Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

EcosiaInstaller.exe

windows10-2004-x64

8

$PLUGINSDI...le.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Resubmissions

29/06/2024, 19:15

240629-xyjj7aterh 8

15/05/2024, 20:40

240515-zf52ksah5s 7

06/05/2024, 19:45

240506-ygg6gabc53 8

01/05/2024, 19:15

240501-xyhmwseb8s 8

27/04/2024, 10:03

240427-l3j6qsgh5t 8

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/04/2024, 10:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EcosiaInstaller.exe

  • Size

    1.0MB

  • MD5

    ead03cdd9d3398c50ffd82d1f1021d53

  • SHA1

    24b37f404d510f4eb7807dd89de20e936fc18190

  • SHA256

    4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2

  • SHA512

    ff381bd5ce7aef733c9ce9fcac0bcf3c9da106b09223c2904714bf4f7df334280ebf4792c279bea32cdafd896d5d95f28cbd6fc18a7d56c4fe77b63438fd6c70

  • SSDEEP

    24576:WgZNRxRm9PQBwV418TeWyavVb5AudHRhItGsePtjDZeMizZBx7j:WgHRW9P0wCWy2auFRhIP6pkd7j

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 11 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 41 IoCs
  • Loads dropped DLL 64 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 7 IoCs
  • Modifies registry class 45 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 28 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe
      "C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:384
      • C:\Users\Admin\AppData\Local\Temp\TempBr\CR_26DEB.tmp\setup.exe
        "C:\Users\Admin\AppData\Local\Temp\TempBr\CR_26DEB.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\TempBr\CR_26DEB.tmp\CHROME.PACKED.7Z"
        3⤵
        • Executes dropped EXE
        • Registers COM server for autorun
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Users\Admin\AppData\Local\Temp\TempBr\CR_26DEB.tmp\setup.exe
          C:\Users\Admin\AppData\Local\Temp\TempBr\CR_26DEB.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff751d1eaf0,0x7ff751d1eafc,0x7ff751d1eb08
          4⤵
          • Executes dropped EXE
          PID:4468
        • C:\Users\Admin\AppData\Local\Temp\TempBr\CR_26DEB.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Temp\TempBr\CR_26DEB.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
          4⤵
          • Executes dropped EXE
          • Modifies registry class
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:2636
          • C:\Users\Admin\AppData\Local\Temp\TempBr\CR_26DEB.tmp\setup.exe
            C:\Users\Admin\AppData\Local\Temp\TempBr\CR_26DEB.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff751d1eaf0,0x7ff751d1eafc,0x7ff751d1eb08
            5⤵
            • Executes dropped EXE
            PID:2952
        • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
          "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --from-installer
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks system information in the registry
          • Drops file in Program Files directory
          • Enumerates system info in registry
          • Modifies data under HKEY_USERS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:2568
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ffc76f9bc40,0x7ffc76f9bc4c,0x7ffc76f9bc58
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4460
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=2016 /prefetch:2
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1044
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=1820,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:3
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:848
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:216
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3280,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=3312 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2456
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=3376 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3160
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4180,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:2
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2956
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3180
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4932,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:916
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4900
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5184,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4168
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5172,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5152 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4324
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5328,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3964
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5220,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:232
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2776
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5656,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:636
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5712,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4900
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5480,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3564
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5992,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2964
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5360,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5352 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1224
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6008,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3176
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6232,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=6404 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:5840
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6376,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:4600
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6368,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:232
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6360,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=6696 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:5124
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=3576,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=3368 /prefetch:2
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:5840
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=4984,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=6548 /prefetch:2
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:5544
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6588,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:2
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:5652
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5672,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:5060
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4256,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=6280 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:5268
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6268,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=204 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:5696
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6204,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:2
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:5776
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6336,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:8
            5⤵
            • Executes dropped EXE
            PID:1132
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5216,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=672 /prefetch:8
            5⤵
            • Executes dropped EXE
            PID:5004
          • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
            "C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5496,i,14664400791381513656,16789683893081379249,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            • Suspicious behavior: EnumeratesProcesses
            PID:3564
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
    1⤵
      PID:2080
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
      1⤵
      • Modifies data under HKEY_USERS
      PID:1464

