| File name: | centbrowser_5.0.1002.354_x64.exe |
| Full analysis: | https://app.any.run/tasks/b7cd05aa-b502-4cff-afa5-9d0370d508e6 |
| Verdict: | Malicious activity |
| Threats: | Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. |
| Analysis date: | May 20, 2025, 17:07:12 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32+ executable (GUI) x86-64, for MS Windows, 8 sections |
| MD5: | 5BBC8606A3CE3CA6922A21A8410CE667 |
| SHA1: | C8553ABAD299BFEFD8F350F44615E27F4A8CD93B |
| SHA256: | B8EEFD006853FC7B415CCBE4987D9B03F83C92CFEE55182A59E4217AFD2A0ABA |
| SSDEEP: | 786432:nYqhfyZZyETwHWcNY9zAqFvRMIpMcf5L3FOHlr1wSMZLQgv83PFH:n7VyTLMl+1oIpMcf5LF21GZLQ79 |
MALICIOUS
Actions looks like stealing of personal data
- setup.exe (PID: 8036)
- csrss.exe (PID: 5824)
- chrome.exe (PID: 5024)
- chrome.exe (PID: 2432)
- chrome.exe (PID: 1628)
- chrome.exe (PID: 4120)
- chrome.exe (PID: 4724)
- chrome.exe (PID: 2980)
- chrome.exe (PID: 7496)
- chrome.exe (PID: 4696)
- chrome.exe (PID: 2108)
- chrome.exe (PID: 7680)
- chrome.exe (PID: 7784)
- chrome.exe (PID: 5680)
- chrome.exe (PID: 6228)
- chrome.exe (PID: 6712)
- chrome.exe (PID: 6752)
- chrome.exe (PID: 732)
- chrome.exe (PID: 2644)
- chrome.exe (PID: 6256)
- chrome.exe (PID: 6676)
- chrome.exe (PID: 7784)
- chrome.exe (PID: 3032)
- chrome.exe (PID: 7608)
- chrome.exe (PID: 2140)
- chrome.exe (PID: 5452)
- chrome.exe (PID: 4620)
- chrome.exe (PID: 6584)
- chrome.exe (PID: 6244)
- chrome.exe (PID: 5512)
- chrome.exe (PID: 680)
- chrome.exe (PID: 4068)
- chrome.exe (PID: 4016)
- chrome.exe (PID: 1512)
- chrome.exe (PID: 7376)
- chrome.exe (PID: 8104)
- chrome.exe (PID: 7864)
- chrome.exe (PID: 6068)
- chrome.exe (PID: 5952)
- chrome.exe (PID: 2896)
- chrome.exe (PID: 6080)
- chrome.exe (PID: 5588)
- chrome.exe (PID: 4620)
- chrome.exe (PID: 664)
- chrome.exe (PID: 8036)
- chrome.exe (PID: 5452)
- chrome.exe (PID: 4528)
- chrome.exe (PID: 2904)
- chrome.exe (PID: 7600)
- chrome.exe (PID: 8176)
- chrome.exe (PID: 3156)
- chrome.exe (PID: 1328)
- chrome.exe (PID: 2064)
- chrome.exe (PID: 8092)
- chrome.exe (PID: 812)
- chrome.exe (PID: 7824)
- chrome.exe (PID: 5952)
- chrome.exe (PID: 7828)
- chrome.exe (PID: 6736)
- chrome.exe (PID: 540)
- chrome.exe (PID: 6384)
- chrome.exe (PID: 6800)
- chrome.exe (PID: 2772)
- chrome.exe (PID: 664)
- chrome.exe (PID: 7600)
- chrome.exe (PID: 7816)
- chrome.exe (PID: 6344)
- chrome.exe (PID: 2416)
- chrome.exe (PID: 1672)
- chrome.exe (PID: 5280)
- chrome.exe (PID: 2384)
Steals credentials from Web Browsers
- chrome.exe (PID: 5024)
SUSPICIOUS
Process drops legitimate windows executable
- centbrowser_5.0.1002.354_x64.exe (PID: 7888)
- setup.exe (PID: 8036)
Executable content was dropped or overwritten
- centbrowser_5.0.1002.354_x64.exe (PID: 7888)
- setup.exe (PID: 8036)
Application launched itself
- setup.exe (PID: 8036)
- chrome.exe (PID: 5024)
Searches for installed software
- setup.exe (PID: 8036)
- chrome.exe (PID: 2432)
- chrome.exe (PID: 1628)
- chrome.exe (PID: 4120)
- chrome.exe (PID: 2108)
- chrome.exe (PID: 5024)
- chrome.exe (PID: 4696)
- chrome.exe (PID: 2980)
- chrome.exe (PID: 7496)
- chrome.exe (PID: 4724)
- chrome.exe (PID: 7680)
- chrome.exe (PID: 5680)
- chrome.exe (PID: 7784)
