3a8318628d0faf7f59bce86b16f2314c76baa3b051c347596b0062fff0038a0d

Resubmissions

01-05-2022 09:04

220501-k11j9shefq 10

01-05-2022 08:46

220501-kps12shdhr 8

Analysis

max time kernel
152s
max time network
52s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-05-2022 08:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cristalix_updater-1.0.8-setup.exe
Size

79.0MB
MD5

992a47967462b1d3025239af460b42cb
SHA1

b334dc686981f931976ecb4528806742ed9b40aa
SHA256

3a8318628d0faf7f59bce86b16f2314c76baa3b051c347596b0062fff0038a0d
SHA512

b612dff0b16d3f3b0d265f5658d28058baa390b2860a3d6067cfb134cda3e2c6fb12e7fac1bac72d3937b8e2b68cc188e617c0d17e5e8c8eab3b0a23bd262d50

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 7 IoCs

Processes:

Update.exeSquirrel.exeCristalix.exeUpdate.exeCristalix.exeCristalix.exeUpdate.exe

pid process

1896 Update.exe
952 Squirrel.exe
868 Cristalix.exe
1644 Update.exe
828 Cristalix.exe
1984 Cristalix.exe
1144 Update.exe

pid	process
1896	Update.exe
952	Squirrel.exe
868	Cristalix.exe
1644	Update.exe
828	Cristalix.exe
1984	Cristalix.exe
1144	Update.exe

Loads dropped DLL 15 IoCs

Processes:

cristalix_updater-1.0.8-setup.exeUpdate.exeCristalix.exeUpdate.exeCristalix.exe

pid	process
1784	cristalix_updater-1.0.8-setup.exe
1896	Update.exe
1896	Update.exe
1896	Update.exe
1896	Update.exe
1896	Update.exe
1896	Update.exe
868	Cristalix.exe
868	Cristalix.exe
1644	Update.exe
1644	Update.exe
1644	Update.exe
1644	Update.exe
1984	Cristalix.exe
1984	Cristalix.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

Update.exeCristalix.exe

pid process

1896 Update.exe
1896 Update.exe
1984 Cristalix.exe
1984 Cristalix.exe

pid	process
1896	Update.exe
1896	Update.exe
1984	Cristalix.exe
1984	Cristalix.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Cristalix.exeUpdate.exe

description	pid	process
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeDebugPrivilege	1144	Update.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe
Token: SeShutdownPrivilege	1984	Cristalix.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Update.exe

pid process

1896 Update.exe

pid	process
1896	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cristalix_updater-1.0.8-setup.exeUpdate.exeCristalix.exe

description	pid	process	target process
PID 1784 wrote to memory of 1896	1784	cristalix_updater-1.0.8-setup.exe	Update.exe
PID 1784 wrote to memory of 1896	1784	cristalix_updater-1.0.8-setup.exe	Update.exe
PID 1784 wrote to memory of 1896	1784	cristalix_updater-1.0.8-setup.exe	Update.exe
PID 1784 wrote to memory of 1896	1784	cristalix_updater-1.0.8-setup.exe	Update.exe
PID 1784 wrote to memory of 1896	1784	cristalix_updater-1.0.8-setup.exe	Update.exe
PID 1784 wrote to memory of 1896	1784	cristalix_updater-1.0.8-setup.exe	Update.exe
PID 1784 wrote to memory of 1896	1784	cristalix_updater-1.0.8-setup.exe	Update.exe
PID 1896 wrote to memory of 952	1896	Update.exe	Squirrel.exe
PID 1896 wrote to memory of 952	1896	Update.exe	Squirrel.exe
PID 1896 wrote to memory of 952	1896	Update.exe	Squirrel.exe
PID 1896 wrote to memory of 952	1896	Update.exe	Squirrel.exe
PID 1896 wrote to memory of 952	1896	Update.exe	Squirrel.exe
PID 1896 wrote to memory of 952	1896	Update.exe	Squirrel.exe
PID 1896 wrote to memory of 952	1896	Update.exe	Squirrel.exe
PID 1896 wrote to memory of 868	1896	Update.exe	Cristalix.exe
PID 1896 wrote to memory of 868	1896	Update.exe	Cristalix.exe
PID 1896 wrote to memory of 868	1896	Update.exe	Cristalix.exe
PID 1896 wrote to memory of 868	1896	Update.exe	Cristalix.exe
PID 868 wrote to memory of 1644	868	Cristalix.exe	Update.exe
PID 868 wrote to memory of 1644	868	Cristalix.exe	Update.exe
PID 868 wrote to memory of 1644	868	Cristalix.exe	Update.exe
PID 868 wrote to memory of 1644	868	Cristalix.exe	Update.exe
PID 868 wrote to memory of 1644	868	Cristalix.exe	Update.exe
PID 868 wrote to memory of 1644	868	Cristalix.exe	Update.exe
PID 868 wrote to memory of 1644	868	Cristalix.exe	Update.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe
PID 868 wrote to memory of 828	868	Cristalix.exe	Cristalix.exe

