URL:

https://cryptobrowser.site/en/finish_install/

Full analysis: https://app.any.run/tasks/73343788-3811-4cb3-93b8-02f2ec53525c
Verdict: Malicious activity
Analysis date: April 17, 2025, 14:03:29
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
generic
upx
Indicators:
MD5:

A18A9653BA769D468668E4EC0DF0093C

SHA1:

833B6DD79C649781F4D15B39E21840618628DA79

SHA256:

532912B6D68EF5654FC89BB56F08EAD566B9DD82657F8F4D6D360D23E12C307A

SSDEEP:

3:N8K5WyiMi8MLMWRZEn:2KI7Mi8KMaZEn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • chrome.exe (PID: 6620)

    • Changes the autorun value in the registry

      • setup.exe (PID: 6960)

  • SUSPICIOUS

    • Application launched itself

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 5984)
      • setup.exe (PID: 8072)
      • browser.exe (PID: 5960)
      • browser.exe (PID: 6828)
      • chrmstp.exe (PID: 3784)
      • chrmstp.exe (PID: 7012)
      • setup.exe (PID: 6960)

    • Reads security settings of Internet Explorer

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 5984)
      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 2984)
      • chrmstp.exe (PID: 3784)

    • There is functionality for taking screenshot (YARA)

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 2984)

    • Adds/modifies Windows certificates

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 2984)

    • Executable content was dropped or overwritten

      • ctu7675.tmp (PID: 5548)
      • setup.exe (PID: 6960)

    • Searches for installed software

      • setup.exe (PID: 6960)
      • setup.exe (PID: 8072)
      • chrmstp.exe (PID: 7012)
      • chrmstp.exe (PID: 3784)

    • Creates a software uninstall entry

      • setup.exe (PID: 6960)

    • Starts application with an unusual extension

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 2984)

    • The process checks if it is being run in the virtual environment

      • browser.exe (PID: 5960)

    • Reads the date of Windows installation

      • chrmstp.exe (PID: 3784)

  • INFO

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 6620)
      • chrome.exe (PID: 5084)

    • The sample compiled with english language support

      • chrome.exe (PID: 6620)
      • ctu7675.tmp (PID: 5548)
      • chrome.exe (PID: 5084)
      • setup.exe (PID: 6960)

    • Checks supported languages

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 5984)
      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 2984)
      • ctu7675.tmp (PID: 5548)
      • setup.exe (PID: 6960)
      • setup.exe (PID: 4272)
      • setup.exe (PID: 8072)
      • browser.exe (PID: 5960)
      • setup.exe (PID: 2980)
      • CryptoTabUpdater.exe (PID: 4120)
      • browser.exe (PID: 920)
      • browser.exe (PID: 6828)
      • browser.exe (PID: 2084)
      • browser.exe (PID: 1240)
      • browser.exe (PID: 7568)
      • browser.exe (PID: 7592)
      • browser.exe (PID: 8128)
      • browser.exe (PID: 872)
      • browser.exe (PID: 7792)
      • browser.exe (PID: 7532)
      • browser.exe (PID: 3976)
      • browser.exe (PID: 4008)
      • browser.exe (PID: 3828)
      • chrmstp.exe (PID: 7012)
      • browser.exe (PID: 660)
      • chrmstp.exe (PID: 3784)
      • browser.exe (PID: 5868)
      • chrmstp.exe (PID: 1628)
      • chrmstp.exe (PID: 4408)
      • browser.exe (PID: 2692)
      • browser.exe (PID: 7152)
      • browser.exe (PID: 3156)
      • browser.exe (PID: 2656)
      • browser.exe (PID: 2092)
      • browser.exe (PID: 7932)
      • browser.exe (PID: 3804)
      • browser.exe (PID: 7192)
      • browser.exe (PID: 3884)
      • browser.exe (PID: 6228)
      • browser.exe (PID: 8076)
      • browser.exe (PID: 1164)
      • browser.exe (PID: 5124)
      • browser.exe (PID: 4408)
      • browser.exe (PID: 7836)
      • browser.exe (PID: 4120)
      • browser.exe (PID: 680)
      • browser.exe (PID: 5064)
      • browser.exe (PID: 1164)
      • browser.exe (PID: 5364)
      • browser.exe (PID: 5776)
      • browser.exe (PID: 7100)
      • browser.exe (PID: 3268)
      • browser.exe (PID: 3676)
      • browser.exe (PID: 1540)

    • Application launched itself

      • chrome.exe (PID: 6620)