- chrome.exe (PID: 6228)
- chrome.exe (PID: 6712)
- chrome.exe (PID: 6752)
- chrome.exe (PID: 2644)
- chrome.exe (PID: 732)
- chrome.exe (PID: 6256)
- chrome.exe (PID: 6676)
- chrome.exe (PID: 3032)
- chrome.exe (PID: 7608)
- chrome.exe (PID: 2140)
- chrome.exe (PID: 5452)
- chrome.exe (PID: 7784)
- chrome.exe (PID: 4620)
- chrome.exe (PID: 6584)
- chrome.exe (PID: 5512)
- chrome.exe (PID: 680)
- chrome.exe (PID: 4068)
- chrome.exe (PID: 4016)
- chrome.exe (PID: 6244)
- chrome.exe (PID: 1512)
- chrome.exe (PID: 8104)
- chrome.exe (PID: 6068)
- chrome.exe (PID: 7376)
- chrome.exe (PID: 6080)
- chrome.exe (PID: 2896)
- chrome.exe (PID: 5588)
- chrome.exe (PID: 4620)
- chrome.exe (PID: 7864)
- chrome.exe (PID: 5952)
- chrome.exe (PID: 5452)
- chrome.exe (PID: 664)
- chrome.exe (PID: 8036)
- chrome.exe (PID: 1328)
- chrome.exe (PID: 4528)
- chrome.exe (PID: 2904)
- chrome.exe (PID: 3156)
- chrome.exe (PID: 7600)
- chrome.exe (PID: 8092)
- chrome.exe (PID: 2064)
- chrome.exe (PID: 812)
- chrome.exe (PID: 7824)
- chrome.exe (PID: 8176)
- chrome.exe (PID: 7828)
- chrome.exe (PID: 6736)
- chrome.exe (PID: 5952)
- chrome.exe (PID: 540)
- chrome.exe (PID: 6384)
- chrome.exe (PID: 6800)
- chrome.exe (PID: 2772)
- chrome.exe (PID: 664)
- chrome.exe (PID: 7600)
- chrome.exe (PID: 6344)
- chrome.exe (PID: 7816)
- chrome.exe (PID: 2416)
- chrome.exe (PID: 1672)
- chrome.exe (PID: 5280)
- chrome.exe (PID: 2384)
Creates a software uninstall entry
- setup.exe (PID: 8036)
Reads security settings of Internet Explorer
- ShellExperienceHost.exe (PID: 1132)
- chrome.exe (PID: 6228)
INFO
The sample compiled with english language support
- centbrowser_5.0.1002.354_x64.exe (PID: 7888)
- setup.exe (PID: 8036)
Checks supported languages
- centbrowser_5.0.1002.354_x64.exe (PID: 7888)
- setup.exe (PID: 8036)
- setup.exe (PID: 7320)
- chrome.exe (PID: 2432)
- chrome.exe (PID: 1628)
- ShellExperienceHost.exe (PID: 1132)
- chrome.exe (PID: 2108)
- chrome.exe (PID: 4120)
- chrome.exe (PID: 2980)
- chrome.exe (PID: 4724)
- chrome.exe (PID: 4696)
- chrome.exe (PID: 7496)
- chrome.exe (PID: 7680)
- chrome.exe (PID: 7784)
- chrome.exe (PID: 5680)
- chrome.exe (PID: 5024)
- chrome.exe (PID: 6752)
- chrome.exe (PID: 6228)
- chrome.exe (PID: 6712)
- chrome.exe (PID: 2644)
- chrome.exe (PID: 732)
- chrome.exe (PID: 3032)
- chrome.exe (PID: 6256)
- chrome.exe (PID: 7608)
- chrome.exe (PID: 2140)
- chrome.exe (PID: 7784)
- chrome.exe (PID: 6584)
- chrome.exe (PID: 5452)
- chrome.exe (PID: 6676)
- chrome.exe (PID: 4620)
- chrome.exe (PID: 4068)
- chrome.exe (PID: 4016)
- chrome.exe (PID: 6244)
- chrome.exe (PID: 680)
- chrome.exe (PID: 5512)
- chrome.exe (PID: 6068)
- chrome.exe (PID: 7376)
- chrome.exe (PID: 1512)
- chrome.exe (PID: 8104)
- chrome.exe (PID: 6080)
- chrome.exe (PID: 5952)
- chrome.exe (PID: 5588)
- chrome.exe (PID: 2896)
- chrome.exe (PID: 7864)
- chrome.exe (PID: 664)
- chrome.exe (PID: 5452)
- chrome.exe (PID: 8036)
- chrome.exe (PID: 1328)
- chrome.exe (PID: 4620)
- chrome.exe (PID: 4528)
- chrome.exe (PID: 7600)
- chrome.exe (PID: 2904)
- chrome.exe (PID: 3156)
- chrome.exe (PID: 2064)
- chrome.exe (PID: 8092)
- chrome.exe (PID: 812)
- chrome.exe (PID: 8176)
- chrome.exe (PID: 7828)
