File name:

CrystalMarkRetro1_0_2.exe

Full analysis: https://app.any.run/tasks/14bdb80c-8d30-4509-959a-1f22a6f76689
Verdict: Malicious activity
Analysis date: June 07, 2024, 15:03:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

44F37D8156235AE55CDF683BB3E49031

SHA1:

67C1B06D69833A95A6D9DA75757996BE8C83F7E4

SHA256:

1A2005B8E17DF9A25944EE16CC5130F2E4EC4B3C451DBA6503A21C69458FD882

SSDEEP:

98304:0+cD4dnVn27dXdM+Afm7OpoR+HAMohwBagEH1ERZKwf6mMa4ntv+nZ8B5Il3vvRD:9YFuNDDXonTt1GUQXIrU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • CrystalMarkRetro1_0_2.exe (PID: 3972)
      • CrystalMarkRetro1_0_2.exe (PID: 1120)
      • CrystalMarkRetro1_0_2.tmp (PID: 820)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • CrystalMarkRetro1_0_2.exe (PID: 3972)
      • CrystalMarkRetro1_0_2.exe (PID: 1120)
      • CrystalMarkRetro1_0_2.tmp (PID: 820)

    • Reads the Windows owner or organization settings

      • CrystalMarkRetro1_0_2.tmp (PID: 820)

    • Reads the Internet Settings

      • CrystalMarkRetro1_0_2.tmp (PID: 3988)

  • INFO

    • Create files in a temporary directory

      • CrystalMarkRetro1_0_2.exe (PID: 3972)
      • CrystalMarkRetro1_0_2.exe (PID: 1120)

    • Checks supported languages

      • CrystalMarkRetro1_0_2.exe (PID: 3972)
      • CrystalMarkRetro1_0_2.tmp (PID: 3988)
      • CrystalMarkRetro1_0_2.exe (PID: 1120)
      • CrystalMarkRetro1_0_2.tmp (PID: 820)
      • CrystalMarkRetro32.exe (PID: 2024)
      • DiskSpd32L.exe (PID: 3140)
      • DiskSpd32L.exe (PID: 1480)
      • DiskSpd32L.exe (PID: 2948)
      • wmpnscfg.exe (PID: 1868)
      • DiskSpd32L.exe (PID: 2764)
      • DiskSpd32L.exe (PID: 1996)
      • DiskSpd32L.exe (PID: 2932)
      • DiskSpd32L.exe (PID: 2396)
      • DiskSpd32L.exe (PID: 3504)
      • DiskSpd32L.exe (PID: 3592)
      • DiskSpd32L.exe (PID: 3516)
      • DiskSpd32L.exe (PID: 3608)
      • DiskSpd32L.exe (PID: 3936)
      • DiskSpd32L.exe (PID: 3920)
      • DiskSpd32L.exe (PID: 4032)
      • DiskSpd32L.exe (PID: 4056)
      • DiskSpd32L.exe (PID: 1116)
      • DiskSpd32L.exe (PID: 1128)
      • DiskSpd32L.exe (PID: 3356)
      • DiskSpd32L.exe (PID: 1884)
      • DiskSpd32L.exe (PID: 1928)
      • DiskSpd32L.exe (PID: 664)
      • DiskSpd32L.exe (PID: 2684)
      • CMRGDI32.exe (PID: 1880)
      • DiskSpd32L.exe (PID: 928)
      • DiskSpd32L.exe (PID: 3996)

    • Reads the computer name

      • CrystalMarkRetro1_0_2.tmp (PID: 3988)
      • CrystalMarkRetro1_0_2.tmp (PID: 820)
      • CrystalMarkRetro32.exe (PID: 2024)
      • wmpnscfg.exe (PID: 1868)

    • Creates files in the program directory

      • CrystalMarkRetro1_0_2.tmp (PID: 820)

    • Creates a software uninstall entry

      • CrystalMarkRetro1_0_2.tmp (PID: 820)

