URL:

https://cryptobrowser.site/en/

Full analysis: https://app.any.run/tasks/1583c7af-4534-4fa1-a670-dfdf0d7fcc8d
Verdict: Malicious activity
Analysis date: May 18, 2025, 21:10:03
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
generic
upx
Indicators:
MD5:

F4413F6B6E21F85CE5CF812BB584DF92

SHA1:

B276D71C43AC8B677ECDFADDED2B666F2DCBC735

SHA256:

A00F4972907188FDAABD605D049A1C1C5723290371BA614FCD2BE0998F92082B

SSDEEP:

3:N8K5WyiMi+:2KI7Mi+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • firefox.exe (PID: 1132)

    • Changes the autorun value in the registry

      • setup.exe (PID: 5800)

  • SUSPICIOUS

    • There is functionality for taking screenshot (YARA)

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)

    • Reads security settings of Internet Explorer

      • CTBrowserSetup_E999f9pSo7.exe (PID: 8996)
      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • chrmstp.exe (PID: 8116)

    • Application launched itself

      • CTBrowserSetup_E999f9pSo7.exe (PID: 8996)
      • setup.exe (PID: 5800)
      • setup.exe (PID: 8424)
      • browser.exe (PID: 8508)
      • chrmstp.exe (PID: 8100)
      • chrmstp.exe (PID: 8116)

    • Adds/modifies Windows certificates

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)

    • Starts application with an unusual extension

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 5800)
      • ctu51A7.tmp (PID: 1056)

    • Searches for installed software

      • setup.exe (PID: 5800)
      • setup.exe (PID: 8424)
      • chrmstp.exe (PID: 8116)
      • chrmstp.exe (PID: 8100)

    • Creates a software uninstall entry

      • setup.exe (PID: 5800)

    • The process checks if it is being run in the virtual environment

      • browser.exe (PID: 8508)

    • Reads the date of Windows installation

      • chrmstp.exe (PID: 8116)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 1276)
      • firefox.exe (PID: 1132)

    • Checks supported languages

      • CTBrowserSetup_E999f9pSo7.exe (PID: 8996)
      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • setup.exe (PID: 5800)
      • setup.exe (PID: 6272)
      • setup.exe (PID: 8424)
      • setup.exe (PID: 8440)
      • ctu51A7.tmp (PID: 1056)
      • CryptoTabUpdater.exe (PID: 8588)
      • browser.exe (PID: 4776)
      • browser.exe (PID: 8688)
      • browser.exe (PID: 8508)
      • browser.exe (PID: 1072)
      • browser.exe (PID: 8404)
      • browser.exe (PID: 632)
      • browser.exe (PID: 9028)
      • browser.exe (PID: 8932)
      • browser.exe (PID: 9192)
      • browser.exe (PID: 7292)
      • browser.exe (PID: 7576)
      • browser.exe (PID: 7636)
      • browser.exe (PID: 7680)
      • browser.exe (PID: 3900)
      • chrmstp.exe (PID: 7540)
      • browser.exe (PID: 8068)
      • chrmstp.exe (PID: 8116)
      • browser.exe (PID: 8168)
      • chrmstp.exe (PID: 7172)
      • browser.exe (PID: 7984)
      • browser.exe (PID: 664)
      • browser.exe (PID: 8268)
      • chrmstp.exe (PID: 8100)
      • browser.exe (PID: 2140)
      • browser.exe (PID: 8032)
      • browser.exe (PID: 5308)
      • browser.exe (PID: 7276)
      • browser.exe (PID: 7148)
      • browser.exe (PID: 7476)

    • Reads the computer name

      • CTBrowserSetup_E999f9pSo7.exe (PID: 8996)
      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • ctu51A7.tmp (PID: 1056)
      • setup.exe (PID: 5800)
      • setup.exe (PID: 8424)
      • browser.exe (PID: 8508)
      • CryptoTabUpdater.exe (PID: 8588)
      • browser.exe (PID: 8688)
      • browser.exe (PID: 4776)
      • chrmstp.exe (PID: 8100)
      • browser.exe (PID: 7636)
      • chrmstp.exe (PID: 8116)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 1132)

    • The sample compiled with english language support

      • firefox.exe (PID: 1132)
      • ctu51A7.tmp (PID: 1056)
      • setup.exe (PID: 5800)

    • Reads the machine GUID from the registry

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • CryptoTabUpdater.exe (PID: 8588)
      • browser.exe (PID: 8508)

    • Process checks computer location settings

      • CTBrowserSetup_E999f9pSo7.exe (PID: 8996)
      • browser.exe (PID: 8508)
      • browser.exe (PID: 8932)
      • browser.exe (PID: 9028)
      • browser.exe (PID: 8404)
      • browser.exe (PID: 3900)
      • browser.exe (PID: 7292)
      • browser.exe (PID: 8268)

    • Checks proxy server information

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • browser.exe (PID: 8508)

    • Reads the software policy settings

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • CryptoTabUpdater.exe (PID: 8588)

    • UPX packer has been detected

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)

    • Creates files or folders in the user directory

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • browser.exe (PID: 8508)
      • setup.exe (PID: 8424)
      • browser.exe (PID: 4776)
      • chrmstp.exe (PID: 8116)

    • Create files in a temporary directory

      • ctu51A7.tmp (PID: 1056)
      • browser.exe (PID: 8508)

    • Creates files in the program directory

      • setup.exe (PID: 5800)
      • browser.exe (PID: 8508)
      • setup.exe (PID: 8424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
201
Monitored processes
64
Malicious processes
7
Suspicious processes
3