C:\Users\Admin\AppData\Local\Temp\cristalix_updater-1.0.8-setup.exe
"C:\Users\Admin\AppData\Local\Temp\cristalix_updater-1.0.8-setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1784

C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1896

C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Squirrel.exe
"C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
3⤵
- Executes dropped EXE
PID:952

C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
"C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe" --squirrel-install 1.0.7
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:868

C:\Users\Admin\AppData\Local\cristalix_updater\Update.exe
C:\Users\Admin\AppData\Local\cristalix_updater\Update.exe --createShortcut Cristalix.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1644

C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
"C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\cristalix_updater" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1144,i,4572003500655717480,6803959917481612660,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
- Executes dropped EXE
PID:828

C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
"C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe" --squirrel-firstrun
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1984

C:\Users\Admin\AppData\Local\cristalix_updater\Update.exe
C:\Users\Admin\AppData\Local\cristalix_updater\Update.exe --checkForUpdate https://storage.c7x.dev/rigb0s/launcher_updater/v1/release/win32
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1144

C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
"C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\cristalix_updater" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1040 --field-trial-handle=1120,i,4040338630562146857,9999584094497928795,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
4⤵
PID:972

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES
Filesize
87B

MD5
0a772f07cffa2629a97281662a01fde2

SHA1
f8733cded019579e4c8dd0df1f0e6cff8e05069d

SHA256
7922ea84dfee5b0b44f5cf7686fd57d0aec862f6ba894b27eb04b0c8b37371db

SHA512
efdc8f9f86a0bd5bc0f2b1b8144b5761b409e5a19457b80ef0b1a4577f416a68941e069cfabb0942c94f967aeb28af471928832c7338019780983b098989d2aa

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif
Filesize
36KB

MD5
f990f0a4129dc1dfafc9a564a06f4cd7

SHA1
89ed80b7f01fe76f062144dba81c63b8ab665186

SHA256
f3fdb765264ef30f3ae9c7f993e7afe84b97b7b5d0802c7c48770d2247d3d3c8

SHA512
812ee63be2825ced202a65a3fba03dc67c93636358fee09d0ccdabef65bd2e30a0ae5d2a77fd54aea2fe02bf7f781280e09a1a812b3085fda43abab70523038e

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\cristalix_updater-1.0.7-full.nupkg
Filesize
78.2MB

MD5
755de7a6b68dd06b1aa2165dcbeacfc7

SHA1
25e2c5821f579e1ac588e4a78f50f614f723f784

SHA256
019dc3fcabf509908d339b058d4300d010a9bb4891ba92630144a074f101b90f

SHA512
f028a77f1e83a005943fb20b78df87b88ade96983f9a6e61f08ab0ab198cb41f8c68d6e2be01930e7b5066feff8bb8e185e65dd41d5ebca55dd81ae5d74002c9

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico
Filesize
14KB

MD5
b6b1f4d602483023ebe1dfc3b57d49aa

SHA1
23c29b8277c2d3bf11e40d9d4cf61d6b73ea1595

SHA256
12977d5e1d4daecc7e855ff7ccf3a6c8b1382ed9c1a0729f05197ed10cc43214

SHA512
9d964d59a1f90b211009aa6c2ca65bd66e9989f42b1261706194804bd46f39d579a7165487386fc5939f000d5d18c42a4dfdd6e0bafc1a09902d61e3ec7c2a55