    • Reads the machine GUID from the registry

      • CrystalMarkRetro32.exe (PID: 2024)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1868)

    • Creates files or folders in the user directory

      • CrystalMarkRetro32.exe (PID: 2024)

    • Application launched itself

      • msedge.exe (PID: 1432)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (67.7)
.exe | Win32 EXE PECompact compressed (generic) (25.6)
.exe | Win32 Executable (generic) (2.7)
.exe | Win16/32 Executable Delphi generic (1.2)
.exe | Generic Win/DOS Executable (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 114688
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6
ImageVersion: 6
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.2.0
ProductVersionNumber: 1.0.2.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Crystal Dew World
FileDescription: CrystalMark Retro Setup
FileVersion: 1.0.2
LegalCopyright: Crystal Dew World
OriginalFileName:
ProductName: CrystalMark Retro 1.0.2
ProductVersion: 1.0.2
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
110
Monitored processes
50
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start crystalmarkretro1_0_2.exe crystalmarkretro1_0_2.tmp no specs crystalmarkretro1_0_2.exe crystalmarkretro1_0_2.tmp crystalmarkretro32.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs diskspd32l.exe no specs msedge.exe no specs diskspd32l.exe no specs msedge.exe no specs diskspd32l.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs diskspd32l.exe no specs cmrgdi32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
308"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6e58f598,0x6e58f5a8,0x6e58f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
664"C:\Program Files\CrystalMark Retro\Resource\Benchmark\DiskSpd\DiskSpd32L.exe" -b4K -o1 -t1 -W0 -S -w100 -r -Z4K -ag -d5 -A2024 -L "C:\CrystalDiskMark0010F599\CrystalDiskMark0010F59B.tmp"C:\Program Files\CrystalMark Retro\Resource\Benchmark\DiskSpd\DiskSpd32L.exeCrystalMarkRetro32.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
265020
Modules
Images
c:\program files\crystalmark retro\resource\benchmark\diskspd\diskspd32l.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
820"C:\Users\admin\AppData\Local\Temp\is-CHNTB.tmp\CrystalMarkRetro1_0_2.tmp" /SL5="$2013A,10917435,857600,C:\Users\admin\AppData\Local\Temp\CrystalMarkRetro1_0_2.exe" /SPAWNWND=$20130 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\is-CHNTB.tmp\CrystalMarkRetro1_0_2.tmp
CrystalMarkRetro1_0_2.exe
User:
admin
Company:
Crystal Dew World
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-chntb.tmp\crystalmarkretro1_0_2.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
860"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2220 --field-trial-handle=1376,i,5958472179326233907,8056460070594931818,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
904"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 --field-trial-handle=1376,i,5958472179326233907,8056460070594931818,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
924"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3816 --field-trial-handle=1376,i,5958472179326233907,8056460070594931818,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
928"C:\Program Files\CrystalMark Retro\Resource\Benchmark\DiskSpd\DiskSpd32L.exe" -b1024K -o1 -t1 -W0 -S -w100 -Z1024K -ag -d5 -A2024 -L "C:\CrystalDiskMark0010F599\CrystalDiskMark0010F59B.tmp"C:\Program Files\CrystalMark Retro\Resource\Benchmark\DiskSpd\DiskSpd32L.exeCrystalMarkRetro32.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
9082090
Modules
Images
c:\program files\crystalmark retro\resource\benchmark\diskspd\diskspd32l.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1012"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1448 --field-trial-handle=1376,i,5958472179326233907,8056460070594931818,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1116"C:\Program Files\CrystalMark Retro\Resource\Benchmark\DiskSpd\DiskSpd32L.exe" -b1024K -o1 -t1 -W0 -S -w100 -Z1024K -ag -d5 -A2024 -L "C:\CrystalDiskMark0010F599\CrystalDiskMark0010F59B.tmp"C:\Program Files\CrystalMark Retro\Resource\Benchmark\DiskSpd\DiskSpd32L.exeCrystalMarkRetro32.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
8334760
Modules
Images
c:\program files\crystalmark retro\resource\benchmark\diskspd\diskspd32l.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
1120"C:\Users\admin\AppData\Local\Temp\CrystalMarkRetro1_0_2.exe" /SPAWNWND=$20130 /NOTIFYWND=$20138 C:\Users\admin\AppData\Local\Temp\CrystalMarkRetro1_0_2.exe
CrystalMarkRetro1_0_2.tmp
User:
admin
Company:
Crystal Dew World
Integrity Level:
HIGH
Description:
CrystalMark Retro Setup
Exit code:
0
Version:
1.0.2
Modules
Images
c:\users\admin\appdata\local\temp\crystalmarkretro1_0_2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
10 302
Read events
10 223
Write events
67
Delete events
12

