4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2

Resubmissions

26-04-2024 08:52

240426-ks7zdada7x 7

24-04-2024 15:31

240424-sx28pace5y 8

23-04-2024 05:33

240423-f814jsdf8z 8

Analysis

max time kernel
56s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EcosiaInstaller.exe
Size

1.0MB
MD5

ead03cdd9d3398c50ffd82d1f1021d53
SHA1

24b37f404d510f4eb7807dd89de20e936fc18190
SHA256

4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2
SHA512

ff381bd5ce7aef733c9ce9fcac0bcf3c9da106b09223c2904714bf4f7df334280ebf4792c279bea32cdafd896d5d95f28cbd6fc18a7d56c4fe77b63438fd6c70
SSDEEP

24576:WgZNRxRm9PQBwV418TeWyavVb5AudHRhItGsePtjDZeMizZBx7j:WgHRW9P0wCWy2auFRhIP6pkd7j

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 5 IoCs

Processes:

TempBr0.exesetup.exesetup.exesetup.exesetup.exe

pid process

2484 TempBr0.exe
2356 setup.exe
1860 setup.exe
1740 setup.exe
3776 setup.exe
Loads dropped DLL 2 IoCs

Processes:

EcosiaInstaller.exe

pid process

332 EcosiaInstaller.exe
332 EcosiaInstaller.exe

pid	process
2484	TempBr0.exe
2356	setup.exe
1860	setup.exe
1740	setup.exe
3776	setup.exe

pid	process
332	EcosiaInstaller.exe
332	EcosiaInstaller.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe"	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 6 IoCs

Processes:

setup.exesetup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	setup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

TempBr0.exe

description pid process

Token: 33 2484 TempBr0.exe
Token: SeIncBasePriorityPrivilege 2484 TempBr0.exe

description	pid	process
Token: 33	2484	TempBr0.exe
Token: SeIncBasePriorityPrivilege	2484	TempBr0.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

EcosiaInstaller.exeTempBr0.exesetup.exesetup.exe

description	pid	process	target process
PID 332 wrote to memory of 2484	332	EcosiaInstaller.exe	TempBr0.exe
PID 332 wrote to memory of 2484	332	EcosiaInstaller.exe	TempBr0.exe
PID 2484 wrote to memory of 2356	2484	TempBr0.exe	setup.exe
PID 2484 wrote to memory of 2356	2484	TempBr0.exe	setup.exe
PID 2356 wrote to memory of 1860	2356	setup.exe	setup.exe
PID 2356 wrote to memory of 1860	2356	setup.exe	setup.exe
PID 2356 wrote to memory of 1740	2356	setup.exe	setup.exe
PID 2356 wrote to memory of 1740	2356	setup.exe	setup.exe
PID 1740 wrote to memory of 3776	1740	setup.exe	setup.exe
PID 1740 wrote to memory of 3776	1740	setup.exe	setup.exe

C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:332

C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2484

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_2E2B8.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\CR_2E2B8.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\TempBr\CR_2E2B8.tmp\CHROME.PACKED.7Z"
3⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2356

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_2E2B8.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_2E2B8.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff70f4eeaf0,0x7ff70f4eeafc,0x7ff70f4eeb08
4⤵
- Executes dropped EXE
PID:1860

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_2E2B8.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\CR_2E2B8.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1740

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_2E2B8.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_2E2B8.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ff70f4eeaf0,0x7ff70f4eeafc,0x7ff70f4eeb08
5⤵
- Executes dropped EXE
PID:3776

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --from-installer
4⤵
PID:5008

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffa0596bc40,0x7ffa0596bc4c,0x7ffa0596bc58
5⤵
PID:2408

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x138,0x13c,0x140,0xc4,0x144,0x7ff657fc6340,0x7ff657fc634c,0x7ff657fc6358
6⤵
PID:3224

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2064,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:2
5⤵
PID:4508

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=1720,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:3
5⤵
PID:1480

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2056,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=2556 /prefetch:8
5⤵
PID:1556

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3236,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=3308 /prefetch:1
5⤵
PID:3376

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:1
5⤵
PID:2592

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3548,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:2
5⤵
PID:5256

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4984,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:1
5⤵
PID:5836

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:8
5⤵
PID:5908

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5304,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:8
5⤵
PID:3696

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5400,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:8
5⤵
PID:5456