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
      Filesize

      220.2MB

      MD5

      362904601b4b33d63ca1bcf11dd140dc

      SHA1

      2f749221c61e40e754520b6064435b6826b175dd

      SHA256

      9ecc0d07f99cfef455eb360fbcd19eab5fff22a0f24fca3d0681be35598730bb

      SHA512

      bf64202fe7d096b7c47a3531f1030a0ba6958b960a1d22deb0cad08b0de369b76de850d1ce5fa9d318bb899333819b68f21ac1199cf344bed641e92456a82efd

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome_elf.dll
      Filesize

      1.2MB

      MD5

      ae0d60cfb1c9328269688e1baa88a943

      SHA1

      f7de751e5d9e5049f85d0ad88ab69d18be1b7d5e

      SHA256

      4bcabd79410e1f09555fce0851548066e8e720f54790c3d761d06925b2766641

      SHA512

      19222280c38602750b02998d790dfe648d2be88334a95bd6d553d189d702b5102166827a5d5ab25a55c19fb788362fc3b3011b054951b0a62a7fe60a0c7e9873

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\d3dcompiler_47.dll
      Filesize

      4.7MB

      MD5

      2191e768cc2e19009dad20dc999135a3

      SHA1

      f49a46ba0e954e657aaed1c9019a53d194272b6a

      SHA256

      7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

      SHA512

      5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\dxcompiler.dll
      Filesize

      20.9MB

      MD5

      150f0e3df0133148774ad54a42856603

      SHA1

      709d42b5a7f2251291c78225946022591d1aa37f

      SHA256

      ef457141e5ed3f7da23843abe149edfc490e70b6c11e0d9f5a4c2c56213e9e10

      SHA512

      457dbae0d312897a3c555cbdd0d14e27ab1b30e864a713636664a7fdaabf04dbab4d340d09cb354bb68777a2f43e6c45edd1a085c1babd14fc552ebacd13b548

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\dxil.dll
      Filesize

      1.4MB

      MD5

      cb72bef6ce55aa7c9e3a09bd105dca33

      SHA1

      d48336e1c8215ccf71a758f2ff7e5913342ea229

      SHA256

      47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

      SHA512

      c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\libEGL.dll
      Filesize

      470KB

      MD5

      3256b6aa8cf471075fa54a3f55226e4e

      SHA1

      c048b56d0b9955ca3d7a247755bdde3ccdc72aba

      SHA256

      77554d8f11ed4a59543d014de3253fbcf28e6b5cef8a00e1d0ff0cc5f168ce96

      SHA512

      8f8c3a42982c90e614141dbf348e64f5acd3dc81072f81fcf946655f3522e4d60f0e2fbe74b17e2933182f15619bb53207085a6628513e33c265c67b09fe8b57

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\libGLESv2.dll
      Filesize

      7.3MB

      MD5

      901a2a0be2869a84460058e15bc59844

      SHA1

      c42eb917dede03bdb6f9f807e2180d15caddf06d

      SHA256

      57bab60884711ea370f989ad7588698d3e2c23348297c3f309e64b97d532d673

      SHA512

      802fcd9711478015e9bb2747f1716c83aec29598933d604fcdcf769ac432525cfd648923ce763ceaf6ee04256fede439bfbecc565eb7ffb5f81450f642f703d3

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\vk_swiftshader.dll
      Filesize

      4.9MB

      MD5

      63d04aae53e03e41a7d82f8431cc14f9

      SHA1

      1ee414e09abd9323b0250602342ff917607c8b7d

      SHA256

      bbd5f144433b75fe0580b299b20ff743a0d21d93897375a75d8ad8a59b22608e

      SHA512

      bac53a3b87f63604a98490fa4e2d921da5baa759574e76362115f49d67d31cd59bacb7cb8035a7cbbbda3267b6e195e6e2904f3b99b9a50d3fbd9ef928bca90b

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\SetupMetrics\20240427100403.pma
      Filesize

      520B

      MD5

      d7bdecbddac6262e516e22a4d6f24f0b

      SHA1

      1a633ee43641fa78fbe959d13fa18654fd4a90be

      SHA256

      db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

      SHA512

      1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\SetupMetrics\20240427100403.pma
      Filesize

      2KB

      MD5

      15668e73edb47310311e9eed02e87834

      SHA1

      2faef698d623c4789037b44da893f14a5a555459

      SHA256

      e59543a74ac831d6e1f5aada699ba0339fdbb9c5d24a2a6194be15747398d258

      SHA512

      57d5d7c71be3bb638a00640f476f1b9923a4fdc5299ab4c81d65bc4a2629a13699dbf204d2ed64f40c9c40f384b98771b8efa22f35706dd6b372f7b4538d4b7e

