URL:

https://cryptobrowser.site/en/

Full analysis: https://app.any.run/tasks/1583c7af-4534-4fa1-a670-dfdf0d7fcc8d
Verdict: Malicious activity
Analysis date: May 18, 2025, 21:10:03
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto
generic
upx
Indicators:
MD5:

F4413F6B6E21F85CE5CF812BB584DF92

SHA1:

B276D71C43AC8B677ECDFADDED2B666F2DCBC735

SHA256:

A00F4972907188FDAABD605D049A1C1C5723290371BA614FCD2BE0998F92082B

SSDEEP:

3:N8K5WyiMi+:2KI7Mi+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • firefox.exe (PID: 1132)

    • Changes the autorun value in the registry

      • setup.exe (PID: 5800)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • CTBrowserSetup_E999f9pSo7.exe (PID: 8996)
      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • chrmstp.exe (PID: 8116)

    • Application launched itself

      • CTBrowserSetup_E999f9pSo7.exe (PID: 8996)
      • setup.exe (PID: 5800)
      • setup.exe (PID: 8424)
      • browser.exe (PID: 8508)
      • chrmstp.exe (PID: 8116)
      • chrmstp.exe (PID: 8100)

    • There is functionality for taking screenshot (YARA)

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)

    • Adds/modifies Windows certificates

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)

    • Executable content was dropped or overwritten

      • setup.exe (PID: 5800)
      • ctu51A7.tmp (PID: 1056)

    • Creates a software uninstall entry

      • setup.exe (PID: 5800)

    • Searches for installed software

      • setup.exe (PID: 5800)
      • setup.exe (PID: 8424)
      • chrmstp.exe (PID: 8100)
      • chrmstp.exe (PID: 8116)

    • Starts application with an unusual extension

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)

    • The process checks if it is being run in the virtual environment

      • browser.exe (PID: 8508)

    • Reads the date of Windows installation

      • chrmstp.exe (PID: 8116)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 1276)
      • firefox.exe (PID: 1132)

    • The sample compiled with english language support

      • firefox.exe (PID: 1132)
      • ctu51A7.tmp (PID: 1056)
      • setup.exe (PID: 5800)

    • Reads the computer name

      • CTBrowserSetup_E999f9pSo7.exe (PID: 8996)
      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • ctu51A7.tmp (PID: 1056)
      • setup.exe (PID: 5800)
      • setup.exe (PID: 8424)
      • browser.exe (PID: 8508)
      • CryptoTabUpdater.exe (PID: 8588)
      • browser.exe (PID: 8688)
      • browser.exe (PID: 4776)
      • browser.exe (PID: 7636)
      • chrmstp.exe (PID: 8100)
      • chrmstp.exe (PID: 8116)

    • Checks supported languages

      • CTBrowserSetup_E999f9pSo7.exe (PID: 8996)
      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • setup.exe (PID: 5800)
      • ctu51A7.tmp (PID: 1056)
      • setup.exe (PID: 6272)
      • setup.exe (PID: 8424)
      • setup.exe (PID: 8440)
      • browser.exe (PID: 8508)
      • browser.exe (PID: 632)
      • browser.exe (PID: 8688)
      • CryptoTabUpdater.exe (PID: 8588)
      • browser.exe (PID: 4776)
      • browser.exe (PID: 1072)
      • browser.exe (PID: 8404)
      • browser.exe (PID: 8932)
      • browser.exe (PID: 3900)
      • browser.exe (PID: 9028)
      • browser.exe (PID: 9192)
      • browser.exe (PID: 7292)
      • browser.exe (PID: 7576)
      • browser.exe (PID: 7636)
      • browser.exe (PID: 7680)
      • chrmstp.exe (PID: 8100)
      • chrmstp.exe (PID: 7540)
      • chrmstp.exe (PID: 8116)
      • browser.exe (PID: 8268)
      • chrmstp.exe (PID: 7172)
      • browser.exe (PID: 8168)
      • browser.exe (PID: 7984)
      • browser.exe (PID: 664)
      • browser.exe (PID: 2140)
      • browser.exe (PID: 8068)
      • browser.exe (PID: 8032)
      • browser.exe (PID: 5308)
      • browser.exe (PID: 7276)
      • browser.exe (PID: 7148)
      • browser.exe (PID: 7476)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 1132)

    • Process checks computer location settings

      • CTBrowserSetup_E999f9pSo7.exe (PID: 8996)
      • browser.exe (PID: 8508)
      • browser.exe (PID: 3900)
      • browser.exe (PID: 8932)
      • browser.exe (PID: 9028)
      • browser.exe (PID: 7292)
      • browser.exe (PID: 8404)
      • browser.exe (PID: 8268)