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\Cristalix.exe
Filesize
296KB

MD5
e4288cfe1e38c21cbd5a6104481c9bb6

SHA1
4e19208bb8fdbe915b4ee7f397bde1a8b0a7ce03

SHA256
7f02cacde5dd50b945ab80c60eed70c8a8f0117d25ba397b0421cd22dba943a0

SHA512
1c3d92f79b1a219a6780dc3ef3e260819fdea25f0cd5f86890e04d4227d0da076199bae8d501cd1305f115a84d707a7f7cb985a13d465d6949e1c0892df40fd6

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\SquirrelSetup.log
Filesize
1KB

MD5
bfc0cbb37df5b28e1f0f935975da54b9

SHA1
8d10a716f846aabb71c686816eee7dff37a15356

SHA256
1249ca726186781b6f0655705209154982ad601648905844d8f004deab5a8aaa

SHA512
37d250c46ee7aa0feaf490e33c2e33e1ac02d5aa07c66f80904131f74f9863295bbde0d612346aa0244a940bb4aa889afce436c438cfaca081df55d5b8d9b15e

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\Update.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\Update.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\Update.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
Filesize
122.5MB

MD5
03a6a89b0d05799f48310ed1ee9809ec

SHA1
5851c8cdccffc7834002a3f1d7a8c48059f13266

SHA256
64ab9fe412cfed9897fb86319ad901b5633a52c0874bb378c189522869e3b547

SHA512
c921f634cc0a2e05bd5a4a81e1a6e503e06a8d51b6670524fee15b2afba7a219ccd53b10e8738d943082112c284a77bae4373217f931d5fb55b78a1b23ca8f4d

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
Filesize
122.5MB

MD5
03a6a89b0d05799f48310ed1ee9809ec

SHA1
5851c8cdccffc7834002a3f1d7a8c48059f13266

SHA256
64ab9fe412cfed9897fb86319ad901b5633a52c0874bb378c189522869e3b547

SHA512
c921f634cc0a2e05bd5a4a81e1a6e503e06a8d51b6670524fee15b2afba7a219ccd53b10e8738d943082112c284a77bae4373217f931d5fb55b78a1b23ca8f4d

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
Filesize
122.5MB

MD5
03a6a89b0d05799f48310ed1ee9809ec

SHA1
5851c8cdccffc7834002a3f1d7a8c48059f13266

SHA256
64ab9fe412cfed9897fb86319ad901b5633a52c0874bb378c189522869e3b547

SHA512
c921f634cc0a2e05bd5a4a81e1a6e503e06a8d51b6670524fee15b2afba7a219ccd53b10e8738d943082112c284a77bae4373217f931d5fb55b78a1b23ca8f4d

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
Filesize
122.5MB

MD5
03a6a89b0d05799f48310ed1ee9809ec

SHA1
5851c8cdccffc7834002a3f1d7a8c48059f13266

SHA256
64ab9fe412cfed9897fb86319ad901b5633a52c0874bb378c189522869e3b547

SHA512
c921f634cc0a2e05bd5a4a81e1a6e503e06a8d51b6670524fee15b2afba7a219ccd53b10e8738d943082112c284a77bae4373217f931d5fb55b78a1b23ca8f4d

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Squirrel.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\chrome_100_percent.pak
Filesize
145KB

MD5
237ca1be894f5e09fd1ccb934229c33b

SHA1
f0dfcf6db1481315054efb690df282ffe53e9fa1

SHA256
f14362449e2a7c940c095eda9c41aad5f1e0b1a1b21d1dc911558291c0c36dd2

SHA512
1e52782db4a397e27ce92412192e4de6d7398effaf8c7acabc9c06a317c2f69ee5c35da1070eb94020ed89779344b957edb6b40f871b8a15f969ef787fbb2bca

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\chrome_200_percent.pak
Filesize
214KB

MD5
7059af03603f93898f66981feb737064

SHA1
668e41a728d2295a455e5e0f0a8d2fee1781c538

SHA256
04d699cfc36565fa9c06206ba1c0c51474612c8fe481c6fd1807197dc70661e6

SHA512
435329d58b56607a2097d82644be932c60727be4ae95bc2bcf10b747b7658918073319dfa1386b514d84090304a95fcf19d56827c4b196e4d348745565441544