Modification events

(PID) Process:(820) CrystalMarkRetro1_0_2.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
34030000581A56D9EBB8DA01
(PID) Process:(820) CrystalMarkRetro1_0_2.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
05E02E21DE841DA78B3470AA08EB08C9D983ECFEFCC93722112830FA6E3E9471
(PID) Process:(820) CrystalMarkRetro1_0_2.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(820) CrystalMarkRetro1_0_2.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\CrystalMark Retro\Resource\Benchmark\CMRCPU32.exe
(PID) Process:(820) CrystalMarkRetro1_0_2.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
EEE808DA5288B1CBAEFFD8975211305143C6E30BF83193730BC58837842BDF74
(PID) Process:(820) CrystalMarkRetro1_0_2.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CrystalMarkRetro_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(820) CrystalMarkRetro1_0_2.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CrystalMarkRetro_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\CrystalMark Retro
(PID) Process:(820) CrystalMarkRetro1_0_2.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CrystalMarkRetro_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\CrystalMark Retro\
(PID) Process:(820) CrystalMarkRetro1_0_2.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CrystalMarkRetro_is1
Operation:writeName:Inno Setup: Icon Group
Value:
CrystalMark Retro
(PID) Process:(820) CrystalMarkRetro1_0_2.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CrystalMarkRetro_is1
Operation:writeName:Inno Setup: User
Value:
admin
Executable files
24
Suspicious files
140
Text files
461
Unknown types
3