    • UPX packer has been detected

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)

    • Checks proxy server information

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • browser.exe (PID: 8508)

    • Reads the machine GUID from the registry

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • CryptoTabUpdater.exe (PID: 8588)
      • browser.exe (PID: 8508)

    • Reads the software policy settings

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • CryptoTabUpdater.exe (PID: 8588)

    • Creates files or folders in the user directory

      • CTBrowserSetup_E999f9pSo7.exe (PID: 9072)
      • setup.exe (PID: 8424)
      • browser.exe (PID: 8508)
      • browser.exe (PID: 4776)
      • chrmstp.exe (PID: 8116)

    • Create files in a temporary directory

      • ctu51A7.tmp (PID: 1056)
      • browser.exe (PID: 8508)

    • Creates files in the program directory

      • setup.exe (PID: 5800)
      • setup.exe (PID: 8424)
      • browser.exe (PID: 8508)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
201
Monitored processes
64
Malicious processes
7
Suspicious processes
3

Behavior graph

Click at the process to see the details
start firefox.exe no specs #GENERIC firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs sppextcomobj.exe no specs ctbrowsersetup_e999f9pso7.exe no specs ctbrowsersetup_e999f9pso7.exe ctu51a7.tmp setup.exe setup.exe no specs slui.exe setup.exe no specs setup.exe no specs browser.exe browser.exe no specs cryptotabupdater.exe browser.exe no specs browser.exe browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs browser.exe no specs chrmstp.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs browser.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
632"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\CryptoTab Browser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\CryptoTab Browser\User Data\Crashpad" --annotation=plat=Win64 "--annotation=prod=CryptoTab Browser" --annotation=ver=131.0.6778.109 --initial-client-data=0x13c,0x140,0x144,0x120,0x148,0x7ffc8a03dd08,0x7ffc8a03dd14,0x7ffc8a03dd20C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
HIGH
Description:
CryptoTab Browser
Exit code:
1
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
664"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=5908,i,17727552564676156678,1716964005049885944,524288 --field-trial-handle=6200,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1056"C:\Users\admin\AppData\Local\Temp\ctu51A7.tmp" --verbose-logging --system-level --enable-autorunC:\Users\admin\AppData\Local\Temp\ctu51A7.tmp
CTBrowserSetup_E999f9pSo7.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
HIGH
Description:
CryptoTab Browser Installer
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\users\admin\appdata\local\temp\ctu51a7.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1072"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=2580,i,8868476162629575988,15518380197284429015,524288 --field-trial-handle=2608,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=2604 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
1132"C:\Program Files\Mozilla Firefox\firefox.exe" https://cryptobrowser.site/en/C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll
1276"C:\Program Files\Mozilla Firefox\firefox.exe" "https://cryptobrowser.site/en/"C:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
123.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\program files\mozilla firefox\vcruntime140.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\program files\mozilla firefox\vcruntime140_1.dll
1388"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=5936,i,10044956575277641652,3594499682541503601,524288 --field-trial-handle=548,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=3912 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
2104"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=6872,i,14810506556365924294,10662639550864422829,524288 --field-trial-handle=3680,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
2140"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --metrics-shmem-handle=6280,i,6656665402977937175,14912594198612531572,524288 --field-trial-handle=5412,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:8C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
3900"C:\Program Files\CryptoTab Browser\Application\browser.exe" --type=renderer --string-annotations=is-enterprise-managed=no --no-pre-read-main-dll --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --metrics-shmem-handle=3348,i,4373796418176598298,13271097798431785406,2097152 --field-trial-handle=3512,i,14541860735988296348,1001765066919857101,262144 --variations-seed-version --mojo-platform-channel-handle=3616 /prefetch:1C:\Program Files\CryptoTab Browser\Application\browser.exebrowser.exe
User:
admin
Company:
The Chromium and CryptoTab Browser Authors
Integrity Level:
LOW
Description:
CryptoTab Browser
Exit code:
0
Version:
131.0.6778.109
Modules
Images
c:\program files\cryptotab browser\application\browser.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\cryptotab browser\application\131.0.6778.109\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\combase.dll
Total events
13 319
Read events
13 078
Write events
213
Delete events
28