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5484,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8
5⤵
PID:5540

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5492,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
5⤵
PID:5304

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5812,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:8
5⤵
PID:5792

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5616,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8
5⤵
PID:5020

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5348,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=4168 /prefetch:8
5⤵
PID:6096

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5296,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
5⤵
PID:4512

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5904,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5900 /prefetch:8
5⤵
PID:5188

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3300,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=2128 /prefetch:8
5⤵
PID:5316

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5180,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:8
5⤵
PID:5348

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5192,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:8
5⤵
PID:5380

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5480,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:8
5⤵
PID:6016

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:8
5⤵
PID:6128

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6400,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=6520 /prefetch:8
5⤵
PID:5388

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6508,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8
5⤵
PID:5788

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5624,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:2
5⤵
PID:5580

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6620,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:2
5⤵
PID:5532

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5060,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5948 /prefetch:2
5⤵
PID:5240

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5536,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
5⤵
PID:3696

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6560,i,15307249114623710286,9873220587913888401,262144 --variations-seed-version --mojo-platform-channel-handle=5772 /prefetch:8
5⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:2164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5276

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:2760

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
3.6MB

MD5
ceb415e9316f5ce5e561a8c9fd33ed7e

SHA1
09484f3438b83934df1007e8329bccee6f227e9a

SHA256
10386f5a9000bf036196f19733e6080c777f236afae3632ee940d1524c877205

SHA512
549161946800a2f9d68c978964fb623d6ed21c6a6c1bb7b559cf85cc28d0e14f87159186f40739c004fa6f68ca611b5af4837d3ebbd816d1372a9de90e85abbc

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
8.0MB

MD5
c7538cd02843db6a2d6fe77db29c03db

SHA1
23f8cae62cd172cc86d6a6f81b27b7fea3af421f

SHA256
b961846951edbec7f69e794a82286c36fe0ae58bf80cc0547047e219e55daa42

SHA512
85bcf7349c6a4f81410a346a012d473e512439fc042cd2c23192efdb20b1c00cb81488f9a5180d83a275640816f95a700b62cadc78547a9a1025b72cc5438fc8

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
7.7MB

MD5
c4267f3dd6ba95e7c0ec43813a96f202

SHA1
a141865c50fdef89b9a215a2b069f215d8691eea

SHA256
4a3ac9c6b1ab29c8497bcc90ce99933d453f45c7dac8e624e122517837605464

SHA512
00f1450378bb58a443c69b685098ac8be1f6c5ea3c3640d60e77bceb60a90298d207bc16b96a537432ba013f548068ef5c074dd46167e4b342bebadb0e602362

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
5.5MB

MD5
b76adac64d9f9aef092c5ae3c2d98c37

SHA1
0a451b1aa0d9405acf21fe7156f58930d5a5afc7

SHA256
f412ae3443f27ed35e50e3ef860804afa81daa607017b0956b8e2b4eec5960bb

SHA512
20cb467d79a402239a22faba14e85e905b3e80febfc6cdc7ba3cde3a261320e9c9ed5e4d7c061d7be401b35297313616d6e1c94e9126e19712677c27dbeeea52

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
5.8MB

MD5
cada02e1b70c28734b54f19870aabe3c

SHA1
1efea3870b308c61009a9a9ceff0afc4f1842502

SHA256
fdcbc6b3633b067c91d05d657dfcffdfaa09c2be1821d9fbad81d6c381a19594

SHA512
acccdd660d33c7d08f29082e1b4cbcb599ceea91db523c1be0424b855d31b275bbfb82bf026af2f838e936baeaa78467d4092b5ec88e9b7a212cf60f0a173b9c

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
2.7MB

MD5
c94e184928537e9b2784d8127c6847d2

SHA1
85283fe8a628bca31beef96193c3ecf26edec227

SHA256
e807d8849c040fdebee1963645fc238f665ba492f5b096e79a89d2e7d4cb1f49

SHA512
cd140de3ba3d0c6e4839af353c1901c766a19924c50c02c671fb423e778c8e5d75532e0b0d843f3df61ad6a737c0242563fc3e282b881bc25f986120f113d37c