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
      Filesize

      2.4MB

      MD5

      fb5581a14f52e14086ee997273198788

      SHA1

      ab92a654b218a630d0306279490121cc26abdbce

      SHA256

      be6b12e03b36e586a1abb5fdd7f69928e4e1a1c85fce9f2ccdd0358232131c2d

      SHA512

      6d6534a74b6d875756e2f1919f346b0e8c93449920b03aac96b2844b3f1d363488a529f214b707c9730553fddd5002b85f077cb1d5d949f7fecdfb60ac459bc9

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\2dc5dea2-cc5c-49ab-bd49-8cf5035eaeb8.tmp
      Filesize

      154KB

      MD5

      d36d18f82847cdf716f8d181db1afbbc

      SHA1

      e820b54eb4a66ed95e7c9bd385de13de682e3f21

      SHA256

      5d7adf329a38ce56fc02fbbe56456e37875c79c57e109812bd64229dd6de9192

      SHA512

      d1f471340f9dfa84aa084e2980dfbcaf6483e40235cb923e1abadd5f655423cdc443799f7e5a37302eea88c8cb284bdeca33a80931899141031fdd3e50e4911f

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
      Filesize

      48B

      MD5

      d0b2cc2a2a7c714a0ab7595750a8969d

      SHA1

      8a064c68f72636a8ff33ef23d2a9773ffb323613

      SHA256

      e3aa659222a949c9042652053a92dc2440025a3b01b9b0cde5de84c2f4378ae4

      SHA512

      7a0d9f5c25ae0890690a500cc9e0f4b110af4635d92dbeb9c83702239203476666973fb4871105445e56f02dd353a373078be1b26c1ab4b3f7aedd73f4207191

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
      Filesize

      432B

      MD5

      6b9e20414c73011f9c61463b6e1dab5b

      SHA1

      72d45dc63869598f9be269fb009421305b6f20d5

      SHA256

      477faac1b53bdbc5d09b58707370f729331b19b18f4558844bb460729970862f

      SHA512

      717cda9bf499ade0ad4f4037a1efa05a4448ac58850d9290b308bcca09dcd10d5e42aa3a2f946cec6409423d0138db60b0bd5e6ee8d4080f122e6084584a9650

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
      Filesize

      312B

      MD5

      9990476fd982d138846d8a9ee63d6873

      SHA1

      714cd4785690d16237794fc5e0d360d5283c3fe5

      SHA256

      98be186d6c975c57924d0f74048fd561e2f2cfed76e9435b6833376b7e45b712

      SHA512

      e64cb5489bb7b845889acb69ea1aa07e58c0b2b79a29c6e9ad7f20c3479e1a3be7ad3534c5e250735ddc3282e964736f058205f7e87373f29f5956a81404857e

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\cgaoapcdlhbhnephmkbbnkjjlpinoogh\123.3.0.0_0\images\light-enabled-trackers.png
      Filesize

      367B

      MD5

      52f72748d83c560abd1c34de91cafe90

      SHA1

      14b00a80dbadbc2111321d9801aae33c7462baa7

      SHA256

      0e9c653a24ab780da15cbd7ea650f30c9c33b289ac3d14c6e05e42497e2c7b49

      SHA512

      042461faa52ffa58084ae4898a48e9c354857733b6e1c8e48c4716d05f0dd94837234c608c297a63c00018a5512e47403c4fc9ce527cb1632e20c79a1542aa97

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\3rdParty\URI.min.js
      Filesize

      46KB

      MD5

      2a55f234e8264ae47688e9df44bd1067

      SHA1

      d6278504ee056fc0da98cbdaef9fe7d77de5394a

      SHA256

      ea81069514dade1e0a9d95214c518b9ad61ec7629d626ca9a0085cd2f2a9751a

      SHA512

      3fab188ec0d4a541cba4dc7f1ae254d16186acd8ce9bf01f87f3d13d05f64557d677c76c3bf72b6a809fb1907f61196ba2f5a82eff686cf4085a2bc15ccdc5ca

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\3rdParty\detect_browser.js
      Filesize

