7f13bb7a4b4fdab3ee99aa40599314fb2ab48f17c02736e06894c2578b3c0a36

Resubmissions

14/06/2024, 14:56

240614-sa513avgnh 7

14/06/2024, 14:55

240614-sah7asyhkp 3

14/06/2024, 14:52

240614-r88zyaygqk 3

Analysis

max time kernel
84s
max time network
88s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 14:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CrystalLauncherN.exe
Size

1.5MB
MD5

71ce62ad6a1da34bcc3a0bca71f1e2df
SHA1

c5080fcb7b9ca8a8a267e217a4df2170eafc2bb2
SHA256

7f13bb7a4b4fdab3ee99aa40599314fb2ab48f17c02736e06894c2578b3c0a36
SHA512

f519cae4b8a71700bda63672219e1a9cf15e5a94cc2d7f1b96799144f91bd2d1e6782d637b935051ba2d08d59bf84d363921420b624fcaed21518f19b1fc1d8b
SSDEEP

12288:qXlhhEayVkv/JBdBS4msNUCe65frHMnz2R9aty+v54BgC:qXlhhUQ/bdo4mz1U8z22y+vLC

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628504592943270"	chrome.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3188	chrome.exe
3188	chrome.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeDebugPrivilege	4388	CrystalLauncherN.exe
Token: SeDebugPrivilege	3812	taskmgr.exe
Token: SeSystemProfilePrivilege	3812	taskmgr.exe
Token: SeCreateGlobalPrivilege	3812	taskmgr.exe
Token: 33	3812	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3812	taskmgr.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe
Token: SeShutdownPrivilege	3188	chrome.exe
Token: SeCreatePagefilePrivilege	3188	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3812	taskmgr.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe
3188	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3188 wrote to memory of 3532	3188	chrome.exe	96
PID 3188 wrote to memory of 3532	3188	chrome.exe	96
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4616	3188	chrome.exe	97
PID 3188 wrote to memory of 4464	3188	chrome.exe	98
PID 3188 wrote to memory of 4464	3188	chrome.exe	98
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99
PID 3188 wrote to memory of 3860	3188	chrome.exe	99

C:\Users\Admin\AppData\Local\Temp\CrystalLauncherN.exe
"C:\Users\Admin\AppData\Local\Temp\CrystalLauncherN.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4388

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe8184ab58,0x7ffe8184ab68,0x7ffe8184ab78
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:2
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3544 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4872 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5056 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3408 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3960 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3348 --field-trial-handle=1692,i,7847974745604466434,15787993623346995399,131072 /prefetch:1
  2⤵
  PID:1692

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CrystalLauncherInstallerNX\launchlog.txt

Filesize
1KB

MD5
c2cc3a8b2adac20539a809ecfbb44d19

SHA1
31c77556711d27b02492a2a6d9e227a73bf378f9

SHA256
5e2d36b162ff17c95ccd6d69588e79b14de8a9bc65ad18f48ae20f4c229eebc4

SHA512
a62c7a983a73a85c917559ea426d8bc2485358f066a8c0cf99b660b189e871f1e6a01f1ad2c8f96fd469231a664b1e2e42b7d860f089ba8d987a8dca462385e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
811B

MD5
f584de382dc8fd194e3c047a8d334c37

SHA1
0dcbc4010f0a69a955284c0f437f5444ca487b7f

SHA256
c8bdbe9ef542365e63f19b1aa441fa3dbd47ab72b05c19ebe595c67b238d3dd1

SHA512
d943822c0497c04523950e2da2ffca387d61f46219a8e513e0b9bde1a8832abb11353f49ed7dff9ca823a3bfeefd7f463e8c49a845305541a807306e1df2bf7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ffaebd513ec6cff7b822122410774635

SHA1
001ccdde327babc5c4241464fad7b8e907a2036a

SHA256
642e4455aee3f23408331192ae4a38308a43a844bba298b5dd8e9b6884101b96

SHA512
b1c8f1689d2480886724576a239fcccf47bd684aafe32cf8364b638bf8036df0936d69efb536f58d5598e5a82575baa82394df35da771e9780e0ac21f2d104d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f1d7dbd8d005237e4e2fa706e00d62d7