- chrome.exe (PID: 5952)
- chrome.exe (PID: 6736)
- chrome.exe (PID: 540)
- chrome.exe (PID: 7824)
- chrome.exe (PID: 2772)
- chrome.exe (PID: 7600)
- chrome.exe (PID: 6384)
- chrome.exe (PID: 6800)
- chrome.exe (PID: 1672)
- chrome.exe (PID: 7816)
- chrome.exe (PID: 2416)
- chrome.exe (PID: 664)
- chrome.exe (PID: 6344)
- chrome.exe (PID: 5280)
- chrome.exe (PID: 2384)
Reads the computer name
- centbrowser_5.0.1002.354_x64.exe (PID: 7888)
- setup.exe (PID: 8036)
- chrome.exe (PID: 5024)
- chrome.exe (PID: 1628)
- ShellExperienceHost.exe (PID: 1132)
- chrome.exe (PID: 2108)
- chrome.exe (PID: 7784)
- chrome.exe (PID: 6228)
- chrome.exe (PID: 5680)
- chrome.exe (PID: 2904)
Create files in a temporary directory
- centbrowser_5.0.1002.354_x64.exe (PID: 7888)
- chrome.exe (PID: 5024)
Creates files or folders in the user directory
- setup.exe (PID: 8036)
- setup.exe (PID: 7320)
- chrome.exe (PID: 2108)
- chrome.exe (PID: 5024)
- chrome.exe (PID: 6228)
Process checks computer location settings
- ShellExperienceHost.exe (PID: 1132)
- chrome.exe (PID: 4724)
- chrome.exe (PID: 4696)
- chrome.exe (PID: 5024)
- chrome.exe (PID: 2980)
- chrome.exe (PID: 7680)
- chrome.exe (PID: 6752)
- chrome.exe (PID: 2644)
- chrome.exe (PID: 732)
- chrome.exe (PID: 6256)
- chrome.exe (PID: 3032)
- chrome.exe (PID: 7608)
- chrome.exe (PID: 2140)
- chrome.exe (PID: 6676)
- chrome.exe (PID: 7784)
- chrome.exe (PID: 5452)
- chrome.exe (PID: 4620)
- chrome.exe (PID: 6584)
- chrome.exe (PID: 5512)
- chrome.exe (PID: 680)
- chrome.exe (PID: 4016)
- chrome.exe (PID: 4068)
- chrome.exe (PID: 6244)
- chrome.exe (PID: 6068)
- chrome.exe (PID: 7376)
- chrome.exe (PID: 1512)
- chrome.exe (PID: 8104)
- chrome.exe (PID: 5952)
- chrome.exe (PID: 2896)
- chrome.exe (PID: 7864)
- chrome.exe (PID: 6080)
- chrome.exe (PID: 5588)
- chrome.exe (PID: 4620)
- chrome.exe (PID: 5452)
- chrome.exe (PID: 664)
- chrome.exe (PID: 8036)
- chrome.exe (PID: 4528)
- chrome.exe (PID: 1328)
- chrome.exe (PID: 3156)
- chrome.exe (PID: 8176)
- chrome.exe (PID: 2064)
- chrome.exe (PID: 812)
- chrome.exe (PID: 8092)
- chrome.exe (PID: 5952)
- chrome.exe (PID: 7828)
- chrome.exe (PID: 6736)
- chrome.exe (PID: 540)
- chrome.exe (PID: 7824)
- chrome.exe (PID: 7600)
- chrome.exe (PID: 6384)
- chrome.exe (PID: 6800)
- chrome.exe (PID: 2772)
- chrome.exe (PID: 1672)
- chrome.exe (PID: 6344)
- chrome.exe (PID: 7816)
- chrome.exe (PID: 2416)
- chrome.exe (PID: 664)
- chrome.exe (PID: 2384)
Reads the machine GUID from the registry
- ShellExperienceHost.exe (PID: 1132)
- chrome.exe (PID: 5024)
- chrome.exe (PID: 5680)
- chrome.exe (PID: 2904)
Checks proxy server information
- chrome.exe (PID: 5024)
- chrome.exe (PID: 6228)
Reads the software policy settings
- chrome.exe (PID: 5024)
- chrome.exe (PID: 5680)
- chrome.exe (PID: 2904)
- slui.exe (PID: 5072)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Generic Win/DOS Executable (50) |
|---|---|---|
| .exe | | | DOS Executable Generic (49.9) |
EXIF
EXE
| MachineType: | AMD AMD64 |
|---|---|
| TimeStamp: | 2022:07:20 01:00:58+00:00 |
| ImageFileCharacteristics: | Executable, Large address aware |
| PEType: | PE32+ |
| LinkerVersion: | 14 |
| CodeSize: | 13824 |