      21KB

      MD5

      73604d33f78044ef28329042fc108809

      SHA1

      acd66063f22937b558501b28c6cd5ca744adaed7

      SHA256

      3ddef451500c3d60dd595d0f3e80dfda8b33c81e317ef4d6849b510b7cc2bc7c

      SHA512

      2187728ec64bd8e1ee99ec1af9966346eda99ab885df7ae1625906a58adb1c3dfcc61f7a86922bb082cd5d928683097e18d0992eb965be8ea59ca9b33c517f5b

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\3rdParty\jquery-3.5.min.js
      Filesize

      87KB

      MD5

      12108007906290015100837a6a61e9f4

      SHA1

      1d6ae46f2ffa213dede37a521b011ec1cd8d1ad3

      SHA256

      c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

      SHA512

      93658f3eb4a044523a7136871e125d73c9005da44ce09045103a35a4f18695888ecafe2f9c0d0fa741b95cc618c6000f9ad9affc821a400ea7e5f2c0c8968530

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\3rdParty\purify.min.js
      Filesize

      18KB

      MD5

      3b1ad8517ae0093f2b85307a46e1265d

      SHA1

      7445f68a73c8a71c2927ceaeb3a632fc0325cb1b

      SHA256

      93b5fd64e221e705f75add7c68603529e777c505714633bbbb2446d4ca52c2cf

      SHA512

      82d72b6ac627c9e076efe21e8c296cc0595bfde820b7e92146bfa52c078d720839c768a39566a204e3d7664c22bcd8f5e4b684eacf42cd5e7b86ca133eb439c6

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\LomUtils.class.js
      Filesize

      16KB

      MD5

      30e42cf3daa7d8cb33d8561dc9bbde03

      SHA1

      c6b79d7d88396dfc00f2bf4a0e8a3ffff069669c

      SHA256

      38b65b06bd315900b4669588a79bfcdcb2a14328ee8048577e961ece2b3c42d9

      SHA512

      48878a87c48a33cec523af46a76ff7c8df07848964ed50dedab5c991bd4b9724f313ed86cc02a9f8eedd6f1bc7c25542ef4515dba58aade5454ed11658b9775c

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\background\LomConfig.class.js
      Filesize

      18KB

      MD5

      95450c6f286749bdbb6957f9f72ff52d

      SHA1

      95a41a09c943779e13957ccf089eed94a291abcd

      SHA256

      0a3d06681bc3315b3cd3baf7c0dd7019a3cf5fa73c1cfa810cdf545ea2eece74

      SHA512

      4f69ac44ab241a5fa6a2ff90cad4fe1a0fd06c819f302616e680138141b19b12224505ef9c12d80d5f1bc65fcd677ee44f00c3304faa08e084efe1fcd6694d79

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\content\LomBar.class.js
      Filesize

      9KB

      MD5

      fdd4de3bd31510f6c49d24d592630e90

      SHA1

      6f4d4770f090b8001f956d5936a167e536344215

      SHA256

      739456bc7a22bc69c9064280c2d9dad9218bf2493778d5bace15a67fc0d95b1f

      SHA512

      6413afb710b67c673eb7562678709413204509305519b2afbb529f73dac8df4703fb0655c420e1d2a89d042cee6e1a9c1e6a10fcff9ca77d7bb7db6e31d0ab94

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\content\LomBarPopup.class.js
      Filesize

      4KB

      MD5

      67a691145ea2e42279cac10297b63f93

      SHA1

      4bae4a22097f073d6e95588855aeb3d4deca5142

      SHA256

      a2ef5cd60f25c018bd6c6b471e0744f27b623ebf05e493a1bfbb22b19ec80e94

      SHA512

      a09ff5e27034aec26ae189b3072ce2952fa947f50589145e04986521e8299ad37871521888e91b1fc471e791ab8fe3861ee613ed7fc47dffa6b7a38eba0659da

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\content\content.js
      Filesize

      16KB

      MD5

      d4fcf3292c8f9f465cf31a78719f5c23

      SHA1

      f1217c6795349cbd7bd9895286dd2bdb6c2395d5

      SHA256

      3a637d3827cb75501480c949a248bb2173c63094bbba5059b63820e822f293a6

      SHA512

      87c1dc1f7923ecb9dc72bc27f58112b1d52dc2437ef72bb358ccef53f29c0a44b7247338100d2b23f01bb49e43f8ac425773b91afee537a939fc8f4508118c9b

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\content\showLomBar.js
      Filesize