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\ffmpeg.dll
Filesize
2.5MB

MD5
d3ffc36ddd21357320e256314ba0bbed

SHA1
b0aa24771ccea0ffec089cd7aa5a6a2f2203c1f0

SHA256
226b591f952480fda136a0831800417339d5b5786d865278707fd57bc6e099da

SHA512
bf193b2244f18521e8fc548308a64b3018d0838c0664a7620c3c55a100032af8399ad8ba7a6b9d301bd01ac3bb72c8f2d32f516d8296829dbd710fdff8823b1a

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\icudtl.dat
Filesize
9.8MB

MD5
d866d68e4a3eae8cdbfd5fc7a9967d20

SHA1
42a5033597e4be36ccfa16d19890049ba0e25a56

SHA256
c61704cc9cf5797bf32301a2b3312158af3fe86eadc913d937031cf594760c2d

SHA512
4cc04e708b9c3d854147b097e44ff795f956b8a714ab61ddd5434119ade768eb4da4b28938a9477e4cb0d63106cce09fd1ec86f33af1c864f4ea599f8d999b97

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\locales\en-US.pak
Filesize
110KB

MD5
5cc884bf0ec1c702240173b35a421d1b

SHA1
19bdfb0b31dc4a75e7c135d1a8ef76f5f6cc3a31

SHA256
9f0c75c84381360677055d6197812c7a6c42dbfc6134eb8212d8a60ed1ca1601

SHA512
48772f50f6b0d846084a0cfb0d6433f2fbf73677b557b022d0d73d04790636c0c40ed873c32fd037013e943fb7c24816efdcde38429520895c00c2d85a17ea5c

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\resources.pak
Filesize
4.9MB

MD5
39933b34aac7271db1be82d4bd9f50e6

SHA1
959b95de58c4b362e6695130545de86a08ae7b62

SHA256
38bb20864e6bf51708caf55a886e79070adb416a55e8fb3ab7901e8a03cd1ad7

SHA512
3ec3877b4f1e3dd50a943e58271467de26b3d6fbdd49b5a229578f16ac5beaffc6e4d9ea69ba23abcd630dcb998fe2588fe210dd84d3473a459462e50655eff5

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\resources\app.asar
Filesize
5.6MB

MD5
a261f0a6f53189360a3bcb7f0c4b8f9a

SHA1
15153a90286104ad998a063edd499fbd84986aac

SHA256
9f4a6b1d7d61f16b1574d230f2e53051994f01cd86f06c455b7362346ebca1dd

SHA512
7472053be9d5128f8b8ec46131c5f609d20f64b181fb9986c1cecbf41643bae0e832622c9b867d8ec4f0b020a8d0aa43559452bb6a5dd3d2931b0613e4481333

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\squirrel.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\v8_context_snapshot.bin
Filesize
592KB

MD5
74b5a5a3fe1bc0f54d065027db8f702b

SHA1
c279ab276ab96f6449c67e7abbeebf9f088b6b52

SHA256
d7d7b42c11b1301f9f8add3a5da03d948b8800164492b595c8df97b68657620e

SHA512
2362e93536f4f7edbfc2a518470d517f800bdc82baa90d91a8d0d2baba882ff8493c90c24e2508be51ebe1b420386cabda8c7aa7fbb16676703cd1475bd33f7e

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\packages\RELEASES
Filesize
87B

MD5
0a772f07cffa2629a97281662a01fde2

SHA1
f8733cded019579e4c8dd0df1f0e6cff8e05069d

SHA256
7922ea84dfee5b0b44f5cf7686fd57d0aec862f6ba894b27eb04b0c8b37371db

SHA512
efdc8f9f86a0bd5bc0f2b1b8144b5761b409e5a19457b80ef0b1a4577f416a68941e069cfabb0942c94f967aeb28af471928832c7338019780983b098989d2aa

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\packages\RELEASES
Filesize
87B