Modification events

(PID) Process:(1132) firefox.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
Operation:writeName:SlowContextMenuEntries
Value:
6024B221EA3A6910A2DC08002B30309D0A010000BD0E0C47735D584D9CEDE91E22E23282770100000114020000000000C0000000000000468D0000006078A409B011A54DAFA526D86198A780390100009AD298B2EDA6DE11BA8CA68E55D895936E000000
(PID) Process:(9072) CTBrowserSetup_E999f9pSo7.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
Operation:delete valueName:4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Value:
(PID) Process:(9072) CTBrowserSetup_E999f9pSo7.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
040000000100000010000000E94FB54871208C00DF70F708AC47085B0F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C0300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B809000000010000000C000000300A06082B060105050703031D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD91400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B53000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C06200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF860B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B4200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(9072) CTBrowserSetup_E999f9pSo7.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8
Operation:writeName:Blob
Value:
5C0000000100000004000000001000001900000001000000100000005D1B8FF2C30F63F5B536EDD400F7F9B40B000000010000004200000047006C006F00620061006C005300690067006E00200043006F006400650020005300690067006E0069006E006700200052006F006F007400200052003400350000006200000001000000200000007B9D553E1C92CB6E8803E137F4F287D4363757F5D44B37D52F9FCA22FB97DF8653000000010000001F000000301D301B060567810C010330123010060A2B0601040182373C0101030200C01400000001000000140000001F00BF46800AFC7839B7A5B443D95650BBCE963B1D00000001000000100000005467B0ADDE8D858E30EE517B1A19ECD909000000010000000C000000300A06082B060105050703030300000001000000140000004EFC31460C619ECAE59C1BCE2C008036D94C84B80F0000000100000030000000C130BBA37B8B350E89FD5ED76B4F78777FEEE220D3B9E729042BEF6AF46E8E4C1B252E32B3080C681BC9A8A1AFDD0A3C040000000100000010000000E94FB54871208C00DF70F708AC47085B200000000100000076050000308205723082035AA00302010202107653FEAC75464893F5E5D74A483A4EF8300D06092A864886F70D01010C05003053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F7420523435301E170D3230303331383030303030305A170D3435303331383030303030305A3053310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D73613129302706035504031320476C6F62616C5369676E20436F6465205369676E696E6720526F6F742052343530820222300D06092A864886F70D01010105000382020F003082020A0282020100B62DC530DD7AE8AB903D0372B03A4B991661B2E5FFA5671D371CE57EEC9383AA84F5A3439B98458AB863575D9B00880425E9F868924B82D84BC94A03F3A87F6A8F8A6127BDA144D0FDF53F22C2A34F918DB305B22882915DFB5988050B9706C298F82CA73324EE503A41CCF0A0B07B1D4DD2A8583896E9DFF91B91BB8B102CD2C7431DA20974A180AF7BE6330A0C596B8EBCF4AB5A977B7FAE55FB84F080FE844CD7E2BABDC475A16FBD61107444B29807E274ABFF68DC6C263EE91FE5E00487AD30D30C8D037C55B816705C24782025EB676788ABBA4E34986B7011DE38CAD4BEA1C09CE1DF1E0201D83BE1674384B6CFFC74B72F84A3BFBA09373D676CB1455C1961AB4183F5AC1DEB770D464773CEBFBD9595ED9D2B8810FEFA58E8A757E1B3CFA85AE907259B12C49E80723D93DC8C94DF3B44E62680FCD2C303F08C0CD245D62EE78F989EE604EE426E677E42167162E704F960C664A1B69C81214E2BC66D689486C699747367317A91F2D48C796E7CA6BB7E466F4DC585122BCF9A224408A88537CE07615706171224C0C43173A1983557477E103A45D92DA4519098A9A00737C4651AAA1C6B1677F7A797EC3F1930996F31FBEA40B2E7D2C4FAC9D0F050767459FA8D6D1732BEF8E97E03F4E787759AD44A912C850313022B4280F2896A36CFC84CA0CE9EF8CB8DAD16A7D3DED59B18A7C6923AF18263F12E0E2464DF0203010001A3423040300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E041604141F00BF46800AFC7839B7A5B443D95650BBCE963B300D06092A864886F70D01010C050003820201005E2BBA749734445F764828408493EE016EE9A1B3D68025E67BE4BC09913D0FFC76ADD7D43020BB8F60D091D61CF29CEF781A2B943202C12496525202D0F3D1FCF29B396E99E11F8E43417D9A1E5BC95D9A84FC26E687F3747226ADA41BD93D3B6A52A03C091E2F1E7BB333B445C7F7ACB1AF9360AD76AEB8B21578EB836AEBFFDB46AB24E5EE02FA901F59C02F5DD6B75DA45C10B77253F8414ECCFA781A254ACAFE85624361C3B437AA81D2F4D63A0FBD8D597E3047DE2B6BE72150335FD4679BD4B8679F3C279903FF85438E7312CA20CDE861D5B166DC17D6396D0FDBCF2337A182894E1C6B3FD6A0CDAA079D3E4226AAD70CEEFA47BF1A527ED17581D3C98A62176D4F88A021A0263EAF6DD962301FE99828AE6E8DD58E4C726693808D2AE355C760679042565C22510FB3DC4E39EE4DDDD91D7810543B6ED0976F03B51EB22373C612B29A64D0FC958524A8FFDFA1B0DC9140AEDF0933ABB9DD92B7F1CC91743B69EB67971B90BFE7C7A06F71BB57BFB78F5AED7A406A16CD80842D2FE102D4249443B315FC0C2B1BFD716FFCCBBC75173A5E83D2C9B32F1BD59C8D7F54FE7E7EE456A387A79DE1595294418F6D5BBE86959AFF1A76DD40D2514A70B41F336323773FEC271E59E40887ED34824A0F3FFEA01DC1F56773458678F4AA29E92787C619DBC61314C33949874DA097E06513F59D7756E9DAB358C73AF2C0CD82
(PID) Process:(9072) CTBrowserSetup_E999f9pSo7.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:referer
Value:
E999f9pSo7
(PID) Process:(5800) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:current_version_setup
Value:
2.5.7
(PID) Process:(5800) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:current_version_setup_path
Value:
C:\Users\admin\AppData\Local\Temp\CR_E3ACA.tmp\setup.exe
(PID) Process:(5800) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:current_version_level
Value:
admin
(PID) Process:(6272) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:current_version_setup
Value:
2.5.7
(PID) Process:(6272) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\CryptoTab Browser
Operation:writeName:current_version_setup_path
Value:
C:\Users\admin\AppData\Local\Temp\CR_E3ACA.tmp\setup.exe
Executable files
25
Suspicious files
956
Text files
534
Unknown types
4