      45KB

      MD5

      2afe14952b264d12a9c557a31c1720b0

      SHA1

      31aa1ba8ff0e88b4ddf03ff3857b86e2fd2e8aa4

      SHA256

      e2b5a7ac3c5274949b849993953e7f848a06317734030eda8f1351d5e8a85fc3

      SHA512

      244e6c86a333c837989c3652c9e2bdedfa72867ce870079910e31104f1632fa59a4907f34f716a3abd1e0a28b9bf8d26f1240392cf3aa2c60c66736267907a5f

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\translation.js
      Filesize

      14KB

      MD5

      60a2125a1be5be748d71bcfe88337726

      SHA1

      67a92f2955e88f6d5de10c963aac0d05d9346f4f

      SHA256

      5719147ea4c230591cbae45e600196f1940cb5cde5da72f99efdbf324bbcd983

      SHA512

      efcde5c306bcc9bc29784f6aa53129efc2970c7f5d31f9364f4e27577f350389a881e31fd94f2b83fa083107071aafaf94c3fd850c3e14e59149aa28e697a222

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Local Storage\leveldb\CURRENT
      Filesize

      16B

      MD5

      46295cac801e5d4857d09837238a6394

      SHA1

      44e0fa1b517dbf802b18faf0785eeea6ac51594b

      SHA256

      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

      SHA512

      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Local Storage\leveldb\MANIFEST-000001
      Filesize

      41B

      MD5

      5af87dfd673ba2115e2fcf5cfdb727ab

      SHA1

      d5b5bbf396dc291274584ef71f444f420b6056f1

      SHA256

      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

      SHA512

      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\Network Persistent State
      Filesize

      2KB

      MD5

      c4f5f5aa81aeed75a7c29e6f870c6641

      SHA1

      66cc1502f878e25716bc0bf41bcbc337832b5233

      SHA256

      07bca956a2d8ca55c492cbda00860ccf4b481f111e31b12d0c5b5b720bf8f9eb

      SHA512

      a35f538bbec0506d0e9e5b57c99a72cee9e1474fbe85719bb7e0b39827d0d8e50ae14b7d711f6e63ef9801a8a737f44839e0dac4edc3dd561dad069394d7486f

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\Network Persistent State~RFe58b2a1.TMP
      Filesize

      59B

      MD5

      2800881c775077e1c4b6e06bf4676de4

      SHA1

      2873631068c8b3b9495638c865915be822442c8b

      SHA256

      226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

      SHA512

      e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\SCT Auditing Pending Reports
      Filesize

      2B

      MD5

      d751713988987e9331980363e24189ce

      SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

      SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

      SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\TransportSecurity
      Filesize

      1KB

      MD5

      af8b1a3697e7db1d091240e026c6c102

      SHA1

      d1db963b17bb1b725138e978e73afaaf0da4c4c8

      SHA256

      992ca4c708c6d123b8fda44360c00d7c5038d0c8e7d1b012d836a4d388d463aa

      SHA512

      ccb4832a9006df8050578abe8c287a90ed13dec49f85bd8d1268cd6df6610ee1063671344da323fa83e82bbe590337d141b7cb15fc1baf0187fd8620071b0bd3

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\TransportSecurity~RFe584aa0.TMP
      Filesize

      1023B

      MD5

      7a0307fa58d25a0546709961a602bea7

      SHA1

      8712ffbebb61092053b03c79ef02e66e56ff2e11

      SHA256

      5f153bc45350c027eff08d7a4ef13a211242851bf4a7a17466c9d10697849af0

      SHA512

      bd253292931b35ef6355a63074271a64eb67a1b648a1e236e34106b088f9b222d22f94569ba7e0cc4211bccdefd1e07771ac5fdf7aeab0191af214aba3166885

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
      Filesize

      7KB

      MD5

      4039b937e7a96f5ea3d3f9f0acdb79b5

      SHA1

      1d1ba10dc123032225a64fe897957567cd6f99c5

      SHA256

      b1e27b5723e20d5a986fae05a0ae963a6fda0f6cbb76488b8daec401826ae100

      SHA512

      941544fb7421d3c0da4de8cbc16e67587a1d529d410f42a8d2188b56af5a8a66103ae841fad819937cd1cc9bb4ea84267084365956993f69413553fe2ca397dc

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
      Filesize

      7KB

      MD5

      bf97c79b56fc2ab65e9e39da56266e40

      SHA1

      e54024425997d050e9816d9316ba21f29b039695

      SHA256

      11449f346ffe5d73bbefa9672c2962d35678d79ab69714e3f5575960957a50d2

      SHA512

      320045e35885151b08ccbecea5b390db187e1f8b892f069afd7866b6cfe34caae935bce20c7e844615bb05bdc5f43519591daf56a94dd88220d438b1243ba4dc

