4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2

Resubmissions

26-04-2024 08:52

240426-ks7zdada7x 7

24-04-2024 15:31

240424-sx28pace5y 8

23-04-2024 05:33

240423-f814jsdf8z 8

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
26-04-2024 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EcosiaInstaller.exe
Size

1.0MB
MD5

ead03cdd9d3398c50ffd82d1f1021d53
SHA1

24b37f404d510f4eb7807dd89de20e936fc18190
SHA256

4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2
SHA512

ff381bd5ce7aef733c9ce9fcac0bcf3c9da106b09223c2904714bf4f7df334280ebf4792c279bea32cdafd896d5d95f28cbd6fc18a7d56c4fe77b63438fd6c70
SSDEEP

24576:WgZNRxRm9PQBwV418TeWyavVb5AudHRhItGsePtjDZeMizZBx7j:WgHRW9P0wCWy2auFRhIP6pkd7j

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 40 IoCs

Processes:

TempBr0.exesetup.exesetup.exesetup.exesetup.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exe

pid	process
3424	TempBr0.exe
4032	setup.exe
1924	setup.exe
2000	setup.exe
1028	setup.exe
4596	ecosiabrowser.exe
4404	ecosiabrowser.exe
1216	ecosiabrowser.exe
1956	ecosiabrowser.exe
3028	ecosiabrowser.exe
3560	ecosiabrowser.exe
2404	ecosiabrowser.exe
4668	ecosiabrowser.exe
3124	ecosiabrowser.exe
1008	ecosiabrowser.exe
1944	ecosiabrowser.exe
2144	ecosiabrowser.exe
2276	ecosiabrowser.exe
3048	ecosiabrowser.exe
4192	ecosiabrowser.exe
2388	ecosiabrowser.exe
4664	ecosiabrowser.exe
4780	ecosiabrowser.exe
2484	ecosiabrowser.exe
2448	ecosiabrowser.exe
3648	ecosiabrowser.exe
4476	ecosiabrowser.exe
2636	ecosiabrowser.exe
4444	ecosiabrowser.exe
1804	ecosiabrowser.exe
3912	ecosiabrowser.exe
2208	ecosiabrowser.exe
5160	ecosiabrowser.exe
5444	ecosiabrowser.exe
5904	ecosiabrowser.exe
5856	ecosiabrowser.exe
5656	ecosiabrowser.exe
5776	ecosiabrowser.exe
5436	ecosiabrowser.exe
3880	ecosiabrowser.exe

Loads dropped DLL 64 IoCs

Processes:

EcosiaInstaller.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exe

pid	process
1032	EcosiaInstaller.exe
1032	EcosiaInstaller.exe
4596	ecosiabrowser.exe
4404	ecosiabrowser.exe
1216	ecosiabrowser.exe
4596	ecosiabrowser.exe
1956	ecosiabrowser.exe
1956	ecosiabrowser.exe
3028	ecosiabrowser.exe
1956	ecosiabrowser.exe
1956	ecosiabrowser.exe
1956	ecosiabrowser.exe
3028	ecosiabrowser.exe
3560	ecosiabrowser.exe
1956	ecosiabrowser.exe
1956	ecosiabrowser.exe
1956	ecosiabrowser.exe
3560	ecosiabrowser.exe
2404	ecosiabrowser.exe
2404	ecosiabrowser.exe
4668	ecosiabrowser.exe
3124	ecosiabrowser.exe
3124	ecosiabrowser.exe
4668	ecosiabrowser.exe
1008	ecosiabrowser.exe
1008	ecosiabrowser.exe
1944	ecosiabrowser.exe
1944	ecosiabrowser.exe
2144	ecosiabrowser.exe
2144	ecosiabrowser.exe
2276	ecosiabrowser.exe
2276	ecosiabrowser.exe
3048	ecosiabrowser.exe
3048	ecosiabrowser.exe
4192	ecosiabrowser.exe
4192	ecosiabrowser.exe
2388	ecosiabrowser.exe
2388	ecosiabrowser.exe
4664	ecosiabrowser.exe
4664	ecosiabrowser.exe
4780	ecosiabrowser.exe
4780	ecosiabrowser.exe
2484	ecosiabrowser.exe
2484	ecosiabrowser.exe
2448	ecosiabrowser.exe
2448	ecosiabrowser.exe
3648	ecosiabrowser.exe
3648	ecosiabrowser.exe
4476	ecosiabrowser.exe
4476	ecosiabrowser.exe
2636	ecosiabrowser.exe
2636	ecosiabrowser.exe
4444	ecosiabrowser.exe
4444	ecosiabrowser.exe
1804	ecosiabrowser.exe
1804	ecosiabrowser.exe
3912	ecosiabrowser.exe
3912	ecosiabrowser.exe
2208	ecosiabrowser.exe
2208	ecosiabrowser.exe
5160	ecosiabrowser.exe
5160	ecosiabrowser.exe
5444	ecosiabrowser.exe
5856	ecosiabrowser.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe"	setup.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