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
3.6MB

MD5
e9c1723774ecc6d535cdc68f0534a557

SHA1
ab1c0f4e6c16ced173a5d48e2b48a7c3326fbc63

SHA256
03b825d66e54ce5e1025b4a57002737de5fda73fc82ac9ae99bb13b215b649a6

SHA512
c3f7895a262597ed06e6becc59c3700109b3814a9dca2f773d0ff1fd58c2c70c6ba8dd7cfbf86badf9b09ef89bc51ebabce129fdf03027a60e4afff207ea06d2

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
2.1MB

MD5
08a0d581f865c274cb5621dc7985245a

SHA1
ffbc2e297bc7f6935e6fe037d18646bcd37b3e17

SHA256
5f461e3db95b6aa4fc7aa1a4e94de43e147d34f76c5b96ee59a1c47177f5245d

SHA512
4063f8025692cfb06f0c8fcf8332970feeef6014a00395bec246d1d4ef70f32a5e949abf0347bff717e188f245e02a75689e5ce42f49dee5205ca26ac409e182

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
2.2MB

MD5
a35c87310e55861cb4a4605532ccf5ba

SHA1
081042649c186e1cb846fc4cc2af884de1654ccb

SHA256
a648b1646b2c13514992a93d398bf67f624f47ae752943d58b27ceb7a1c3a438

SHA512
209062ed60c575e8b7f87bb819fe586122e5bc6bb9e6d65a2c963657aa5825c8535f5886a4e65a0696c83d534c60babc9319023b03a9eb2817972f9e1dcf98d4

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
10.7MB

MD5
c6c5b8a8b1415f195fbdbe772b736184

SHA1
9f4f4c32b0695044fcb7eb1cc074b9160ada01bd

SHA256
f8e7d24d22a089aa86bea048ece7c4fcfff64190463e1336483491a1522a0ada

SHA512
dcfcbf491dc4323b6ce33f41b110cc3070019b6bb6c01da49c939a0ccb51a117b86c9e5bb93b0055bcc78e0dc24bf0ad8ae982f6abc3562b04cbad306375bd4f

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome_elf.dll
Filesize
1.2MB

MD5
ae0d60cfb1c9328269688e1baa88a943

SHA1
f7de751e5d9e5049f85d0ad88ab69d18be1b7d5e

SHA256
4bcabd79410e1f09555fce0851548066e8e720f54790c3d761d06925b2766641

SHA512
19222280c38602750b02998d790dfe648d2be88334a95bd6d553d189d702b5102166827a5d5ab25a55c19fb788362fc3b3011b054951b0a62a7fe60a0c7e9873

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\d3dcompiler_47.dll
Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\dxcompiler.dll
Filesize
6.7MB

MD5
5a5bb88d9991862139f8a5b40389e37c

SHA1
1426f4674f233d7e20c062d8100d390716ac5050

SHA256
56df7156452742611696df1dd74a3c21025b0427c828ba18a02ec5f8def5ba1a

SHA512
e342be1bda91ff6ea229b67f1190c6d5e9e15d893044cf07530e39e9fbff699f6902aeb005fdec4b9b3d68c1756bb5e9c446e9840c97b5ef0cbef3a4afc16ca5

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\dxil.dll
Filesize
1.4MB

MD5
cb72bef6ce55aa7c9e3a09bd105dca33

SHA1
d48336e1c8215ccf71a758f2ff7e5913342ea229

SHA256
47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

SHA512
c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\libEGL.dll
Filesize
470KB

MD5
3256b6aa8cf471075fa54a3f55226e4e

SHA1
c048b56d0b9955ca3d7a247755bdde3ccdc72aba

SHA256
77554d8f11ed4a59543d014de3253fbcf28e6b5cef8a00e1d0ff0cc5f168ce96

SHA512
8f8c3a42982c90e614141dbf348e64f5acd3dc81072f81fcf946655f3522e4d60f0e2fbe74b17e2933182f15619bb53207085a6628513e33c265c67b09fe8b57

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\libGLESv2.dll
Filesize
7.3MB

MD5
901a2a0be2869a84460058e15bc59844

SHA1
c42eb917dede03bdb6f9f807e2180d15caddf06d

SHA256
57bab60884711ea370f989ad7588698d3e2c23348297c3f309e64b97d532d673

SHA512
802fcd9711478015e9bb2747f1716c83aec29598933d604fcdcf769ac432525cfd648923ce763ceaf6ee04256fede439bfbecc565eb7ffb5f81450f642f703d3

