87
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 2736	2688	msedgewebview2.exe	92
PID 2688 wrote to memory of 1876	2688	msedgewebview2.exe	93
PID 2688 wrote to memory of 1876	2688	msedgewebview2.exe	93
PID 2688 wrote to memory of 824	2688	msedgewebview2.exe	94
PID 2688 wrote to memory of 824	2688	msedgewebview2.exe	94
PID 2688 wrote to memory of 824	2688	msedgewebview2.exe	94
PID 2688 wrote to memory of 824	2688	msedgewebview2.exe	94
PID 2688 wrote to memory of 824	2688	msedgewebview2.exe	94
PID 2688 wrote to memory of 824	2688	msedgewebview2.exe	94
PID 2688 wrote to memory of 824	2688	msedgewebview2.exe	94

C:\Users\Admin\AppData\Local\Temp\Cryptic Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Cryptic Installer.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="Cryptic Installer.exe" --webview-exe-version=0.1.0 --user-data-dir="C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=4164.808.6428856425721924527
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ff9169bb078,0x7ff9169bb084,0x7ff9169bb090
    3⤵
    PID:3900
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView" --webview-exe-name="Cryptic Installer.exe" --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1744,i,2814686048495622860,3716678655385708770,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1740 /prefetch:2
    3⤵
    PID:2736
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView" --webview-exe-name="Cryptic Installer.exe" --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2064,i,2814686048495622860,3716678655385708770,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:3
    3⤵
    PID:1876
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView" --webview-exe-name="Cryptic Installer.exe" --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2392,i,2814686048495622860,3716678655385708770,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2400 /prefetch:8
    3⤵
    PID:824
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView" --webview-exe-name="Cryptic Installer.exe" --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3596,i,2814686048495622860,3716678655385708770,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
    3⤵
    PID:3272
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -WindowStyle Hidden -Command "Get-MpPreference | Select-Object -ExpandProperty DisableRealtimeMonitoring"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:700
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -WindowStyle Hidden -Command " $avProducts = Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct; $foundAV = $false; foreach ($av in $avProducts) { # Skip Windows Defender as we check it separately if ($av.DisplayName -notlike '*Windows Defender*') { # Check if AV is enabled (bit 1 in productState should be 1) $hexState = [Convert]::ToString($av.ProductState, 16).PadLeft(6, '0') # Check if real-time protection is on (1) or off (0) $rtStatus = [Convert]::ToInt32($hexState.Substring(2, 2), 16) if ($rtStatus -band 0x10) { $foundAV = $true Write-Output \"enabled\" Write-Output $av.DisplayName exit } } } if (-not $foundAV) { Write-Output \"disabled\" Write-Output \"\" } "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3008
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -WindowStyle Hidden -Command " $app = Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like '*Microsoft Visual C++*2015-2022*' -and $_.Name -like '*64*' } # Also check registry as a fallback since Win32_Product is not always reliable $regKeys = @( 'HKLM:\SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x64', 'HKLM:\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.29,bundle' ) $regInstalled = $false foreach ($key in $regKeys) { if (Test-Path $key) { $regInstalled = $true break } } if ($app -or $regInstalled) { Write-Output 'true' } else { Write-Output 'false' } "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:776
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -WindowStyle Hidden -Command "Get-MpPreference | Select-Object -ExpandProperty DisableRealtimeMonitoring"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
77d622bb1a5b250869a3238b9bc1402b

SHA1
d47f4003c2554b9dfc4c16f22460b331886b191b

SHA256
f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb

SHA512
d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xtrsrc1t.4v3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
10661e2220c08a5e172523239cd4e3b2

SHA1
f1f81ca282d660b50c0ad28c82819e68c7aff763

SHA256
f1e79452d43706e2b29b48e8bfd411c4dc5e42857761100f2cbae93031e073f3

SHA512
8c29b15264bed346e91a167e2856cea5a218cc1c45c185feb3a2fb708e2885d720a5e6679992c054d7ed955cd7bf21d3e86356da281acd442439b92eca7c6957

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
6b315e13bf1490fb71f4b6ef1514f0ce

SHA1
f11186aef6174dc3f2f429bd8729bf9c11941d85

SHA256
7a1e12be84fc723dd71822ff93e8f73c99f6ae538c8abe65b144c95ab64ef1d4

SHA512
c1419565b9019625c50d9693aaa27f0d837d12d88af77af32617b878402c21d00ccb44126b7deb3e7b055dd3762d69fa2eca00d56e717760772f4648caea8cf2

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Code Cache\js\index-dir\temp-index

Filesize
72B

MD5
87a6e13e3cffa8451ede53b61604e837

SHA1
25ea808f3100c93f1542f7eaedc368ecbb96efd8

SHA256
70a83d1a187951411ccf65c8f47c9b62b6c27b2a0552c33e3cfe3e43c2a270d6

SHA512
021ee7a0ff004c70f48c5cbcb6a1dda7d347b6919dff06ff2e0da57ad410e3c0a7fa55c13f9b92f5326935786cace56ca52d34edb31982d287cded3423072f61

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
3ca4f1df34b222df4ebb1a086d0394b2