EcosiaInstaller.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000\Software\Microsoft\Windows\CurrentVersion\Run\ecosia_EcosiaBrowser = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\ecosiabrowser.exe\""	EcosiaInstaller.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ecosiabrowser.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	ecosiabrowser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	ecosiabrowser.exe

Drops file in Windows directory 64 IoCs

Processes:

ecosiabrowser.exe

description	ioc	process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\SN	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\IE	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\BZ	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\TM	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\SC	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\IS	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\BE	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\SY	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\MA	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\LY	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\FO	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\BA	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\ZW	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\NP	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\KW	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\CU	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\BY	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\BJ	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_218627719\_metadata\verified_contents.json	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\FI	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_1286820295\LICENSE	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\PG	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\MQ	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\KR	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\ET	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\CY	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\CW	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_1286820295\manifest.json	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\AT	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\MK	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\DZ	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\BG	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\MS	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\EG	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\EC	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\BH	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\MY	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\MF	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\HR	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\GH	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\GB	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\FR	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\ZM	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\PW	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\LC	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\KM	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_218627719\manifest.json	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\JO	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\KE	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\SJ	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\KH	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\ID	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\GW	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\EE	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\CH	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\SL	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\IN	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\GM	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\DJ	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\AG	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\MM	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\MH	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\HT	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\DM	ecosiabrowser.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

ecosiabrowser.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	ecosiabrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	ecosiabrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	ecosiabrowser.exe

Modifies data under HKEY_USERS 9 IoCs

Processes:

svchost.exeecosiabrowser.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\NGC	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	ecosiabrowser.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585952292512963"	ecosiabrowser.exe

Modifies registry class 45 IoCs

Processes:

setup.exesetup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\ = "Ecosia Browser HTML Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.shtml\OpenWithProgids\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.xhtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.xhtml\OpenWithProgids\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\ecosiabrowser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.htm	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.html\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.xht\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.pdf\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.svg\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.xhtml	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.webp\OpenWithProgids\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\ecosiabrowser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\Application\ApplicationName = "Ecosia Browser"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\Application\ApplicationCompany = "The Ecosia Browser Authors"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.pdf	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.svg	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.xht	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.webp	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\CLSID	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.html	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.html\OpenWithProgids\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.pdf\OpenWithProgids\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.shtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.webp\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\Application\AppUserModelId = "Ecosia Browser.FM4MBB4IYRTCZNS6OI7XOC2JMQ"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.htm\OpenWithProgids\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.svg\OpenWithProgids\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\ecosiabrowser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\Application\ApplicationDescription = "Access the Internet"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.xht\OpenWithProgids\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\AppUserModelId = "Ecosia Browser.FM4MBB4IYRTCZNS6OI7XOC2JMQ"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\EcosiaHTML.FM4MBB4IYRTCZNS6OI7XOC2JMQ\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.htm\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\.shtml	setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

ecosiabrowser.exe

pid process

4596 ecosiabrowser.exe
4596 ecosiabrowser.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

ecosiabrowser.exe

pid	process
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

TempBr0.exeecosiabrowser.exe

description	pid	process
Token: 33	3424	TempBr0.exe
Token: SeIncBasePriorityPrivilege	3424	TempBr0.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe
Token: SeShutdownPrivilege	4596	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	4596	ecosiabrowser.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

setup.exeecosiabrowser.exe

pid	process
2000	setup.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

ecosiabrowser.exe

pid	process
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe
4596	ecosiabrowser.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