MD5
0a772f07cffa2629a97281662a01fde2

SHA1
f8733cded019579e4c8dd0df1f0e6cff8e05069d

SHA256
7922ea84dfee5b0b44f5cf7686fd57d0aec862f6ba894b27eb04b0c8b37371db

SHA512
efdc8f9f86a0bd5bc0f2b1b8144b5761b409e5a19457b80ef0b1a4577f416a68941e069cfabb0942c94f967aeb28af471928832c7338019780983b098989d2aa

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\packages\cristalix_updater-1.0.7-full.nupkg
Filesize
78.2MB

MD5
755de7a6b68dd06b1aa2165dcbeacfc7

SHA1
25e2c5821f579e1ac588e4a78f50f614f723f784

SHA256
019dc3fcabf509908d339b058d4300d010a9bb4891ba92630144a074f101b90f

SHA512
f028a77f1e83a005943fb20b78df87b88ade96983f9a6e61f08ab0ab198cb41f8c68d6e2be01930e7b5066feff8bb8e185e65dd41d5ebca55dd81ae5d74002c9

Download Submit
C:\Users\Admin\AppData\Local\cristalix_updater\update.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
C:\Users\Admin\AppData\Roaming\cristalix_updater\Local State
Filesize
389B

MD5
9963f79c28f4ba4012eebab7903ce74a

SHA1
9160e5b987ef4fa70f8309767a1d13e87e7fb5de

SHA256
0cee7003b7edaa2bd6de8f4479b916d2692a544fd52273d28c9645a216cdb1d6

SHA512
350854e8c4f9756f618fc0c9bacdab8df4ed856bb7e86d8121f9a41422b66926fbe0802bf16387bade47432ab80515fc399e44091a05e7b6d4d60380336cc67d

Download Submit
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\Cristalix.exe
Filesize
296KB

MD5
e4288cfe1e38c21cbd5a6104481c9bb6

SHA1
4e19208bb8fdbe915b4ee7f397bde1a8b0a7ce03

SHA256
7f02cacde5dd50b945ab80c60eed70c8a8f0117d25ba397b0421cd22dba943a0

SHA512
1c3d92f79b1a219a6780dc3ef3e260819fdea25f0cd5f86890e04d4227d0da076199bae8d501cd1305f115a84d707a7f7cb985a13d465d6949e1c0892df40fd6

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\Cristalix.exe
Filesize
296KB

MD5
e4288cfe1e38c21cbd5a6104481c9bb6

SHA1
4e19208bb8fdbe915b4ee7f397bde1a8b0a7ce03

SHA256
7f02cacde5dd50b945ab80c60eed70c8a8f0117d25ba397b0421cd22dba943a0

SHA512
1c3d92f79b1a219a6780dc3ef3e260819fdea25f0cd5f86890e04d4227d0da076199bae8d501cd1305f115a84d707a7f7cb985a13d465d6949e1c0892df40fd6

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\Update.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\Update.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
Filesize
122.5MB

MD5
03a6a89b0d05799f48310ed1ee9809ec

SHA1
5851c8cdccffc7834002a3f1d7a8c48059f13266

SHA256
64ab9fe412cfed9897fb86319ad901b5633a52c0874bb378c189522869e3b547

SHA512
c921f634cc0a2e05bd5a4a81e1a6e503e06a8d51b6670524fee15b2afba7a219ccd53b10e8738d943082112c284a77bae4373217f931d5fb55b78a1b23ca8f4d

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
Filesize
122.5MB

MD5
03a6a89b0d05799f48310ed1ee9809ec

SHA1
5851c8cdccffc7834002a3f1d7a8c48059f13266

SHA256
64ab9fe412cfed9897fb86319ad901b5633a52c0874bb378c189522869e3b547

SHA512
c921f634cc0a2e05bd5a4a81e1a6e503e06a8d51b6670524fee15b2afba7a219ccd53b10e8738d943082112c284a77bae4373217f931d5fb55b78a1b23ca8f4d

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
Filesize
122.5MB

MD5
03a6a89b0d05799f48310ed1ee9809ec

SHA1
5851c8cdccffc7834002a3f1d7a8c48059f13266

SHA256
64ab9fe412cfed9897fb86319ad901b5633a52c0874bb378c189522869e3b547

SHA512
c921f634cc0a2e05bd5a4a81e1a6e503e06a8d51b6670524fee15b2afba7a219ccd53b10e8738d943082112c284a77bae4373217f931d5fb55b78a1b23ca8f4d