SHA1
b1f254f6362d7e8e09046c53be969df8bbf3eab2

SHA256
9fdd2d8c45a063cf4a7090e21cc61b7bb75f5ce52cb9f66541cc4306fa9b95fa

SHA512
0bf429d4962ba8a3896e7b27ed23f38f6e385757dc394e77d385218540e1816fc8d11c3fa8d4b5571edad057a1a002a7089e185894e7c2ab169b7caf41151249

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Network\890794bb-cb89-49f2-b16e-cf461350bdce.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Preferences

Filesize
6KB

MD5
0cbf4c035a6d47bf8f40db802025bf5b

SHA1
09dc55df536050a8b5458cee592b175454bf77fa

SHA256
1100a6a02cf2ead9ae2b039b4fb22c7abcdd468abb16416e15f1efd83dae619f

SHA512
4ba5b2c78ac10be5734a77523ed5289b93964d885a3cfd257c0ebf960c902ad4f5749e206fbc2d19287b632b2f7672cc367a6d4dd4d907c46aa9ec795dd1990a

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Preferences~RFe58589b.TMP

Filesize
6KB

MD5
eaf53b3427d014da012d3cece366991c

SHA1
8eeaaf662f358a1201dbdb642aace3aef545fad8

SHA256
f0bd30fbf8820c82f0b50ce4df6ee0f769c47ce73546c14bd0e24a40abcc9ed1

SHA512
de6ef450fccc8e5a35a6cff72bcdc2af6b2a44bd6ce1a7b914f68c8706d5704259957ff72592aa8ea6a9209805db0bf48ac1f06f3f8127d7ee84463850ec801f

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Local State

Filesize
2KB

MD5
a257018dcaf7849cfd8bcda8d91211ce

SHA1
dbe43975f4e0e60102a1fdb36e59b83b2204f806

SHA256
eff7018ad0d49aa3435b56fb1f8df169502385f80d63de755ab7f36e836c2e03

SHA512
395cb7d28cc49241a990c9c8955a6582585acbd06710bbc493f30c3b501c0c24540d0dcbe879b60ae119d3361d806d213d202ffcd18baea11b3ccedf01939cd5

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Local State

Filesize
3KB

MD5
97cf4ea3c84449425cd65e9346c260dd

SHA1
4ece8ce43060042b1d57983a9a872bd322c06112

SHA256
f94206f667aafbd43fd3b3a1a851ff737bcf6ac6c7bd936b1c503e201c0c39e3

SHA512
9fd1cafa7f5da04f6dd718c9539cb0b3761f699475cbe3e296c8176ff5c6aa54166efb947d778075b91fa23fd581be32bb209160fca0a8109a2bd0f53891c28e

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Local State

Filesize
1KB

MD5
fabe52a91477b60fc29c53ccfab010a2

SHA1
b9bf7e52074e303abb3fc6f0029967aff0de0443

SHA256
935dd9304d8c42da54be3a3258fb4e1d6ec4a75fb19e55890ada89b5997c1849

SHA512
75ecd29bb008dc1f29c2bdd085e793217871cce4c8f66c512333318756a62d89c7dca45d14f5320d4dbc74835466c4d10b5b99a07b6af044f953a142d5f32774

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Local State

Filesize
16KB

MD5
80ffb0dc308020e8a4b22b86e72eb4cc

SHA1
da44273f77166cec31d2095e5b13d404091e43f1

SHA256
6194c7809d8c4b57235a0cb04b6df8188a67dcc028b485986db52da44fc1a909

SHA512
fb171bfd2266bd93a289c1505922b7d12d2a10089b1b1b96d53ecb6bc2d5ed74f28545de345a473c42aa63b9ef1dd6a2362886ffc312626be2be8dd2e05009dd

Download Submit
C:\Users\Admin\AppData\Local\com.cryptic-installer.app\EBWebView\Local State~RFe57b90f.TMP

Filesize
1KB

MD5
267834540787efab1cee5aec934adf2d

SHA1
f7350968bc96d324bffda0d3593eaf39062349a1

SHA256
898b4800071b036e8b3ac47412f8b433e57946df344a017826feb449be9fe698

SHA512
ee53e3be9f7c8afdb010c9e2359b7ffee788d4f3519c02729c270cdfcac96547105f4f3fc0d22d0d0349172ea04f99d041faa515fbd555b700bbc55a1a74ee8f

Download Submit
memory/700-170-0x000001C86ECD0000-0x000001C86ECF2000-memory.dmp

Filesize
136KB

Download
memory/824-48-0x00007FF934350000-0x00007FF934351000-memory.dmp

Filesize
4KB

Download
memory/824-47-0x00007FF933130000-0x00007FF933131000-memory.dmp

Filesize
4KB

Download
memory/2736-26-0x00007FF933DA0000-0x00007FF933DA1000-memory.dmp

Filesize
4KB

Download
memory/3008-186-0x000001F575BE0000-0x000001F575C04000-memory.dmp

Filesize
144KB

Download
memory/3008-185-0x000001F575BE0000-0x000001F575C0A000-memory.dmp

Filesize
168KB

Download
memory/3272-144-0x00007FF933DA0000-0x00007FF933DA1000-memory.dmp

Filesize
4KB

Download