EcosiaInstaller.exeTempBr0.exesetup.exesetup.exeecosiabrowser.exeecosiabrowser.exe

description	pid	process	target process
PID 1032 wrote to memory of 3424	1032	EcosiaInstaller.exe	TempBr0.exe
PID 1032 wrote to memory of 3424	1032	EcosiaInstaller.exe	TempBr0.exe
PID 3424 wrote to memory of 4032	3424	TempBr0.exe	setup.exe
PID 3424 wrote to memory of 4032	3424	TempBr0.exe	setup.exe
PID 4032 wrote to memory of 1924	4032	setup.exe	setup.exe
PID 4032 wrote to memory of 1924	4032	setup.exe	setup.exe
PID 4032 wrote to memory of 2000	4032	setup.exe	setup.exe
PID 4032 wrote to memory of 2000	4032	setup.exe	setup.exe
PID 2000 wrote to memory of 1028	2000	setup.exe	setup.exe
PID 2000 wrote to memory of 1028	2000	setup.exe	setup.exe
PID 4032 wrote to memory of 4596	4032	setup.exe	ecosiabrowser.exe
PID 4032 wrote to memory of 4596	4032	setup.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 4404	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 4404	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4404 wrote to memory of 1216	4404	ecosiabrowser.exe	ecosiabrowser.exe
PID 4404 wrote to memory of 1216	4404	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 1956	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3028	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3028	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe
PID 4596 wrote to memory of 3560	4596	ecosiabrowser.exe	ecosiabrowser.exe

C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1032

C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3424

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_DB71C.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\CR_DB71C.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\TempBr\CR_DB71C.tmp\CHROME.PACKED.7Z"
3⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4032

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_DB71C.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_DB71C.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff6b1aceaf0,0x7ff6b1aceafc,0x7ff6b1aceb08
4⤵
- Executes dropped EXE
PID:1924

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_DB71C.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\CR_DB71C.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2000

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_DB71C.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_DB71C.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff6b1aceaf0,0x7ff6b1aceafc,0x7ff6b1aceb08
5⤵
- Executes dropped EXE
PID:1028

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --from-installer
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4596

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc68e3bc40,0x7ffc68e3bc4c,0x7ffc68e3bc58
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4404

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x130,0x134,0x138,0x10c,0x13c,0x7ff6773d6340,0x7ff6773d634c,0x7ff6773d6358
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1216

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=1992 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1956

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=1772,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:3
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3028

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2056,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=2588 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3560

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=3236 /prefetch:1
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2404

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:1
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4668

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3796,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=4432 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3124

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4696,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:1
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1008

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3944,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1944

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2144

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5244,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2276

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3620,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5236 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3048

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5204,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4192

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5192,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2388

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5044,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4664

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4516,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4780

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5752,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2484

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5164 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2448

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5800,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3648

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5744,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5708 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4476

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6048,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2636

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6056,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=6176 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4444

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6064,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1804

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6480,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3912

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2208

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6600,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5160

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6700,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5444

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6860,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:2
5⤵
- Executes dropped EXE
PID:5904

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6724,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5856

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4436,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:8
5⤵
- Executes dropped EXE
PID:5656

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:8
5⤵
- Executes dropped EXE
PID:5776

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6728,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:8
5⤵
- Executes dropped EXE
PID:5436

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5892,i,7259427005739146050,15324812687271917492,262144 --variations-seed-version --mojo-platform-channel-handle=6832 /prefetch:8
5⤵
- Executes dropped EXE
PID:3880

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1904

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
- Modifies data under HKEY_USERS
PID:1376