| InitializedDataSize: | 101523456 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x1000 |
| OSVersion: | 5.2 |
| ImageVersion: | - |
| SubsystemVersion: | 5.2 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 5.0.1002.354 |
| ProductVersionNumber: | 5.0.1002.354 |
| FileFlagsMask: | 0x0017 |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Unicode |
| CompanyName: | Cent Studio |
| FileDescription: | CentBrowser Installer |
| FileVersion: | 5.0.1002.354 |
| InternalName: | mini_installer |
| LegalCopyright: | Copyright 2022 Cent Studio. All rights reserved. |
| ProductName: | CentBrowser Installer |
| ProductVersion: | 5.0.1002.354 |
| CompanyShortName: | Cent Studio |
| ProductShortName: | CentBrowser Installer |
| LastChange: | e51e22f80a0d067416a443ed9c4cb5871f48937a-refs/branch-heads/5005@{#1268} |
| OfficialBuild: | 1 |
Total processes
244
Monitored processes
123
Malicious processes
72
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 540 | "C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=2780 --field-trial-handle=1884,i,660608601917485215,10641693998038613805,131072 --enable-features=ScrollableTabStrip /prefetch:1 | C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Cent Studio Integrity Level: LOW Description: Cent Browser Exit code: 0 Version: 5.0.1002.354 Modules
| |||||||||||||||
| 664 | "C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --start-stack-profiler --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6752 --field-trial-handle=1884,i,660608601917485215,10641693998038613805,131072 --enable-features=ScrollableTabStrip /prefetch:1 | C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Cent Studio Integrity Level: LOW Description: Cent Browser Exit code: 0 Version: 5.0.1002.354 Modules
| |||||||||||||||
| 664 | "C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=5580 --field-trial-handle=1884,i,660608601917485215,10641693998038613805,131072 --enable-features=ScrollableTabStrip /prefetch:1 | C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Cent Studio Integrity Level: LOW Description: Cent Browser Exit code: 0 Version: 5.0.1002.354 Modules
| |||||||||||||||
| 672 | "C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=6412 --field-trial-handle=1884,i,660608601917485215,10641693998038613805,131072 --enable-features=ScrollableTabStrip /prefetch:1 | C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Cent Studio Integrity Level: LOW Description: Cent Browser Exit code: 0 Version: 5.0.1002.354 Modules
| |||||||||||||||
| 680 | "C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6012 --field-trial-handle=1884,i,660608601917485215,10641693998038613805,131072 --enable-features=ScrollableTabStrip /prefetch:1 | C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Cent Studio Integrity Level: LOW Description: Cent Browser Exit code: 0 Version: 5.0.1002.354 Modules
| |||||||||||||||
| 732 | "C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6044 --field-trial-handle=1884,i,660608601917485215,10641693998038613805,131072 --enable-features=ScrollableTabStrip /prefetch:1 | C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Cent Studio Integrity Level: LOW Description: Cent Browser Exit code: 0 Version: 5.0.1002.354 Modules
| |||||||||||||||