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\vk_swiftshader.dll
Filesize
4.9MB

MD5
63d04aae53e03e41a7d82f8431cc14f9

SHA1
1ee414e09abd9323b0250602342ff917607c8b7d

SHA256
bbd5f144433b75fe0580b299b20ff743a0d21d93897375a75d8ad8a59b22608e

SHA512
bac53a3b87f63604a98490fa4e2d921da5baa759574e76362115f49d67d31cd59bacb7cb8035a7cbbbda3267b6e195e6e2904f3b99b9a50d3fbd9ef928bca90b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\SetupMetrics\20240423053431.pma
Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\SetupMetrics\20240423053431.pma
Filesize
2KB

MD5
0baafe08ba8620064f511dcdafe073f7

SHA1
b78af041a02a8173c673bc2e5258910040bb321c

SHA256
7f81eab14c5e63a790590bc9bc6905eee5764cb0007394f89d0a4cc9ed688943

SHA512
b653e0e20323bc3bddf4ae6d0d8900e48eb9b460b0b643c5d202c8e1dad6615b94c756995195dc504f2298f77c97ee8785a062ed742679835cb1163f14a92b10

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
Filesize
1.9MB

MD5
ac3cbbb507a72ee9c3d616384cbca8b0

SHA1
ce244ae62391cd4a396a1d03b39a6674bce1e6f8

SHA256
07c285d05a85978154772b41240e8cd0927d57ddc424e423e6525d0fc0f48f8e

SHA512
f1a6fb04257342cf99b36eafa863194e89af31456b3454d8857615b79973b95b93cad70e9d68117be7cca2121791051d7083fa5cf4c773a9784e5241bc64dcdf

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
Filesize
1.2MB

MD5
f1a012b12bd4204206fc8053f96a16e4

SHA1
6ba547596902d0ac1949a7cfb4b5e29a8f6d6e7a

SHA256
33ff318c719c7745b60d0bce4408869332e3aabbb2a4a8371b43968c6d609f1d

SHA512
74bd64b91f234470b8d6be0f0791e8f62807f493f9c47c7f61719ab267baa7afb8fa0cfb75ecb321b5ca516f4e5987d5beccd927e0179e21388fe414b0e1349e

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
Filesize
2.4MB

MD5
fb5581a14f52e14086ee997273198788

SHA1
ab92a654b218a630d0306279490121cc26abdbce

SHA256
be6b12e03b36e586a1abb5fdd7f69928e4e1a1c85fce9f2ccdd0358232131c2d

SHA512
6d6534a74b6d875756e2f1919f346b0e8c93449920b03aac96b2844b3f1d363488a529f214b707c9730553fddd5002b85f077cb1d5d949f7fecdfb60ac459bc9

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
8e117d7eb4d3b0944c7bdee15dacb324

SHA1
d22a5d0a9443ebea8b46d88e0aafe90e4acd69fc

SHA256
a21af1136602331141ea6715da775f53fec67a48c7a4c491b45d2140a6ed0b68

SHA512
206823007ea364ba66170152a318ae85bdb22196e5e4cefdb39ffcf83ee3285be444c3c28d4899930c231a46b7949393a7eef0fb8f7caf4c5447fdcfafe8ec4e

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59a927.TMP
Filesize
48B

MD5
4b94dde2b03b4a18ca1a1784a6544b1a

SHA1
4f796225d82cf3309076ed978a8e8fe374573953

SHA256
fa1d6f54a6901ccb00331658d94eec6af7622db9a011820a3f673fb38b7cce6d

SHA512
e5e79cb6b4ea567baf6daca6332240d573d7ee49347377ca6ea047358d470d6a92f9b8e40fb026df406c63bdf1a0d917ecf1010dadb59bfa30bc0e5e1381f63f

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extension Rules\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\TransportSecurity
Filesize
1023B

MD5
81cbf68ce939f7b4bf737bffd36c55dc

SHA1
5eb53dd654e095c0f96e888b228cb9e52c2ec323

SHA256
f617795fcb4b913a4afa1336de80e85837d3fe323d482c46c8d4d57f265abb9f

SHA512
5205210b733d0ad46d8794210093f7af3f17caa2f9cf437ab36f2ffcb9de25b6565be8ded400b1d3fefcc20dfc2ba236588bd272e106dc87b2a8e9ed75d89ab9