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
220.2MB

MD5
362904601b4b33d63ca1bcf11dd140dc

SHA1
2f749221c61e40e754520b6064435b6826b175dd

SHA256
9ecc0d07f99cfef455eb360fbcd19eab5fff22a0f24fca3d0681be35598730bb

SHA512
bf64202fe7d096b7c47a3531f1030a0ba6958b960a1d22deb0cad08b0de369b76de850d1ce5fa9d318bb899333819b68f21ac1199cf344bed641e92456a82efd

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome_elf.dll
Filesize
1.2MB

MD5
ae0d60cfb1c9328269688e1baa88a943

SHA1
f7de751e5d9e5049f85d0ad88ab69d18be1b7d5e

SHA256
4bcabd79410e1f09555fce0851548066e8e720f54790c3d761d06925b2766641

SHA512
19222280c38602750b02998d790dfe648d2be88334a95bd6d553d189d702b5102166827a5d5ab25a55c19fb788362fc3b3011b054951b0a62a7fe60a0c7e9873

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\d3dcompiler_47.dll
Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\dxcompiler.dll
Filesize
20.9MB

MD5
150f0e3df0133148774ad54a42856603

SHA1
709d42b5a7f2251291c78225946022591d1aa37f

SHA256
ef457141e5ed3f7da23843abe149edfc490e70b6c11e0d9f5a4c2c56213e9e10

SHA512
457dbae0d312897a3c555cbdd0d14e27ab1b30e864a713636664a7fdaabf04dbab4d340d09cb354bb68777a2f43e6c45edd1a085c1babd14fc552ebacd13b548

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\dxil.dll
Filesize
1.4MB

MD5
cb72bef6ce55aa7c9e3a09bd105dca33

SHA1
d48336e1c8215ccf71a758f2ff7e5913342ea229

SHA256
47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

SHA512
c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\libEGL.dll
Filesize
470KB

MD5
3256b6aa8cf471075fa54a3f55226e4e

SHA1
c048b56d0b9955ca3d7a247755bdde3ccdc72aba

SHA256
77554d8f11ed4a59543d014de3253fbcf28e6b5cef8a00e1d0ff0cc5f168ce96

SHA512
8f8c3a42982c90e614141dbf348e64f5acd3dc81072f81fcf946655f3522e4d60f0e2fbe74b17e2933182f15619bb53207085a6628513e33c265c67b09fe8b57

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\libGLESv2.dll
Filesize
7.3MB

MD5
901a2a0be2869a84460058e15bc59844

SHA1
c42eb917dede03bdb6f9f807e2180d15caddf06d

SHA256
57bab60884711ea370f989ad7588698d3e2c23348297c3f309e64b97d532d673

SHA512
802fcd9711478015e9bb2747f1716c83aec29598933d604fcdcf769ac432525cfd648923ce763ceaf6ee04256fede439bfbecc565eb7ffb5f81450f642f703d3

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\vk_swiftshader.dll
Filesize
4.9MB

MD5
63d04aae53e03e41a7d82f8431cc14f9

SHA1
1ee414e09abd9323b0250602342ff917607c8b7d

SHA256
bbd5f144433b75fe0580b299b20ff743a0d21d93897375a75d8ad8a59b22608e

SHA512
bac53a3b87f63604a98490fa4e2d921da5baa759574e76362115f49d67d31cd59bacb7cb8035a7cbbbda3267b6e195e6e2904f3b99b9a50d3fbd9ef928bca90b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\SetupMetrics\20240426085340.pma
Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
Filesize
2.4MB

MD5
fb5581a14f52e14086ee997273198788

SHA1
ab92a654b218a630d0306279490121cc26abdbce

SHA256
be6b12e03b36e586a1abb5fdd7f69928e4e1a1c85fce9f2ccdd0358232131c2d

SHA512
6d6534a74b6d875756e2f1919f346b0e8c93449920b03aac96b2844b3f1d363488a529f214b707c9730553fddd5002b85f077cb1d5d949f7fecdfb60ac459bc9

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\CertificateRevocation\8705\crl-set
Filesize
21KB

MD5
558650379dadc0104aa9013023bd346f

SHA1
a9536d9605a466ab9dc0597a77653fca9877241b

SHA256
7c121217edb8946ac294e70ab4622d7fc802c17c424380e062e8acade37f8942

SHA512
c267ceb81ba342eca873a348cf4444de6a1602d46ab73167a0b9b5658012ba6021a232aa103bbbc70884344a1f60cc0a1814949cba6b8acd469708bc2b238596