SHA1
25fe3c167123c9a3e9590eda18975722ad2f7bf6

SHA256
e07292cec48a86cd81a3f9ab54170a8d8e4e7fe59a6b63b1e6e961a76b88cb32

SHA512
893b810c9017aea74d13fd427ba35176af29de468846e979bb7167039d4bd81003a32bf5a962d4806d40faa6a97275a7a0d4a778066e4977182499d9c6b6f7fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
6d1874984eea5916c0c727e989e3a426

SHA1
f24c5c519a42cad9041e750b20bab5e25c98a48f

SHA256
ae695a9288a6e08a520f3ec4cad7cfbf5f6feb1db5bf408e37eabee6ea96e675

SHA512
95a473d0723692b5e3a3143b016d3ce918cae342759471aad00aa6f5e43cbd98dccbc64c035d28befac6a41c32e47b5009939f86d34230cf8dec57a05203c890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
964f12bf292a356e53375b26ff168782

SHA1
6a2b18e3269c3d33cdd6840efef455e252e3fc8e

SHA256
a401f9cff813f1147adefca53d22c6ca713bb9d09d450e014795c0033120f622

SHA512
f9a3edb99418044acc303b15b4731c4ea6a9f4b79e45faa6e170517fac3df90bdda90a4c86d7c4aeb67743b08a277a986e9531fefa48bc7f3a1302ef79761c2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
8ca4a10f9faa51a1799cdb8466d553af

SHA1
1fd92d0aef9a50a5cffd4b033e5ab610d2fd269e

SHA256
ff9e843880a28d9803805462085877b466afaa5e934e84200e1839bbb1cb8ac3

SHA512
b502e22c7658caa995bd96847a694510f0dd8fc1c506b6ec9e12aa9576fdd3f9fc9025e18a18c9351ebda4eafe507b3d64b5abf1aa6f00a4a5d733de58c7de1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/3812-31-0x000001CDEA970000-0x000001CDEA971000-memory.dmp

Filesize
4KB

Download
memory/3812-21-0x000001CDEA970000-0x000001CDEA971000-memory.dmp

Filesize
4KB

Download
memory/3812-20-0x000001CDEA970000-0x000001CDEA971000-memory.dmp

Filesize
4KB

Download
memory/3812-30-0x000001CDEA970000-0x000001CDEA971000-memory.dmp

Filesize
4KB

Download
memory/3812-29-0x000001CDEA970000-0x000001CDEA971000-memory.dmp

Filesize
4KB

Download
memory/3812-28-0x000001CDEA970000-0x000001CDEA971000-memory.dmp

Filesize
4KB

Download
memory/3812-27-0x000001CDEA970000-0x000001CDEA971000-memory.dmp

Filesize
4KB

Download
memory/3812-26-0x000001CDEA970000-0x000001CDEA971000-memory.dmp

Filesize
4KB

Download
memory/3812-22-0x000001CDEA970000-0x000001CDEA971000-memory.dmp

Filesize
4KB

Download
memory/3812-32-0x000001CDEA970000-0x000001CDEA971000-memory.dmp

Filesize
4KB

Download
memory/4388-1-0x00007FFE80DA3000-0x00007FFE80DA5000-memory.dmp

Filesize
8KB

Download
memory/4388-19-0x00007FFE80DA0000-0x00007FFE81861000-memory.dmp

Filesize
10.8MB

Download
memory/4388-17-0x00007FFE80DA0000-0x00007FFE81861000-memory.dmp

Filesize
10.8MB

Download
memory/4388-15-0x00007FFE80DA0000-0x00007FFE81861000-memory.dmp

Filesize
10.8MB

Download
memory/4388-4-0x000001E329990000-0x000001E3299A8000-memory.dmp

Filesize
96KB

Download
memory/4388-3-0x000001E3299D0000-0x000001E329A48000-memory.dmp

Filesize
480KB

Download
memory/4388-0-0x000001E327B80000-0x000001E327D10000-memory.dmp

Filesize
1.6MB

Download