| 736 | "C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=5752 --field-trial-handle=1884,i,660608601917485215,10641693998038613805,131072 --enable-features=ScrollableTabStrip /prefetch:1 | C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Cent Studio Integrity Level: LOW Description: Cent Browser Exit code: 0 Version: 5.0.1002.354 Modules
| |||||||||||||||
| 744 | "C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=6620 --field-trial-handle=1884,i,660608601917485215,10641693998038613805,131072 --enable-features=ScrollableTabStrip /prefetch:1 | C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Cent Studio Integrity Level: LOW Description: Cent Browser Exit code: 0 Version: 5.0.1002.354 Modules
| |||||||||||||||
| 812 | "C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6436 --field-trial-handle=1884,i,660608601917485215,10641693998038613805,131072 --enable-features=ScrollableTabStrip /prefetch:1 | C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe | chrome.exe | ||||||||||||
User: admin Company: Cent Studio Integrity Level: LOW Description: Cent Browser Exit code: 0 Version: 5.0.1002.354 Modules
| |||||||||||||||
| 1128 | "C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=6288 --field-trial-handle=1884,i,660608601917485215,10641693998038613805,131072 --enable-features=ScrollableTabStrip /prefetch:1 | C:\Users\admin\AppData\Local\CentBrowser\Application\chrome.exe | — | chrome.exe | |||||||||||
User: admin Company: Cent Studio Integrity Level: LOW Description: Cent Browser Exit code: 0 Version: 5.0.1002.354 Modules
| |||||||||||||||
Total events
27 239
Read events
27 079
Write events
139
Delete events
21
Modification events
| (PID) Process: | (8036) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\CentBrowser |
| Operation: | write | Name: | InstallerProgress |
Value: 19 | |||
| (PID) Process: | (8036) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\CentBrowser |
| Operation: | write | Name: | InstallerProgress |
Value: 25 | |||
| (PID) Process: | (8036) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\CentBrowser |
| Operation: | write | Name: | InstallerProgress |
Value: 39 | |||
| (PID) Process: | (8036) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\CentBrowser |
| Operation: | write | Name: | InstallerProgress |
Value: 59 | |||
| (PID) Process: | (8036) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\CentBrowser |
| Operation: | write | Name: | InstallerProgress |
Value: 46 | |||
| (PID) Process: | (8036) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\CentBrowser |
| Operation: | write | Name: | InstallerProgress |
Value: 53 | |||
| (PID) Process: | (8036) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\CentBrowser |
| Operation: | write | Name: | UninstallString |
Value: C:\Users\admin\AppData\Local\CentBrowser\Application\5.0.1002.354\Installer\setup.exe | |||
| (PID) Process: | (8036) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\CentBrowser |
| Operation: | write | Name: | UninstallArguments |
Value: --uninstall | |||
| (PID) Process: | (8036) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CentBrowser |
| Operation: | write | Name: | DisplayName |
Value: Cent Browser | |||