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crowd Deny\2023.11.29.1201\Preload Data
Filesize
12KB

MD5
aa3ef996bce08a9c34fe513d078d1ee3

SHA1
21688d164d442d37fd5471e13b41b1d216f88d37

SHA256
09d2155be71880356a993fabacc2ce01f4fbab99497ec157b53a094b8927c039

SHA512
285c85ca55fa54a1a12c47909b8575e8388570a76f238dc75aedece12e58dc0a3fe15edeffc41af14bb7944a0682de76f0ee0d6502d15973f8d9b1c5b2f828bd

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\8a262d9b-e135-46ba-9222-ea835f4f6efb.tmp
Filesize
154KB

MD5
d36d18f82847cdf716f8d181db1afbbc

SHA1
e820b54eb4a66ed95e7c9bd385de13de682e3f21

SHA256
5d7adf329a38ce56fc02fbbe56456e37875c79c57e109812bd64229dd6de9192

SHA512
d1f471340f9dfa84aa084e2980dfbcaf6483e40235cb923e1abadd5f655423cdc443799f7e5a37302eea88c8cb284bdeca33a80931899141031fdd3e50e4911f

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
767f6e45098ad2d46e933f034f085019

SHA1
5ee7632c8e7a9703f62fed9bbbafef1ae33ade4e

SHA256
a13d5cb7dd275626dd649d557e799f4962d02d2d68dc12985c35698a5306b8cd

SHA512
ac353b095a6e9534206008f5ea251570edd865a72718a280124a0459c84a728ac516c1147806d648d2a540a0a3a2375a16442d9cad0fd226bcd0ffd9a936ed2c

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
7746f1e238d3982818d8de8a9f8fe522

SHA1
38522c3f2fdf7ffb60419ca743ce34059f3bfa35

SHA256
18fc3dfe5c896cdcf7660ff53d3a2ef7972ff42e4d6f08bfdaf6da0768a76f39

SHA512
6b1e5f9f8c6ca27e73b17c065422e339fd237a6e783dede72fbc9b53cb9c4ddd80c7647234d37894e782512f5cca07bb3bce627bd4821a6f2b07889344ba8408

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
6dcca14ae1fa6ef0a751db78104b05b0

SHA1
3b24372a3bbb7e6adc09fe5d835aaabe903e7eba

SHA256
ac9a5a2666c64e36a3c3279985b608cd16c6d92848ea05208762c0db3bde19db

SHA512
eda84fa3563d6ed3bdeaf00807a39aea2fc82a04e7177416f55801148e3af29357035a4cb5b7f92d01b01dc55d14c22e5b55833139b9892938f759de96a8e4fb

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\Network Persistent State~RFe58df01.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
f7a014adc5c76608a4f6b4175d9c0592

SHA1
b22c53245062b21f15aa79f888080806a4936729

SHA256
ec8f88b520c832f057696244a6379cd90f39fecf566418750c917eb5790592d1

SHA512
d2ad73a7188f0cdc34d8787072a726976732753af807de8b554b314b3d23c3e69a8bc179139a5ac4492ef6c893f16ec734027ef83ce3e6283c16db314a16ef8e

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
ae4bfd65baeb4c7064f854b962fa7987

SHA1
a1d4b428593584457c20512b2d2dbd7f132a3122

SHA256
3f1a3abb88e66d3dcf945ee4707b3e5e2ce5f3f39a7b37aa836f7f731bacda56

SHA512
4254a8f937723f9979a207e3f54559bf7cb3ecae90879fc2f11a9aaacdea6f470b29a3cc19dc591f3fd346cc8d071f404623d02ace05670fff36955225a0ef91

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
e49d7202bb68a6394bd572d3402174be