Behavior graph

Click at the process to see the details
start firefox.exe no specs #GENERIC firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs sppextcomobj.exe no specs ctbrowsersetup_e999f9pso7.exe no specs ctbrowsersetup_e999f9pso7.exe ctu51a7.tmp setup.exe setup.exe no specs slui.exe setup.exe no specs setup.exe no specs browser.exe browser.exe no specs cryptotabupdater.exe browser.exe no specs browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs browser.exe no specs chrmstp.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\CryptoTab Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\CryptoTab Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=CryptoTab Browser" --annotation=ver=131.0.6778.109 --initial-client-data=0x13c,0x140,0x144,0x120,0x148,0x7ffc8a03dd08,0x7ffc8a03dd14,0x7ffc8a03dd20C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
HIGH
Description:
CryptoTab Browser
Exit code:
1
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
664"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=5908,i,17727552564676156678,1716964005049885944,524288 --field-trial-handle=6200,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1056"C:\Users\admin\AppData\Local\Temp\ctu51A7.tmp" --verbose-logging --system-level --enable-autorunC:\Users\admin\AppData\Local\Temp\ctu51A7.tmp
CTBrowserSetup_E999f9pSo7.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
HIGH
Description:
CryptoTab Browser Installer
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\users\admin\appdata\local\temp\ctu51a7.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1072"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=2580,i,8868476162629575988,15518380197284429015,524288 --field-trial-handle=2608,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1132"C:\Program Files\Mozilla Firefox\firefox.exe" https://cryptobrowser.site/en/C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1276"C:\Program Files\Mozilla Firefox\firefox.exe" "https://cryptobrowser.site/en/"C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
1388"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=5936,i,10044956575277641652,3594499682541503601,524288 --field-trial-handle=548,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=3912 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2104"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=6872,i,14810506556365924294,10662639550864422829,524288 --field-trial-handle=3680,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
2140"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=6280,i,6656665402977937175,14912594198612531572,524288 --field-trial-handle=5412,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
3900"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=renderer --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --metrics-shmem-handle=3348,i,4373796418176598298,13271097798431785406,2097152 --field-trial-handle=3512,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
Total events
13 319
Read events
13 078
Write events
213
Delete events
28

Modification events

(PID) Process:(1132) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(9072) CTBrowserSetup_E999f9pSo7.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Value:
(PID) Process:(9072) CTBrowserSetup_E999f9pSo7.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
040000000100000010000000E94FB54871208C00DF70F708AC47085B0F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C0300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B809000000010000000C000000300A06082B060105050703031D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD91400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B53000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C06200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF860B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B4200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(9072) CTBrowserSetup_E999f9pSo7.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
5C0000000100000004000000001000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B40B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000006200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF8653000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C01400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B1D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD909000000010000000C000000300A06082B060105050703030300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B80F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C040000000100000010000000E94FB54871208C00DF70F708AC47085B200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(9072) CTBrowserSetup_E999f9pSo7.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:referer
Value:
E999f9pSo7
(PID) Process:(5800) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:current_version_setup
Value:
2.5.7
(PID) Process:(5800) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:current_version_setup_path
Value:
C:\Users\admin\AppData\Local\Temp\CR_E3ACA.tmp\setup.exe
(PID) Process:(5800) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:current_version_level
Value:
admin
(PID) Process:(6272) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:current_version_setup
Value:
2.5.7
(PID) Process:(6272) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:current_version_setup_path
Value:
C:\Users\admin\AppData\Local\Temp\CR_E3ACA.tmp\setup.exe
Executable files
25
Suspicious files
956
Text files
534
Unknown types
4

Dropped files

PID
Process
Filename
Type
1132firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsonbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
1132firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:297E88D7CEB26E549254EC875649F4EB
SHA256:8B75D4FB1845BAA06122888D11F6B65E6A36B140C54A72CC13DF390FD7C95702
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\datareporting\glean\db\data.safe.tmpbinary
MD5:EF90022DF0735160DD056C0E6670E915
SHA256:2B663C0B462A437C8DE3D9B95EE157AE181249B78BDD6F7BD73F7EB6D9E03F87
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cert9.dbbinary
MD5:3E8F6142375D6F1601F23DC81368E299
SHA256:A239887629B40310387493CD6B2D5DE93ECFF3DEE431F796FD69DC7EDC4766A1
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cert9.db-journalbinary
MD5:E0B3CDDB672858B157DDDF77934B08E9
SHA256:AC27515AE89E12F39DE29932E79FAA2C7CCAA165C0399C7886B2193BB753DB69
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
66
TCP/UDP connections
197
DNS requests
200
Threats
109

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.216.77.33:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
200
184.24.77.52:80
http://r11.o.lencr.org/
unknown
whitelisted
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
POST
200
142.250.185.99:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
POST
200
184.24.77.52:80
http://r11.o.lencr.org/
unknown
whitelisted
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
POST
200
184.24.77.44:80
http://r10.o.lencr.org/
unknown
whitelisted
POST
200
184.24.77.44:80
http://r10.o.lencr.org/
unknown
whitelisted
POST
200
184.24.77.44:80
http://r10.o.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:137
whitelisted
23.216.77.33:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
185.173.160.142:443
cryptobrowser.site
WorldStream B.V.
NL
whitelisted
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.216.77.33
  • 23.216.77.23
  • 23.216.77.18
  • 23.216.77.30
  • 23.216.77.29
  • 23.216.77.25
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.110
whitelisted
cryptobrowser.site
  • 185.173.160.142
  • 185.173.160.143
  • 185.173.160.139
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 96.7.128.192
  • 23.215.0.132
  • 23.215.0.133
  • 96.7.128.186
whitelisted
ipv4only.arpa
  • 192.0.0.171
  • 192.0.0.170
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
spocs.getpocket.com
  • 34.36.137.203
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://cryptobrowser.site/en/