    • Process checks computer location settings

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 5984)
      • browser.exe (PID: 7532)
      • browser.exe (PID: 7568)
      • browser.exe (PID: 5960)
      • browser.exe (PID: 7592)
      • browser.exe (PID: 8128)
      • browser.exe (PID: 7792)
      • browser.exe (PID: 4008)
      • browser.exe (PID: 2656)
      • browser.exe (PID: 5124)
      • browser.exe (PID: 7836)
      • browser.exe (PID: 4120)
      • browser.exe (PID: 5064)
      • browser.exe (PID: 5364)
      • browser.exe (PID: 3268)
      • browser.exe (PID: 5776)
      • browser.exe (PID: 1164)
      • browser.exe (PID: 7100)
      • browser.exe (PID: 1540)
      • browser.exe (PID: 3676)
      • browser.exe (PID: 680)

    • Reads the computer name

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 5984)
      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 2984)
      • ctu7675.tmp (PID: 5548)
      • setup.exe (PID: 6960)
      • setup.exe (PID: 8072)
      • browser.exe (PID: 5960)
      • browser.exe (PID: 6828)
      • CryptoTabUpdater.exe (PID: 4120)
      • browser.exe (PID: 872)
      • browser.exe (PID: 2084)
      • browser.exe (PID: 660)
      • chrmstp.exe (PID: 3784)
      • chrmstp.exe (PID: 7012)

    • Creates files or folders in the user directory

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 2984)
      • setup.exe (PID: 8072)
      • browser.exe (PID: 5960)
      • browser.exe (PID: 2084)
      • chrmstp.exe (PID: 3784)

    • Checks proxy server information

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 2984)
      • browser.exe (PID: 5960)
      • slui.exe (PID: 2392)

    • Reads the machine GUID from the registry

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 2984)
      • CryptoTabUpdater.exe (PID: 4120)
      • browser.exe (PID: 5960)

    • Reads the software policy settings

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 2984)
      • slui.exe (PID: 7748)
      • CryptoTabUpdater.exe (PID: 4120)
      • slui.exe (PID: 2392)

    • UPX packer has been detected

      • CTBrowserSetup_Vb3U1gNvc3.exe (PID: 2984)

    • Create files in a temporary directory

      • ctu7675.tmp (PID: 5548)
      • browser.exe (PID: 5960)

    • Creates files in the program directory

      • setup.exe (PID: 6960)
      • setup.exe (PID: 8072)
      • browser.exe (PID: 5960)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
208
Monitored processes
73
Malicious processes
8
Suspicious processes
1

Behavior graph

Click at the process to see the details
start #GENERIC chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs sppextcomobj.exe no specs slui.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs ctbrowsersetup_vb3u1gnvc3.exe no specs ctbrowsersetup_vb3u1gnvc3.exe slui.exe ctu7675.tmp setup.exe setup.exe no specs chrome.exe no specs chrome.exe setup.exe no specs setup.exe no specs browser.exe browser.exe no specs browser.exe no specs cryptotabupdater.exe browser.exe no specs browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs chrome.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs chrome.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
660"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=5268,i,11953143525041000694,3896385730178482325,524288 --field-trial-handle=5468,i,13010836761594383770,5234013729078886377,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
HIGH
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
680"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=renderer --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --start-stack-profiler --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --metrics-shmem-handle=4836,i,1824360820617399646,17223286413050970398,2097152 --field-trial-handle=3628,i,13010836761594383770,5234013729078886377,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:1C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
872"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=gpu-process --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAMAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --metrics-shmem-handle=1792,i,153666288214341628,7038298201469332033,262144 --field-trial-handle=1992,i,13010836761594383770,5234013729078886377,262144 --variations-seed-version --mojo-platform-channel-handle=1984 /prefetch:2C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
920"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\CryptoTab Browser\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\CryptoTab Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=CryptoTab Browser" --annotation=ver=131.0.6778.109 --initial-client-data=0x1a0,0x1a4,0x1a8,0x168,0x1ac,0x7ff7f3d96358,0x7ff7f3d96364,0x7ff7f3d96370C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
HIGH
Description:
CryptoTab Browser
Exit code:
1
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
1052"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=5084 --field-trial-handle=1916,i,13614483519709792871,4240856741198968242,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1164"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=6500,i,136112546614014983,16493259898783693490,524288 --field-trial-handle=6812,i,13010836761594383770,5234013729078886377,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1164"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=renderer --string-annotations=is-enterprise-managed=no --extension-process --no-pre-read-main-dll --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --metrics-shmem-handle=5564,i,1060476197427899997,10230882199966467413,2097152 --field-trial-handle=4820,i,13010836761594383770,5234013729078886377,262144 --variations-seed-version --mojo-platform-channel-handle=6780 /prefetch:2C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1240"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=2580,i,7127742918408050050,9319021987660026073,524288 --field-trial-handle=2588,i,13010836761594383770,5234013729078886377,262144 --variations-seed-version --mojo-platform-channel-handle=2552 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1540"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=renderer --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --start-stack-profiler --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --metrics-shmem-handle=5992,i,14154923972660273663,5876365136205114625,2097152 --field-trial-handle=6356,i,13010836761594383770,5234013729078886377,262144 --variations-seed-version --mojo-platform-channel-handle=3432 /prefetch:1C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1628"C:\Program Files\CryptoTab Browser\Application\131.0.6778.109\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\WINDOWS\SystemTemp\Crashpad --annotation=plat=Win64 "--annotation=prod=CryptoTab Browser" --annotation=ver=131.0.6778.109 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff756bf9238,0x7ff756bf9244,0x7ff756bf9250C:\Program Files\CryptoTab Browser\Application\131.0.6778.109\Installer\chrmstp.exechrmstp.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
HIGH
Description:
CryptoTab Browser Installer
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\131.0.6778.109\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
21 293
Read events
21 057
Write events
223
Delete events
13