| (PID) Process: | (8036) setup.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CentBrowser |
| Operation: | write | Name: | UninstallString |
Value: "C:\Users\admin\AppData\Local\CentBrowser\Application\5.0.1002.354\Installer\setup.exe" --uninstall | |||
Executable files
23
Suspicious files
608
Text files
118
Unknown types
1
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7888 | centbrowser_5.0.1002.354_x64.exe | C:\Users\admin\AppData\Local\Temp\CB_W6X8H0_CR_58412.tmp\ICUDTL.DA_ | — | |
MD5:— | SHA256:— | |||
| 7888 | centbrowser_5.0.1002.354_x64.exe | C:\Users\admin\AppData\Local\Temp\CB_W6X8H0_CR_58412.tmp\icudtl.dat | — | |
MD5:— | SHA256:— | |||
| 7888 | centbrowser_5.0.1002.354_x64.exe | C:\Users\admin\AppData\Local\Temp\CB_W6X8H0_CR_58412.tmp\D3DCOMPILER_47.DL_ | compressed | |
MD5:52A4A61292F11633F149C21097436C45 | SHA256:6AB728490D04883189F86A7F076D13B95E2F729F1F343D12238A8129CB668430 | |||
| 7888 | centbrowser_5.0.1002.354_x64.exe | C:\Users\admin\AppData\Local\Temp\CB_W6X8H0_CR_58412.tmp\libEGL.dll | executable | |
MD5:E80893E22147700CDBA830378AC93E41 | SHA256:59D40B6FDF629163F89E965ECF7FECE51B696899F9BBF8C85512E0B177080BA3 | |||
| 7888 | centbrowser_5.0.1002.354_x64.exe | C:\Users\admin\AppData\Local\Temp\CB_W6X8H0_CR_58412.tmp\setup_resources\SETUP_STRINGS_ES.PAK | binary | |
MD5:41DE397E496EB76DF8C004459B72860F | SHA256:8ECA5B563825F1ED01488B4C52EDE0382762C0E29CE0262979A9566FC1B83C69 | |||
| 7888 | centbrowser_5.0.1002.354_x64.exe | C:\Users\admin\AppData\Local\Temp\CB_W6X8H0_CR_58412.tmp\setup_resources\SETUP_STRINGS_IT.PAK | binary | |
MD5:A24B5A733FC31B623FF833FCE00B1984 | SHA256:F44A25944A618C9DB227C0A89295E923A695F6D9E1489DAF031EC81C323A05D5 | |||
| 7888 | centbrowser_5.0.1002.354_x64.exe | C:\Users\admin\AppData\Local\Temp\CB_W6X8H0_CR_58412.tmp\setup_resources\SETUP_STRINGS_FR.PAK | binary | |
MD5:97DF97F40B1A0E8E90CD367CCF7E8E86 | SHA256:B8C3C0116EF6BF02DE72400C2F8F81DA6CD03318AB27601CEEF31022AE274B64 | |||
| 7888 | centbrowser_5.0.1002.354_x64.exe | C:\Users\admin\AppData\Local\Temp\CB_W6X8H0_CR_58412.tmp\LIBEGL.DL_ | compressed | |
MD5:7B6A61A4868638A61E60899ECCF6483F | SHA256:9C16CFC854282029239B4E765FAA91B3AB6C6238268A708A7B32A10DBCAD914B | |||
| 7888 | centbrowser_5.0.1002.354_x64.exe | C:\Users\admin\AppData\Local\Temp\CB_W6X8H0_CR_58412.tmp\setup_resources\SETUP_STRINGS_RU.PAK | binary | |
MD5:42A8857ACCB5A201B4A4A11931FF39CD | SHA256:9324627918D893E976EBEC5B8071A01F445870354A5945DE28263B36F2CB26A8 | |||
| 7888 | centbrowser_5.0.1002.354_x64.exe | C:\Users\admin\AppData\Local\Temp\CB_W6X8H0_CR_58412.tmp\setup_resources\SETUP_STRINGS_EL.PAK | binary | |
MD5:7D99ADD5189BB4D1469CB4710CE8608A | SHA256:6DAD2AFF731DA2B4FA536AD1DB6EE1E398FA314FAFDC27D534DCD5C6E1D6FF5E | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
254
DNS requests
64
Threats
81
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2104 | svchost.exe | GET | 200 | 23.216.77.6:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
2104 | svchost.exe | GET | 200 | 69.192.161.161:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
7372 | svchost.exe | HEAD | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad7sy7xmfackw2sk6iujs3vzvwsa_9799/hfnkpimlhhgieaddgfemjhofmfblmnib_9799_all_acwopzqpez52ugbathatzmi6vgga.crx3 | unknown | — | — | whitelisted |