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
      Filesize

      7KB

      MD5

      8d30faf85a355aa057d3d6a9e7f27e06

      SHA1

      346b7b751ab00528a98d6acf4f64795031af05aa

      SHA256

      f26f46b316afd0a22f0d1192444691421076c2ae0d1671b5dc31ea3e00190d81

      SHA512

      750a13d79e30abe06d51b46a8a99240cab63cf23ec007475dc2fd61ad8e205d11fd85a70c7a92c71ade47b2f1cde5dc3dd1199466b4f852fe08d0f7682a3ad94

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
      Filesize

      7KB

      MD5

      29eb3d17f5f9c294af8e94e07c0ebf47

      SHA1

      a993455fd35365d1588da960729652f131446a77

      SHA256

      651c84c99d0b6fc362d7636d5306089b769b8b3c5ab28ea8551d6bc691eb75b1

      SHA512

      6c32f920a4dc14755f85cf466e7d5ea6f5100d2a8b3997e30609b25c91db5a45fb598ada78271add86bb5faa661347889481d7cfa921ee76d24fb992406d5b4d

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
      Filesize

      6KB

      MD5

      7153381bca7f0642894d20e9bb95497b

      SHA1

      7ed5b12d72593ed054991282b3141fd531127f20

      SHA256

      f88454d38149597664a26144c3858c6d143f18df2bf1ef9b0ffd898cbf0cf239

      SHA512

      3d80d0cac5d5f3f8ca7421901411814ce00ee2726a6346723a49fe03016266b8ac8d9f60a97d01947ce1621d80b54f3ec1bf4aea6321a32590a5c64014fdf323

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
      Filesize

      7KB

      MD5

      8eef443f8f1e694cd88f1bfdd81ce56c

      SHA1

      ab9a830804a9775d9af6949902dda936b2e73e3f

      SHA256

      9f6df8068756dd684d079a28313584b6989ae39255b3872d7d26aec97ce83805

      SHA512

      cbd6d10fbe94d6f705a0013355dfbfd29a37a63b5a82844a9a057bde431b5cbd4aa4f0faf6dde63e1e88683b06660972e4695bbc9550b302bac6ce0ac3aa2688

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences~RFe57f760.TMP
      Filesize

      6KB

      MD5

      6a7048575ce78ca60db10b62f66837be

      SHA1

      fe6c608eeaf4f394157dd540054aa4921b960920

      SHA256

      9c648c9a9b95a269fa6b4ee1b3e5b9fea35921cbaea76623a27d0a8ea5f25081

      SHA512

      a0e98f25c52d275955a57f6c4e69dff59e7be1ed36cdc4332606bfd599c87ef2e452f0020c458409e1f2c0f767ee2a8b4a594f66d37ab306e71860938543c7d4

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
      Filesize

      360B

      MD5

      3416d40e9bce7944d7f08703d3b0d7e4

      SHA1

      4043264d97702b1d1870e4e8ef5ed8eadc1e994e

      SHA256

      49c87cd7584c1eaebad9c3388ff6fe1ed2ed7dfc197210e71833fc6876c7221a

      SHA512

      d97f527af4f2a5d3979463509ec0ce259e00a24971cfb04174d73692d8841c61a87e1cff12b4232869ddb2b4c88a5a15b8370aaa49f61efd9a5d168887f111c3

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5802ab.TMP
      Filesize

      72B

      MD5

      5790fa24252623aff844021638b1cbb1

      SHA1

      1a12a748a74a9f4daee46d77c4b190b66efb64c2

      SHA256

      44d23aa52f4c2fc06fac5e620e63be776cfef62091a02006f3c56f5af8b2206a

      SHA512

      35d332d9f2fbef46f42b7112f564667098ee896a8f4d0e997860acade452fb43fd8faa186b054add801232f67285e9e6324eff0a5d8b187e501f014a0f9b5446

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\f270ed22-6730-44d9-b06a-0d9f7ed50038.tmp
      Filesize

      7KB

      MD5

      fce52cd3e05345ac83d748feda8e442b

      SHA1

      e893425adcf4a9a3029348bd8d223cea0631cf5d

      SHA256

      df7df37f5e3f5ac0d2528b02faf5b07df8b5b1311e647917e507c8da8187d637

      SHA512

      891373c31199c10f370f60e4a3d2d8e7b53cda3180f778c11619f5a6f5f6f4b779f0da8be425a2e2902227d8a9f2083eda0a76fd3f8daefe8f22e4217f407e36