Modification events

(PID) Process:(6620) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6620) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6620) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6620) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6620) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(4724) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
0100000000000000AB495F99A1AFDB01
(PID) Process:(2984) CTBrowserSetup_Vb3U1gNvc3.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Value:
(PID) Process:(2984) CTBrowserSetup_Vb3U1gNvc3.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
040000000100000010000000E94FB54871208C00DF70F708AC47085B0F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C0300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B809000000010000000C000000300A06082B060105050703031D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD91400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B53000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C06200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF860B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B4200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(2984) CTBrowserSetup_Vb3U1gNvc3.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
5C0000000100000004000000001000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B40B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000006200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF8653000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C01400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B1D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD909000000010000000C000000300A06082B060105050703030300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B80F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C040000000100000010000000E94FB54871208C00DF70F708AC47085B200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(2984) CTBrowserSetup_Vb3U1gNvc3.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:referer
Value:
Vb3U1gNvc3
Executable files
26
Suspicious files
649
Text files
532
Unknown types
2

Dropped files

PID
Process
Filename
Type
6620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF10d294.TMP
MD5:
SHA256:
6620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF10d294.TMP
MD5:
SHA256:
6620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF10d2a4.TMP
MD5:
SHA256:
6620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
6620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF10d2a4.TMP
MD5:
SHA256:
6620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF10d2a4.TMP
MD5:
SHA256:
6620chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF10d2a4.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
119
DNS requests
122
Threats
83

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2984
CTBrowserSetup_Vb3U1gNvc3.exe
GET
200
2.22.242.121:80
http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgW7GgeP2sN7mD5VT3Fp9gpOMA%3D%3D
unknown
whitelisted
5608
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6620
chrome.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D
unknown
whitelisted
7980
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.55.0_all_ocm7dvbavb37zglvqhfr5kszse.crx3
unknown
whitelisted
2984
CTBrowserSetup_Vb3U1gNvc3.exe
GET
200
142.250.185.163:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
2984
CTBrowserSetup_Vb3U1gNvc3.exe
GET
200
142.250.185.163:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
7980
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.55.0_all_ocm7dvbavb37zglvqhfr5kszse.crx3
unknown
whitelisted
7980
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcjicffkgpmnlppeffabd_1.0.2738.0_win64_kj4dp5kifwxbdodqls7e5nzhtm.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.216.77.42:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6620
chrome.exe
239.255.255.250:1900
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
7256
chrome.exe
185.173.160.139:443
cryptobrowser.site
WorldStream B.V.
NL
whitelisted
7256
chrome.exe
142.250.145.84:443
accounts.google.com
GOOGLE
US
whitelisted
7256
chrome.exe
142.250.186.138:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.8
  • 23.216.77.33
  • 23.216.77.10
  • 23.216.77.6
  • 23.216.77.39
  • 23.216.77.11
  • 23.216.77.36
  • 23.216.77.5
whitelisted
google.com
  • 172.217.16.206
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
cryptobrowser.site
  • 185.173.160.139
  • 185.173.160.142
  • 185.173.160.143
whitelisted
accounts.google.com
  • 142.250.145.84
whitelisted
cdn.cryptobrowser.store
  • 104.21.48.1
  • 104.21.96.1
  • 104.21.32.1
  • 104.21.112.1
  • 104.21.16.1
  • 104.21.64.1
  • 104.21.80.1
unknown
fonts.googleapis.com
  • 142.250.186.138
whitelisted
fonts.gstatic.com
  • 142.250.185.163
  • 142.250.185.227
whitelisted
js.cryptobrowser.site
  • 104.26.7.17
  • 172.67.71.13
  • 104.26.6.17
whitelisted
www.googletagmanager.com
  • 216.58.206.72
whitelisted

Threats

PID
Process
Class
Message
2084
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
2084
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
2084
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
2084
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
2084
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
2084
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
2084
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
2084
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
2084
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
2084
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://cryptobrowser.site/en/finish_install/