7372 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad7sy7xmfackw2sk6iujs3vzvwsa_9799/hfnkpimlhhgieaddgfemjhofmfblmnib_9799_all_acwopzqpez52ugbathatzmi6vgga.crx3 | unknown | — | — | whitelisted |
7372 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad7sy7xmfackw2sk6iujs3vzvwsa_9799/hfnkpimlhhgieaddgfemjhofmfblmnib_9799_all_acwopzqpez52ugbathatzmi6vgga.crx3 | unknown | — | — | whitelisted |
7372 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad7sy7xmfackw2sk6iujs3vzvwsa_9799/hfnkpimlhhgieaddgfemjhofmfblmnib_9799_all_acwopzqpez52ugbathatzmi6vgga.crx3 | unknown | — | — | whitelisted |
7372 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad7sy7xmfackw2sk6iujs3vzvwsa_9799/hfnkpimlhhgieaddgfemjhofmfblmnib_9799_all_acwopzqpez52ugbathatzmi6vgga.crx3 | unknown | — | — | whitelisted |
7372 | svchost.exe | HEAD | 200 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3 | unknown | — | — | whitelisted |
7372 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad7sy7xmfackw2sk6iujs3vzvwsa_9799/hfnkpimlhhgieaddgfemjhofmfblmnib_9799_all_acwopzqpez52ugbathatzmi6vgga.crx3 | unknown | — | — | whitelisted |
7372 | svchost.exe | GET | 206 | 34.104.35.123:80 | http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaeamibhnphh_3_all_gplutbkdljxxbjolk3siq7kive.crx3 | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 4.231.128.59:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2104 | svchost.exe | 23.216.77.6:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
2104 | svchost.exe | 69.192.161.161:80 | www.microsoft.com | AKAMAI-AS | DE | whitelisted |
— | — | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5024 | chrome.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
2108 | chrome.exe | 74.125.71.84:443 | accounts.google.com | GOOGLE | US | whitelisted |
2108 | chrome.exe | 104.22.36.210:443 | stat.centbrowser.com | CLOUDFLARENET | — | suspicious |
2108 | chrome.exe | 142.250.185.106:443 | optimizationguide-pa.googleapis.com | GOOGLE | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
stat.centbrowser.com |
| unknown |
accounts.google.com |
| whitelisted |
optimizationguide-pa.googleapis.com |
| whitelisted |
www.ebay.com |
| whitelisted |
ir.ebaystatic.com |
| whitelisted |
srv.main.ebayrtm.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Misc activity | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2 |
— | — | Misc activity | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1 |
— | — | Misc activity | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3 |
— | — | Misc activity | SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt) |
2196 | svchost.exe | Not Suspicious Traffic | INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com) |
— | — | Misc activity | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1 |
— | — | Misc activity | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2 |
— | — | Misc activity | SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt) |
— | — | Misc activity | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3 |
— | — | Misc activity | ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1 |