SHA1
7700a81fc927b184352e52531dcf80da96e1a43c

SHA256
74058f4ccb4bf1a331c2ab70ed15182c24c79ccbe0095582d1e14f4d2e381417

SHA512
c97d1aaa98e262aeddcd913803d696b2b5eebd93c6e8a509c7382577c9d767c825bf9ee0f1962a02574e04096259080568c872a4c6a6ffb24a2a9b03b39b3d2a

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
2756ca3623bd0694ba0ba5c95b4b5cd9

SHA1
3322697feefa69636a60168dcc8bc126acc3cbf8

SHA256
4968e390a4686553ee55c513e9e0a15cb77fe77ce486a212fa766aedea638200

SHA512
a51f680856ad36b0e249100730c7cc73bbc93799195843537448270ced4bb2cc8013c0d5e6ac3b04d518dea280c0dbfc2fd4fd9e7ed110f3c48a30d1c503605f

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
e533d734e13c0eba1a9d345bfc4fe329

SHA1
ad544a599579cce6be0fd2c90e14d5d99d9656bb

SHA256
a54834da6db60e577734a9406aac70e8592a48cafb529a0e910cef6bee9ea26e

SHA512
0d1c367e11d542a2c38121b42b6fe837c96ba66c74c1c6a6ce4addb2bb39cd20b0750314e2e34704fc12cc8abc87a1195c050968426b8b34b0ac83f816b9917a

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
2175212b9673985821fedc76ed06c44a

SHA1
2e8a5f933b6204650f3e40c0c3c257b12ddd0517

SHA256
8726876abf97448fff5e7c631e07ff4158412ab45dfcfd4f5131578be2310759

SHA512
1d466cd7e3e29ee6f4b78102e7b60f22200cb23e8c911da75807780c39a85dc9617334b5d3a91ba26d1291bc5423eb7b19e9b5e6a2c2f06afebccc5b1cf9b557

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences~RFe580848.TMP
Filesize
6KB

MD5
a99ec968dea7053ba915feed90a6575c

SHA1
ce9e6aa91d8d940292eec4ee083459a43a9fc934

SHA256
016ad4ccd26b76210fb5cc36da11f0a593e1c16920e515eb3983bbdfeafa71ea

SHA512
5bd4c3db83b5d7597cf388c3353f9fe96d68965195a3c605316428111ff6e9588b176073683c63b0345eae567d34c329e7f91d5b16d24b54684a28f28bd8da92

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Secure Preferences
Filesize
17KB

MD5
113ac338fe20df1f32f68e1ccf043b30

SHA1
7d6ac5bbd66674d8a0fc3bef422e5b08db2de36f

SHA256
dac39b1f2c8e0ba06073fd42d4f4e03ac110468e2fdd8f69ff567971850024c1

SHA512
a311e744d0839fce42725a7df1480e14d0d34010c8ed593dbf87ccd761f1ae249f70b20399497c9f6835e7ed7d980a3b402628e2d5d090bba79a3958d5d87dff

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Secure Preferences~RFe580829.TMP
Filesize
6KB

MD5
a46954c7369b1bd7f07fe4e9eaee283f

SHA1
9c2ad20962bc2685ced14bce336270679ad66fe6

SHA256
9df59a8fe613d316a74f354ae18aee7bb1dae09a38f9e463932e46befed8f693

SHA512
3f86fa69db30a21b959ca08506d5b839a8d055f4b80525b8dcfc07ecdd92ae9677217dc7d69370549e84eb1cf77465e0d9a49d36a5c23a70db9e99ef4829768b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
360B

MD5
f53f0b9de057c7f65b6551d9fa96a628

SHA1
67088241067a1a2cfc163b3e859b0d1481c73a9c

SHA256
d45884e3f53338749e680d846674c4f92fe319a5b6172c2453362a902bb3d57f

SHA512
9a0d5be27258c3bcf0d690e4fa7d16ed7826668d33eb19b2ff6a1f47f0995adbaa41df1ad50d9d55b9c5b970bca55a0f3d990e9c79c4dbb7c7dfeafa49a2c286