Dropped files

PID
Process
Filename
Type
820CrystalMarkRetro1_0_2.tmpC:\Program Files\CrystalMark Retro\Resource\Language\is-UKV4M.tmptext
MD5:81E1358420173EAA932E23EB28C376AE
SHA256:46A6C56B9B41FF8E8344566CCDCD125A46B3108514A7290928D7AEB0D98938DA
1120CrystalMarkRetro1_0_2.exeC:\Users\admin\AppData\Local\Temp\is-CHNTB.tmp\CrystalMarkRetro1_0_2.tmpexecutable
MD5:F65A123CEFF24B9B459113DD3CF10B42
SHA256:5CF7249863E8E887D135AFE2A5AD91A58F932C2CD27DAD5CAE6A8CEC255F665D
820CrystalMarkRetro1_0_2.tmpC:\Program Files\CrystalMark Retro\unins000.exeexecutable
MD5:F65A123CEFF24B9B459113DD3CF10B42
SHA256:5CF7249863E8E887D135AFE2A5AD91A58F932C2CD27DAD5CAE6A8CEC255F665D
820CrystalMarkRetro1_0_2.tmpC:\Program Files\CrystalMark Retro\Resource\Language\is-M9PKD.tmptext
MD5:B86316C710FF952C48FAC5DC2CDA0AD5
SHA256:B2A42C3850DF3A941F354E18552450B9D7EBE1095D9639E3987B5F9444B6F817
820CrystalMarkRetro1_0_2.tmpC:\Program Files\CrystalMark Retro\Resource\Language\Armenian.langtext
MD5:81E1358420173EAA932E23EB28C376AE
SHA256:46A6C56B9B41FF8E8344566CCDCD125A46B3108514A7290928D7AEB0D98938DA
820CrystalMarkRetro1_0_2.tmpC:\Program Files\CrystalMark Retro\Resource\Language\Belarussian.langtext
MD5:D6730AF5245518D5E47C7CF2C8BCC7F7
SHA256:E059B5A4B9875B3020C1D7CFCC0253D80985FDDDE497E12CBA09376902D95E5F
820CrystalMarkRetro1_0_2.tmpC:\Program Files\CrystalMark Retro\Resource\Language\Azeri.langtext
MD5:79B561B72743ED193E7F7D99F8DF6951
SHA256:3DDA7013785F8D998145D7492F434CF42C5B31335A37C2902BDE27F95B4EE87E
820CrystalMarkRetro1_0_2.tmpC:\Program Files\CrystalMark Retro\Resource\Language\is-NPLGN.tmptext
MD5:D6730AF5245518D5E47C7CF2C8BCC7F7
SHA256:E059B5A4B9875B3020C1D7CFCC0253D80985FDDDE497E12CBA09376902D95E5F
820CrystalMarkRetro1_0_2.tmpC:\Program Files\CrystalMark Retro\Resource\Language\is-MHDN2.tmptext
MD5:317F2E12B187184D492CD2F66E6ABB18
SHA256:1C8B9A8AA7E937FF0BB35782E9E32FBFB13BFCFDF6D41F4B044FF5B1DA7208CD
3972CrystalMarkRetro1_0_2.exeC:\Users\admin\AppData\Local\Temp\is-SRTEG.tmp\CrystalMarkRetro1_0_2.tmpexecutable
MD5:F65A123CEFF24B9B459113DD3CF10B42
SHA256:5CF7249863E8E887D135AFE2A5AD91A58F932C2CD27DAD5CAE6A8CEC255F665D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
28
DNS requests
24
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1812
msedge.exe
GET
204
13.107.6.158:80
http://edge-http.microsoft.com/captiveportal/generate_204
unknown
unknown
1812
msedge.exe
GET
13.107.6.158:80
http://edge-http.microsoft.com/captiveportal/generate_204
unknown
unknown
1812
msedge.exe
GET
204
13.107.6.158:80
http://edge-http.microsoft.com/captiveportal/generate_204
unknown
unknown
1812
msedge.exe
POST
200
13.107.21.239:80
http://edge.microsoft.com/componentupdater/api/v1/update?cup2key=6:PsxXHni5XGaZ21H-Bg0QZb436vLVzwTDwEUQO7uznsk&cup2hreq=594d75bdac29b8991edd5301bd951bd452d9e5d93c68478712f09ea7ed128d54
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1432
msedge.exe
239.255.255.250:1900
unknown
1812
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1812
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1812
msedge.exe
162.43.120.121:443
crystalmark.info
Xserver Inc.
JP
unknown
1812
msedge.exe
2.23.209.181:443
www.bing.com
Akamai International B.V.
GB
unknown
1432
msedge.exe
224.0.0.251:5353
unknown
1812
msedge.exe
13.107.21.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
crystalmark.info
  • 162.43.120.121
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
www.bing.com
  • 2.23.209.181
  • 2.23.209.182
  • 2.23.209.154
  • 2.23.209.187
  • 2.23.209.179
  • 2.23.209.156
  • 2.23.209.161
  • 2.23.209.158
  • 2.23.209.183
  • 2.23.209.193
  • 2.23.209.133
  • 2.23.209.148
  • 2.23.209.149
  • 2.23.209.130
  • 2.23.209.185
  • 2.23.209.140
  • 2.23.209.177
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 2.16.164.121
  • 2.16.164.65
whitelisted
edge-http.microsoft.com
  • 13.107.6.158
whitelisted
self.events.data.microsoft.com
  • 20.189.173.12
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CrystalMarkRetro1_0_2.exe