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\TransportSecurity~RFe598469.TMP
Filesize
856B

MD5
51591342ebc6ceb3a393c1a41d9fab42

SHA1
491973aaacfb79ef0351fa06e5b5073b179afa5d

SHA256
5ec3b1d04f10c04351ecd4cf3648c190e61dc18bc6eeb7b90208b480b7aed62e

SHA512
3042973e7b77304c2a0d19ad26962107cc85c33514629534011dd5a537792104db3985ab4aebcd45e005c2dc0edda640914722e2909f4c2da7136603d7be6d5b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\d4a70ae1-7a2a-4eec-ad24-b7251e88de37.tmp
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
8f8a8f8a6bc04187c6b22b9dc5ed546c

SHA1
ded8a6470d8c9380b37385dccaf345c0b2da5d81

SHA256
b4b4a82a8577f197fe295e8aaded367c92eccfb4915c05e145408009756f3414

SHA512
17d057e9f023bd94098d58df02dead40fb4273c5860ce5d51ccedda97f2ad380c3ab777727e37520bb17f057ff350d37bd5d194733f304bb332209dab7f9bcea

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
2ea3c589d2dea7687b75d187e43f1da2

SHA1
87377db0baf96cf9828c6872b34a34e0314cb97e

SHA256
4699b7824e086067a8da867affbdbe208dcaa60cffe247f175aa87b96ce1d438

SHA512
08130fc451067424cf041c92baf605417392fdbd9e85fc24b824103b11acb92b80be4ab455119623a45138295c38d219499099cabba92edeeeba3499d32bd190

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
db5c8d12fbe8aecced6f61b72dd63e2c

SHA1
73cd3b08c1b06b89f05281c9100a6d7b7d3ce096

SHA256
cc1fc21be0ac8423e903c671544266d720a58de9c6e7306375fb17c71e62adfe

SHA512
8ee2f91f32b5b484c8600e9d9ba71a5b63162a6c2965ed91f8f003a56b63ded260c2ce3b36b0d4c7559e3d69da55f3459f37c86bed65e53f22526c392e7b3da3

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
8dde270d20fef06bad8b2e4f516ef3ac

SHA1
8ee7ccd75e1a5614d10738a5fe0b7e125d4732ec

SHA256
41405ae2299f179a0d883a8a3421951a1b4cb06ef7e29e27070f3a429dfec198

SHA512
b40ff908b19792cc77db37506e8c6caef81bb0b2bf22758e2aabce7f5df10e6d4b277d5ea6f52d759ef7b397307a7ba1e2a739b82641787805d4515f4cb53e80

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences~RFe593dbb.TMP
Filesize
5KB

MD5
34ab51717c8e03b2c145217059aecb49

SHA1
24855a5983d798733ae08d32127ab385834d9b6c

SHA256
3446a9dcad3c7680b34d5d2d2e1b5d570c99f339096481e3478da8c53cf7c53b

SHA512
1fb374c1b5234484d82d2b21360a7e786edf559198911edaf0d5a885d5ff63715b3d433909a51ccd86b66038c65720d39c1d1ef88bca37d4c1d2c7ff8a935180

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Secure Preferences
Filesize
6KB

MD5
11ca019c7db944b36782d82261bc2993

SHA1
204a99a1cf2c4bb28335bdd34f457b375d8d564c

SHA256
19612cdfd285823f8142f34aafc9c16cdce6987cbe344541b9811b80d717a26c

SHA512
34ce84d1f6e99878fe00bd299c145311603581d8e149b275f366dc220b7799c7404cfaf7f4bf9665d9b335b37e9c357a03a232d38083a878ebda2a5b5cc2e910

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Secure Preferences
Filesize
17KB

MD5
b596a071b4188cecf0a875e7de6641b1

SHA1
6132e0ff079527d953cb35f89d02f912895847af

SHA256
ab53f01efd2f62a156a898eb9604297e017ebf1c8a49de3d903b4f8d29d78325

SHA512
2124ae9416421ad1309fe08923d4c11753a75e100f0498f8336dfb3eae683f18403753e6712c89d5600c64b21177279a541f513b01e47d7ad940ccc48ebcdfdc

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Secure Preferences~RFe5954ec.TMP
Filesize
6KB