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58313c.TMP
Filesize
48B

MD5
865e594d867488d834f7c14913e9b086

SHA1
dc50818bb390e36419181ef4de846034e61a116c

SHA256
21c656569b1c58a81257149ad69b2223ca4b8c543b2fa5f680628aef9d26c505

SHA512
446ddac24a4a2a7973810d7e892f475634722e8601722e6c82be8965c5414a41c94549e6139b029a569cfdc6d0a7a14072c75031061652176b1571e85c3feee8

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
2KB

MD5
f102b05c0b73f74eff833b983cbe18b1

SHA1
75eaea8dab237c1d3336894d8844dd5ec92696a0

SHA256
a477873e762a3a19750cd47fd808ed8a44de5f023451465b8de65ba11af68928

SHA512
d8ef33e4177b8d3efc0ffc58580647c6c04c8d3737e3594c86ac4521c869f49c81e94acf497c9dde93f885457017371a8d195b2d9cd347724395261d3147f0dc

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
5KB

MD5
d0884beffbbfe3450e6acae085b58614

SHA1
7c725d502e4b0174e70602cf238b50e009f7fff6

SHA256
478e30e9ea359e8bdd94dac420ec18ebaf98f12e396da1a23c6a0bf903fff09f

SHA512
06a4dabe9487a78e772f841aff77409b528ef6ecd8a64b1b5bf4b77917db199a1e3cde186f81a19e2b581a1257a0e038217ebe44498bd9a68fd2de4344064840

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
5KB

MD5
e8771d351a7569f5dd3615da2a88eab4

SHA1
015c0524234aabb1cbb41eed185af6e706d12c8d

SHA256
95528642d983d485c9402509b385754c744c4030d7707fab442cf6ea592135e2

SHA512
65a6c80a716e947efb3a8dbf20592cb210c9a6a85d9986bd598694e8094683d40903c4579e3dda12115d9827a9c896a7859e81afa48213828244cdb753a63f7c

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
5KB

MD5
eddf2d9ad5c398a80058ab653485c408

SHA1
ffc60f66652ed7491d0694040fb42c5fac806a4d

SHA256
5eaa37f82e0e99c3e199ca662f2293a170a0279589e8c828d228955d71c14d1a

SHA512
4127fba6bc7a77ec292100ac13aa1a5c6e98c79efe4713219d3a1ddc4e346db641972c34b9e7a8d26c12784a741d32d1fd7745923b2284fc5ecea6e0a18e3595

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
6KB

MD5
b9274c939013a75fbd552d2093827913

SHA1
f5f9e0140e710e2277ae72ef1c37a1817f7e91e5

SHA256
4a59ddc79ad56022d11034f03f66d3376a88b50da70e1a603dbffb4ba3dd7f83

SHA512
a50f800628e4b9e23b9ed1ea759299936940b13cdc06f4f6103b360510811edd717cf5c641590167fec0ae022de700d6a2cea3ae6c0c1a3fa79c99c6e4abb9a4

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State~RFe57e00f.TMP
Filesize
977B

MD5
9db3a3b067982e4b2a76ef12722fa34e

SHA1
ba850d85791096c9a22249e75ce888aa65f7e840

SHA256
bd6251040650c048d44d0e36a43009118d531d08852b07a8e84b58c8961b36e2

SHA512
27fefbc62b5d424d5f4bde700098d9fdc2e6c7433fbdf51793ed645482a9718e39ae9f5cfc29f7071fcc200c05ff12ab56075c35413185c7d03aa95b4d533cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_DB71C.tmp\CHROME.PACKED.7Z
Filesize
101.8MB

MD5
e56344515ddf80497acc19b605ae9fd5

SHA1
914446864117c895641152f6d7fd68fcac613dc9

SHA256
57672708b14e2d7eab6682b1175b059e0aa1114dc4e3d58aa93a720d397c5e01

SHA512
c485197b7741b29dfe75df96998da2ad65551facd235f2ade5abbc271dcbbfd5038ffcb7d701a8b4a12e91263de48b1d569276171228fcce5f838ef2734b3abf

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_DB71C.tmp\setup.exe
Filesize
2.6MB