Dropped files

PID
Process
Filename
Type
1132firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
1132firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-child-current.binbinary
MD5:C95DDC2B1A525D1A243E4C294DA2F326
SHA256:3A5919E086BFB31E36110CF636D2D5109EB51F2C410B107F126126AB25D67363
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1132firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:297E88D7CEB26E549254EC875649F4EB
SHA256:8B75D4FB1845BAA06122888D11F6B65E6A36B140C54A72CC13DF390FD7C95702
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.jstext
MD5:2C99A16AED3906D92FFE3EF1808E2753
SHA256:08412578CC3BB4922388F8FF8C23962F616B69A1588DA720ADE429129C73C452
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\SiteSecurityServiceState.binbinary
MD5:56D853DF7F955D4685B00E15F1E953CE
SHA256:2C5D8C1471FDED7C16F3CB2CCCC6B2838765107B87ECF48682A180C472F20590
1132firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
66
TCP/UDP connections
197
DNS requests
200
Threats
109

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.216.77.33:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
POST
200
184.24.77.44:80
http://r10.o.lencr.org/
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
142.250.185.99:80
http://o.pki.goog/s/wr3/FIY
unknown
whitelisted
POST
200
184.24.77.52:80
http://r11.o.lencr.org/
unknown
whitelisted
POST
200
184.24.77.52:80
http://r11.o.lencr.org/
unknown
whitelisted
POST
200
184.24.77.44:80
http://r10.o.lencr.org/
unknown
whitelisted
POST
200
142.250.185.99:80
http://o.pki.goog/we2
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:137
whitelisted
23.216.77.33:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
185.173.160.142:443
cryptobrowser.site
WorldStream B.V.
NL
whitelisted
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
34.160.144.191:443
content-signature-2.cdn.mozilla.net
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.216.77.33
  • 23.216.77.23
  • 23.216.77.18
  • 23.216.77.30
  • 23.216.77.29
  • 23.216.77.25
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.110
whitelisted
cryptobrowser.site
  • 185.173.160.142
  • 185.173.160.143
  • 185.173.160.139
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 96.7.128.192
  • 23.215.0.132
  • 23.215.0.133
  • 96.7.128.186
whitelisted
ipv4only.arpa
  • 192.0.0.171
  • 192.0.0.170
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
spocs.getpocket.com
  • 34.36.137.203
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
4776
browser.exe
Generic Protocol Command Decode
SURICATA QUIC failed decrypt
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://cryptobrowser.site/en/