MD5
9d4b87430ddfbbaba0e9aebb4ead06eb

SHA1
30316d633fc9229012ac39588808eec668dc27f9

SHA256
538be2da98b0cfbb9b5b906e169efca7391fcd0f47ebe27abbd45499f930ff75

SHA512
e44d4d061856589e3bdb6acbd50e45bc7684855009ba8841a9f82ce0910b18bd4f473d489e74a0e6d5b42b62a3bfd32022e5aa0080b688e67b0752629054c451

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
360B

MD5
458a5480f00e78ec067e41dd97f631d0

SHA1
764af794c825f13ace23db79e032c83ab94ea94a

SHA256
58cc36e170c1bcc16217bd638b44763439a502539a76a3a2ce06b660a52dbc40

SHA512
7475998d7441b80c95de29274722efcf48ddab4a9a445384462d89cc419911320f3a7353416551cd9fae30fd053dea2f1a92b87917bfc90c1906068efc11511b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59ad7c.TMP
Filesize
72B

MD5
e3b6e7d7895b26d52b2bda376ef3b1bc

SHA1
b0843c549a7c1019bf0482bc1e26b8928a809c07

SHA256
06057a636f61733c09ff36c995afe3b2121aaa169deaa3227702a67f5c9c5e78

SHA512
adb1e17cfa77b689b0ca0b8a38f615a3881bc93f2221cf0918472ddf17412a5c72d996e936b8fbb26d4f5470bad92dfd8ff798e3284b1f4f10cb8aff4d3dc369

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\e75ccc97-ac3a-4f35-ba05-d2cf66fd627b.tmp
Filesize
154KB

MD5
d36d18f82847cdf716f8d181db1afbbc

SHA1
e820b54eb4a66ed95e7c9bd385de13de682e3f21

SHA256
5d7adf329a38ce56fc02fbbe56456e37875c79c57e109812bd64229dd6de9192

SHA512
d1f471340f9dfa84aa084e2980dfbcaf6483e40235cb923e1abadd5f655423cdc443799f7e5a37302eea88c8cb284bdeca33a80931899141031fdd3e50e4911f

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
5KB

MD5
30019e094569b5241851beb9fc2c560a

SHA1
ac64ea40ef1d70c3c8dd66f00bade8060eafe336

SHA256
8fa67a7b8c894f28c2686d390801fa8bca19d3beef41527ed713f88ac336f536

SHA512
0726cf31c70a2cd34dacaf9ec4f109f2ab7f0234014c08061bb6b4f7389a5b2ce21eb78514d8a6a8b58f2fe2130d6b0c780f8ddfa85cf60c6a93549f03e0af13

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
2KB

MD5
3cff9c53e70d8ee67c19157350fb5b51

SHA1
dc99e7093d98b735ccaeda12f2c52ca134404602

SHA256
f257db0ca256c2b84dda5fb6ad7bd75601503824ec7be25972edc23c502599c8

SHA512
0421082f247f18c580c49994e79b6e68411cd72b94f19b0153f77bd8141d9296ffe454c769baf7ae225a702a05f7fb340f6460c8fab87a2f52a02b9d20dd9906

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
2KB

MD5
1033f4220b6e62b20c18e7f58737ada8

SHA1
9f9cbcd8edc93efbb12df18f3e71c1bce6af2e33

SHA256
2c253eb881e7d5d85f1d64a97fb8459ff4ca8ea87b7976d6f9b6d7f7800656be

SHA512
13b3deb72ad64efe91fbc4db16dfe9e57c70057eda1df23fc87db9031d5e9b57c57980006c92edcf62b3360f69b975a0b619d3b7b406f98a85ecc41597540efc

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State~RFe58ff6a.TMP
Filesize
977B

MD5
de0049f5a895214a74e534c6007e0b9b

SHA1
460aca2f68fa7a691d1c5ba14984bbcdcf3da59a

SHA256
09abc535003cc62911f438f6f91e09ef8bd27b7e0cbc2053b09b7ca161fa6ea6

SHA512
5633a5da8d5fef5b27896abad810509a2cd1b4d7a05e272a5f946a69aa032c489f66cbda3374a49ec44f740472d084cfd693c741b43c676e09188bcb9aa8fd77

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_2E2B8.tmp\CHROME.PACKED.7Z
Filesize
34.1MB