MD5
ffb2b92410a8d4808aa425d72acfaa0d

SHA1
a3dda22a3dd64ae4a70c976bad73babad4cd78c9

SHA256
8ae46d3c371e7835c5998d1e1d8a5665f45fa567dfe5e19461c01dd68d9bb26e

SHA512
946e1b9d8dccdd655b69aabae2597620a30ecee3aa5df40190ab39574a5f1b39e7b687d920867f04e5e051d3c6c0c551a092fc09cef24e190fc8c12ea0953b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe
Filesize
103.1MB

MD5
269e0fc2df6e318fc4dac1a488b6d69d

SHA1
698db85b18fffd7ecf422ec73b06a2f5ac58882f

SHA256
9f2b2ced98d689991995ec190394bed75571e9c3db9a7d98ffec61fe301c064b

SHA512
70120015b375e3eb71f587f64dcf28dbd9c7c768cd5084d463df725203eb715398c922589d6497495763fbd27990034b67a6cb7e4df030055f2c9173aa2cb791

Download Submit
C:\Users\Admin\AppData\Local\Temp\b19a42f5-2760-4c1d-900b-943049e188a0.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj3819.tmp\MainModule.dll
Filesize
3.6MB

MD5
c5f78d7f3df8b816ef881d342f6e9520

SHA1
251a4bc26a697e4641483ce7a3ac694874d7be52

SHA256
b0c4e04590f521358d7e3cf5201ffc551b6cbd7182a6e8229e94f47105c71822

SHA512
c9af575cde74c1520ebd49df15116d4165e9c5314cc4c402463388552ee35768ddc31d8a3f38ab2488357e7fc112666e02c1c6ac6c9f4b6eeba787afcafaa2cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj3819.tmp\System.dll
Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ecosia Browser.lnk
Filesize
2KB

MD5
c7d94216a210251b4df46250afdaa4bd

SHA1
ec1ebab3997c955ec08708f1220c9aba37f19c67

SHA256
e2bae2888a53af649ecdbd98a789cd6a25282e4df83a020e7ef406ca63b301d0

SHA512
3e0502d654d8e381b2ce387b89788578d292450c81b809f912dffb21da8ecada98252506f2e19e07f964c6a9d5655594039ced53670a285e82a5f1d7f4a9d38a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_1286820295\manifest.json
Filesize
93B

MD5
226e11b20ef6970a9162894a58b3a3d9

SHA1
6b392785c1a27fb67213abee896b44dc3727dbb0

SHA256
feeac03cd7912388692b7fab94c2b502741f9ad3d4dc40cdd5543cb9ffb03df1

SHA512
a77280c2414136dd6dbf786eb6bf34d64b03a22cfea7eb585e3fec2bb9493105b08c7094c47deae676f900c66bce74fb04b7d727652a01a9777b60170804cb4e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_349918108\manifest.json
Filesize
196B

MD5
898f5b3c1b9e44506bd7a511321440d6

SHA1
0096290f45fe065bf6ee65e535cf5b2ce6949276

SHA256
9d00037ba16af20e96e2afc34f260f0e51183904c8adfbb0c2fa96ddc7a16f81

SHA512
0cf4ad588afc6df659809325f582f64aaaf1ee3661893dd76209ce3036ac553518ee007666faf7c08a0f2742f8eb528c8cc0c181d1f62e182bdd14e1553c3f9c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4596_5214266\manifest.json
Filesize
111B

MD5
225c08f039684dfb54aac162dd9d5b9e

SHA1
426bd1044bfcd5e1a10b58ed1f217a6b33b2e9c3

SHA256
98306b21c0aaf9546301f4ab7fed785dc369c67e2fd2ad4d62fc63f072a51e3c

SHA512
d6ff6cea0c08d13a642996a110432792048d21160c04543fbcacc60abcde362318e13a42fcd7520bc7673e98544a68a3eb6cc4338f4f4d8e90e0dfd5c40b77b7

Download Submit
\??\pipe\crashpad_4596_IRHEZDGLJQQYZILX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3560-129-0x00007FFC781A0000-0x00007FFC781A1000-memory.dmp

Filesize
4KB

Download
memory/3560-179-0x00007FFC78790000-0x00007FFC78791000-memory.dmp

Filesize
4KB

Download