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_0
      Filesize

      8KB

      MD5

      cf89d16bb9107c631daabf0c0ee58efb

      SHA1

      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

      SHA256

      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

      SHA512

      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_1
      Filesize

      264KB

      MD5

      d0d388f3865d0523e451d6ba0be34cc4

      SHA1

      8571c6a52aacc2747c048e3419e5657b74612995

      SHA256

      902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

      SHA512

      376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_2
      Filesize

      8KB

      MD5

      0962291d6d367570bee5454721c17e11

      SHA1

      59d10a893ef321a706a9255176761366115bedcb

      SHA256

      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

      SHA512

      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_3
      Filesize

      8KB

      MD5

      41876349cb12d6db992f1309f22df3f0

      SHA1

      5cf26b3420fc0302cd0a71e8d029739b8765be27

      SHA256

      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

      SHA512

      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
      Filesize

      2KB

      MD5

      a5c0d7510bf63faa6314354456ec11a2

      SHA1

      40a834188f0c12a80c21d2d377aa68145f579ce1

      SHA256

      a08441bedbfe865e2c9e10505489b96da56d8364e4ffe63a31cba8b7d1bdd6fb

      SHA512

      68f0917ca50fcb75c165214da7e084fc88f2aa70570c3c1d67d95401d5e754c1ffabdc435ab30c1692ae2388aa1d9765ca42a2837f3c34a786aba8e0a05c0880

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
      Filesize

      2KB

      MD5

      a1f6d4d51e8e9eec2d7e3d45159f2186

      SHA1

      ece4b369fbec51e472d2e17de164547b0afbfffd

      SHA256

      839f26a2c2d5d57a541d54939b2a1046baab8b17984c3648fa18d196345534c8

      SHA512

      cb90aa73281643d70eafccadfeb98dc9f47a06be5602c9cbe86c751385b9f39ba542f6820af5950249779827a665ba287f44c2b48c64f80f20934853484f2db6

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
      Filesize

      5KB

      MD5

      c2337e4eeaaac0f22577a371b4bdd0e8

      SHA1

      a20f4d63bda0cf002ced7128380d48d12b56b489

      SHA256

      2e7d948aeb15e142d448d736393255403c72458317f2951c3ef96ef843c88df2

      SHA512

      5047b560bd4a9230f369a979d035d01dab40bd179634b3eda7ee03c0a821e05e4d40711eb4256b263e464098cea15af2e3c71338e8b5f79ae664fc4e15451d49

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
      Filesize

      2KB

      MD5

      45faa834e557d9c32afb17e49a36dbb6

      SHA1

      d670d8e6fa59f6d871a308b67560b7972a1d3aca

      SHA256

      d54283762f3d5d46418893be62d260e9a6334466fe014638fd8c1713acbf7739

      SHA512

      8e213e302cab7bc844fc67214f1f1ccd85907f5e3ec83ec69a421a29c69c6e1f357f0675819f03bed16a5971855de57a89b421dfb6b43f7278ab66cb41c261d1

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
      Filesize

      5KB

      MD5

      adea9759c0728badad8c77767bd83abe

      SHA1

      f9bbb2519586caaf08f00a632d6c7bf75163da25

      SHA256

      e6b3be637c3a0eb04b55533856714699ebc65d21fb9da3e5d41f0ca1a4785313

      SHA512

      aaf7b4fb3961e9bcb9a7604e3d0a4ac93a08af537ef5c57a46e26ae4274b55fd5779264da51d8b0e3ec77c7304a22ee3927db8a662b8ff94d91e8d450b336d41

      Download Submit

    • C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State~RFe57bac4.TMP
      Filesize

      976B

      MD5

      b4992b42c88d20c3f4f04fd04a6eeb52

      SHA1

      eae10e6b5ad83a8cf7eb7279bc17481e6c8b39f7

      SHA256

      0de0890d7dc77eafc92e89577223df1848ceff8a8798952274a42fe246b324c6

      SHA512

      85f77315b393f54ef5dc9efad6c0785cadcb2e1b7a46d83f900fa0ecf4000943ef58933017814fe846f2147b08e9bb08b04f54ca6e74ef4ef5bdb8271e4558ba