MD5
9064fd1362dabe15b9ef12af6f9ca27e

SHA1
685dfcf13405650514d921ec0a84836d5cdfc4d6

SHA256
2c997f9a10679fa3a8ea919f627b6eaa25ef2f0ac13a85b2d242c92e2b3c2c13

SHA512
a66b12d572b1b62b5cd7d8e4f02790716bab82b4798b6c11682fd6778b0d729dd409bbaa944b92393747d3297011e4906555d99f7096f1d7f1824a2ac72e61f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_2E2B8.tmp\setup.exe
Filesize
2.6MB

MD5
ffb2b92410a8d4808aa425d72acfaa0d

SHA1
a3dda22a3dd64ae4a70c976bad73babad4cd78c9

SHA256
8ae46d3c371e7835c5998d1e1d8a5665f45fa567dfe5e19461c01dd68d9bb26e

SHA512
946e1b9d8dccdd655b69aabae2597620a30ecee3aa5df40190ab39574a5f1b39e7b687d920867f04e5e051d3c6c0c551a092fc09cef24e190fc8c12ea0953b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe
Filesize
84.0MB

MD5
fd318a65772876a2fcfc494ce52f6612

SHA1
332fc7b76bd9af5f2426e750186f10ccd0f1660e

SHA256
01f828958f1848108cd7fa9861d67a94edf51f790016686d0f794d639a973273

SHA512
5425c66574dc134fac3faf8e7ef65a174f2813221f9f361a6f0eb0513b1d257202e00e4db97583b5b5d57557c7e4c6d9ab2f38cfeaef4f082f605a45e28021e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe
Filesize
86.4MB

MD5
c88e3428cf740a8b501b95748fb9d359

SHA1
f57f79e01cf64086720a42d55e3c5850382dbbce

SHA256
bcf4725ab168b4c13d76470f450ab29bff19043f6c24b4da66feec9a102f98da

SHA512
70048ff2985d236a2f8f380682ab45dda32426c0e007207e04042a431d28e7f64f70019fdc3657443acdb7f46817a29238bacf50d40f0e86f6b5c5fd7e293c3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d0c73d24-26d5-4b6e-bc20-1d20a92320bc.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf4A1.tmp\MainModule.dll
Filesize
3.6MB

MD5
c5f78d7f3df8b816ef881d342f6e9520

SHA1
251a4bc26a697e4641483ce7a3ac694874d7be52

SHA256
b0c4e04590f521358d7e3cf5201ffc551b6cbd7182a6e8229e94f47105c71822

SHA512
c9af575cde74c1520ebd49df15116d4165e9c5314cc4c402463388552ee35768ddc31d8a3f38ab2488357e7fc112666e02c1c6ac6c9f4b6eeba787afcafaa2cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsf4A1.tmp\System.dll
Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ecosia Browser.lnk
Filesize
2KB

MD5
a8bf559eb71b4f61dbcd499bfc400089

SHA1
03198a34dbfc131652fa62b7d4e8c5e3d68c0d51

SHA256
f53b092057b10d52075c0c898742de0eba7cd018c24dbfe1c9e1194dcd19f826

SHA512
7ae9057fa0251a1ea4e28fcea2b6f10dd301c608311143759a27c534335e8c9c6b4c9571f4c0281a9c8b347f956e9625f9a28bbbc7657d46ba14246fc2423b18

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ecosia Browser.lnk
Filesize
2KB

MD5
bec2308d9ff76323cadcb08f092979aa

SHA1
fccd5cace549281937e988c4e2d2846f2f230ac9

SHA256
8cc48a72c8d84b71101259e3ac0b0fb141fb7f032f1e80c05ff60ffeb7782b5d

SHA512
e1de06895f97248aceaad3d90181cd23895ac6d2056e1a0d351533b2d4be64e6d85c8161809b5859eb58f3b04fbe1733ae58106449707a618bc0c617efeabeb8

Download Submit
\??\pipe\crashpad_5008_MKTPLOFHIVRBZGTP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1556-122-0x00007FFA23F90000-0x00007FFA23F91000-memory.dmp

Filesize
4KB

Download
memory/1556-121-0x00007FFA24F20000-0x00007FFA24F21000-memory.dmp

Filesize
4KB

Download
memory/5008-260-0x000001F6046E0000-0x000001F604E09000-memory.dmp

Filesize
7.2MB

Download