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
Filesize
122.5MB

MD5
03a6a89b0d05799f48310ed1ee9809ec

SHA1
5851c8cdccffc7834002a3f1d7a8c48059f13266

SHA256
64ab9fe412cfed9897fb86319ad901b5633a52c0874bb378c189522869e3b547

SHA512
c921f634cc0a2e05bd5a4a81e1a6e503e06a8d51b6670524fee15b2afba7a219ccd53b10e8738d943082112c284a77bae4373217f931d5fb55b78a1b23ca8f4d

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\Cristalix.exe
Filesize
122.5MB

MD5
03a6a89b0d05799f48310ed1ee9809ec

SHA1
5851c8cdccffc7834002a3f1d7a8c48059f13266

SHA256
64ab9fe412cfed9897fb86319ad901b5633a52c0874bb378c189522869e3b547

SHA512
c921f634cc0a2e05bd5a4a81e1a6e503e06a8d51b6670524fee15b2afba7a219ccd53b10e8738d943082112c284a77bae4373217f931d5fb55b78a1b23ca8f4d

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\ffmpeg.dll
Filesize
2.5MB

MD5
d3ffc36ddd21357320e256314ba0bbed

SHA1
b0aa24771ccea0ffec089cd7aa5a6a2f2203c1f0

SHA256
226b591f952480fda136a0831800417339d5b5786d865278707fd57bc6e099da

SHA512
bf193b2244f18521e8fc548308a64b3018d0838c0664a7620c3c55a100032af8399ad8ba7a6b9d301bd01ac3bb72c8f2d32f516d8296829dbd710fdff8823b1a

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\ffmpeg.dll
Filesize
2.5MB

MD5
d3ffc36ddd21357320e256314ba0bbed

SHA1
b0aa24771ccea0ffec089cd7aa5a6a2f2203c1f0

SHA256
226b591f952480fda136a0831800417339d5b5786d865278707fd57bc6e099da

SHA512
bf193b2244f18521e8fc548308a64b3018d0838c0664a7620c3c55a100032af8399ad8ba7a6b9d301bd01ac3bb72c8f2d32f516d8296829dbd710fdff8823b1a

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\squirrel.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\squirrel.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
\Users\Admin\AppData\Local\cristalix_updater\app-1.0.7\squirrel.exe
Filesize
1.7MB

MD5
c5f6cda4976ae38cd9fba3d1e5ebd244

SHA1
2006c37f01d010963a4331c42e579b87a2d16039

SHA256
dae7bd888b715b8e215482bc5ea6f028ded32a3ad88bf4acb6431d2a62ffe3f4

SHA512
a1a7529b0ceb3df471e803eac1d9256c009a9c8252884f64a28a59d59753c75e1bff726a35af02db5bdf20a2d194850bfdbed163722b09465ca32d10d059524d

Download Submit
memory/828-125-0x0000000000000000-mapping.dmp

Download
memory/868-75-0x0000000000000000-mapping.dmp

Download
memory/952-66-0x0000000000000000-mapping.dmp

Download
memory/952-69-0x00000000002A0000-0x0000000000464000-memory.dmp

Filesize
1.8MB

Download
memory/1144-147-0x0000000000EC0000-0x0000000001084000-memory.dmp

Filesize
1.8MB

Download
memory/1144-144-0x0000000000000000-mapping.dmp

Download
memory/1644-88-0x0000000000AB0000-0x0000000000C74000-memory.dmp

Filesize
1.8MB

Download
memory/1644-86-0x0000000000000000-mapping.dmp

Download
memory/1784-54-0x00000000765F1000-0x00000000765F3000-memory.dmp

Filesize
8KB

Download
memory/1896-56-0x0000000000000000-mapping.dmp

Download
memory/1896-59-0x00000000002D0000-0x0000000000494000-memory.dmp

Filesize
1.8MB

Download
memory/1984-134-0x0000000000000000-mapping.dmp

Download