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TempBr\CR_26DEB.tmp\CHROME.PACKED.7Z
      Filesize

      101.8MB

      MD5

      e56344515ddf80497acc19b605ae9fd5

      SHA1

      914446864117c895641152f6d7fd68fcac613dc9

      SHA256

      57672708b14e2d7eab6682b1175b059e0aa1114dc4e3d58aa93a720d397c5e01

      SHA512

      c485197b7741b29dfe75df96998da2ad65551facd235f2ade5abbc271dcbbfd5038ffcb7d701a8b4a12e91263de48b1d569276171228fcce5f838ef2734b3abf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TempBr\CR_26DEB.tmp\setup.exe
      Filesize

      2.6MB

      MD5

      ffb2b92410a8d4808aa425d72acfaa0d

      SHA1

      a3dda22a3dd64ae4a70c976bad73babad4cd78c9

      SHA256

      8ae46d3c371e7835c5998d1e1d8a5665f45fa567dfe5e19461c01dd68d9bb26e

      SHA512

      946e1b9d8dccdd655b69aabae2597620a30ecee3aa5df40190ab39574a5f1b39e7b687d920867f04e5e051d3c6c0c551a092fc09cef24e190fc8c12ea0953b97

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe
      Filesize

      103.1MB

      MD5

      269e0fc2df6e318fc4dac1a488b6d69d

      SHA1

      698db85b18fffd7ecf422ec73b06a2f5ac58882f

      SHA256

      9f2b2ced98d689991995ec190394bed75571e9c3db9a7d98ffec61fe301c064b

      SHA512

      70120015b375e3eb71f587f64dcf28dbd9c7c768cd5084d463df725203eb715398c922589d6497495763fbd27990034b67a6cb7e4df030055f2c9173aa2cb791

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\b2c0141d-171f-48b3-9fa5-896ca4035ba2.tmp
      Filesize

      1B

      MD5

      5058f1af8388633f609cadb75a75dc9d

      SHA1

      3a52ce780950d4d969792a2559cd519d7ee8c727

      SHA256

      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

      SHA512

      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsc33B4.tmp\MainModule.dll
      Filesize

      3.6MB

      MD5

      c5f78d7f3df8b816ef881d342f6e9520

      SHA1

      251a4bc26a697e4641483ce7a3ac694874d7be52

      SHA256

      b0c4e04590f521358d7e3cf5201ffc551b6cbd7182a6e8229e94f47105c71822

      SHA512

      c9af575cde74c1520ebd49df15116d4165e9c5314cc4c402463388552ee35768ddc31d8a3f38ab2488357e7fc112666e02c1c6ac6c9f4b6eeba787afcafaa2cd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsc33B4.tmp\System.dll
      Filesize

      12KB

      MD5

      564bb0373067e1785cba7e4c24aab4bf

      SHA1

      7c9416a01d821b10b2eef97b80899d24014d6fc1

      SHA256

      7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

      SHA512

      22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ecosia Browser.lnk
      Filesize

      2KB

      MD5

      601e97ad2514b70991d233380c96cc46

      SHA1

      69a790666e00706e111e34b5bc4d18f283ff6462

      SHA256

      f1bff4b19848265f91eb1e64726040fc389407e00c11476503d8a6c8d4fe622c

      SHA512

      8ae5de83cb705ed97db09441d6697430627ccbe0385293556459d9788d921924532d4bd9c4ee34afaaafea435b034facae4bbfa3f0aae75396743cab624cd3d8

      Download Submit

    • memory/216-104-0x00007FFC84050000-0x00007FFC84051000-memory.dmp

      Filesize

      4KB

      Download

    • memory/216-103-0x00007FFC83B60000-0x00007FFC83B61000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3564-1814-0x00000255A0730000-0x00000255A0731000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3564-1816-0x00000255A0730000-0x00000255A0731000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3564-1815-0x00000255A0730000-0x00000255A0731000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3564-1826-0x00000255A0730000-0x00000255A0731000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3564-1825-0x00000255A0730000-0x00000255A0731000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3564-1824-0x00000255A0730000-0x00000255A0731000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3564-1823-0x00000255A0730000-0x00000255A0731000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3564-1822-0x00000255A0730000-0x00000255A0731000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3564-1821-0x00000255A0730000-0x00000255A0731000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3564-1820-0x00000255A0730000-0x00000255A0731000-memory.dmp

      Filesize

      4KB

      Download