4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2

Analysis

max time kernel
82s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EcosiaInstaller.exe
Size

1.0MB
MD5

ead03cdd9d3398c50ffd82d1f1021d53
SHA1

24b37f404d510f4eb7807dd89de20e936fc18190
SHA256

4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2
SHA512

ff381bd5ce7aef733c9ce9fcac0bcf3c9da106b09223c2904714bf4f7df334280ebf4792c279bea32cdafd896d5d95f28cbd6fc18a7d56c4fe77b63438fd6c70
SSDEEP

24576:WgZNRxRm9PQBwV418TeWyavVb5AudHRhItGsePtjDZeMizZBx7j:WgHRW9P0wCWy2auFRhIP6pkd7j

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ecosiabrowser.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\Control Panel\International\Geo\Nation	ecosiabrowser.exe

Executes dropped EXE 12 IoCs

Processes:

TempBr0.exesetup.exesetup.exesetup.exesetup.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exe

pid	process
4368	TempBr0.exe
4124	setup.exe
2028	setup.exe
4164	setup.exe
3460	setup.exe
4552	ecosiabrowser.exe
1396	ecosiabrowser.exe
2768	ecosiabrowser.exe
2724	ecosiabrowser.exe
4928	ecosiabrowser.exe
1780	ecosiabrowser.exe
5000	ecosiabrowser.exe

Loads dropped DLL 18 IoCs

Processes:

EcosiaInstaller.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exe

pid	process
1320	EcosiaInstaller.exe
1320	EcosiaInstaller.exe
4552	ecosiabrowser.exe
1396	ecosiabrowser.exe
2768	ecosiabrowser.exe
4552	ecosiabrowser.exe
2724	ecosiabrowser.exe
4928	ecosiabrowser.exe
2724	ecosiabrowser.exe
1780	ecosiabrowser.exe
2724	ecosiabrowser.exe
2724	ecosiabrowser.exe
2724	ecosiabrowser.exe
4928	ecosiabrowser.exe
1780	ecosiabrowser.exe
2724	ecosiabrowser.exe
2724	ecosiabrowser.exe
2724	ecosiabrowser.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe"	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ecosiabrowser.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	ecosiabrowser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	ecosiabrowser.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

ecosiabrowser.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	ecosiabrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	ecosiabrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	ecosiabrowser.exe

Modifies registry class 45 IoCs

Processes:

setup.exesetup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.webp	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\ecosiabrowser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.html\OpenWithProgids\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.shtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.svg	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.svg\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.xht	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\AppUserModelId = "Ecosia Browser.GIV6OS7XMQB66P4LDNVCNOOI7A"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.html	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\ecosiabrowser.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\Application\AppUserModelId = "Ecosia Browser.GIV6OS7XMQB66P4LDNVCNOOI7A"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\Application\ApplicationCompany = "The Ecosia Browser Authors"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.htm\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.xht\OpenWithProgids\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\ecosiabrowser.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.webp\OpenWithProgids\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.pdf	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.shtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.xhtml	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.xhtml\OpenWithProgids\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.htm	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.htm\OpenWithProgids\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.svg\OpenWithProgids\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.xht\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\Application\ApplicationDescription = "Access the Internet"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\Application\ApplicationName = "Ecosia Browser"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.pdf\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.pdf\OpenWithProgids\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.webp\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\ = "Ecosia Browser HTML Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.html\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.shtml\OpenWithProgids\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.xhtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\EcosiaHTML.GIV6OS7XMQB66P4LDNVCNOOI7A\DefaultIcon	setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

ecosiabrowser.exe

pid process

4552 ecosiabrowser.exe
4552 ecosiabrowser.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

ecosiabrowser.exe

pid process

4552 ecosiabrowser.exe
4552 ecosiabrowser.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

TempBr0.exe

description pid process

Token: 33 4368 TempBr0.exe
Token: SeIncBasePriorityPrivilege 4368 TempBr0.exe

description	pid	process
Token: 33	4368	TempBr0.exe
Token: SeIncBasePriorityPrivilege	4368	TempBr0.exe

Suspicious use of FindShellTrayWindow 22 IoCs

Processes:

EcosiaInstaller.exesetup.exeecosiabrowser.exe

pid	process
1320	EcosiaInstaller.exe
1320	EcosiaInstaller.exe
4164	setup.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe

Suspicious use of SendNotifyMessage 17 IoCs

Processes:

ecosiabrowser.exe

pid	process
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe
4552	ecosiabrowser.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

EcosiaInstaller.exeTempBr0.exesetup.exesetup.exeecosiabrowser.exeecosiabrowser.exe

description	pid	process	target process
PID 1320 wrote to memory of 4368	1320	EcosiaInstaller.exe	TempBr0.exe
PID 1320 wrote to memory of 4368	1320	EcosiaInstaller.exe	TempBr0.exe
PID 4368 wrote to memory of 4124	4368	TempBr0.exe	setup.exe
PID 4368 wrote to memory of 4124	4368	TempBr0.exe	setup.exe
PID 4124 wrote to memory of 2028	4124	setup.exe	setup.exe
PID 4124 wrote to memory of 2028	4124	setup.exe	setup.exe
PID 4124 wrote to memory of 4164	4124	setup.exe	setup.exe
PID 4124 wrote to memory of 4164	4124	setup.exe	setup.exe
PID 4164 wrote to memory of 3460	4164	setup.exe	setup.exe
PID 4164 wrote to memory of 3460	4164	setup.exe	setup.exe
PID 4124 wrote to memory of 4552	4124	setup.exe	ecosiabrowser.exe
PID 4124 wrote to memory of 4552	4124	setup.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1396	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1396	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 1396 wrote to memory of 2768	1396	ecosiabrowser.exe	ecosiabrowser.exe
PID 1396 wrote to memory of 2768	1396	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 2724	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 4928	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 4928	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe
PID 4552 wrote to memory of 1780	4552	ecosiabrowser.exe	ecosiabrowser.exe

C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1320

C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4368

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_A99CF.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\CR_A99CF.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\TempBr\CR_A99CF.tmp\CHROME.PACKED.7Z"
3⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4124

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_A99CF.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_A99CF.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x258,0x25c,0x260,0x240,0x264,0x7ff68246eaf0,0x7ff68246eafc,0x7ff68246eb08
4⤵
- Executes dropped EXE
PID:2028

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_A99CF.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\CR_A99CF.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4164

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_A99CF.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_A99CF.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff68246eaf0,0x7ff68246eafc,0x7ff68246eb08
5⤵
- Executes dropped EXE
PID:3460

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --from-installer
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4552

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0xf4,0xf8,0xfc,0xd0,0x100,0x7ff95ec7bc40,0x7ff95ec7bc4c,0x7ff95ec7bc58
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1396

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x138,0x13c,0x140,0x114,0x144,0x7ff70f9d6340,0x7ff70f9d634c,0x7ff70f9d6358
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2768

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2004,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2724

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=1948,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:3
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4928

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=2396 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1780

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3252,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=3300 /prefetch:1
5⤵
- Executes dropped EXE
PID:5000

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=3384 /prefetch:1
5⤵
PID:4704

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:2
5⤵
PID:2728

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5016,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
5⤵
PID:384

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:8
5⤵
PID:3432

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:8
5⤵
PID:2800

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:8
5⤵
PID:1580

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5044,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:8
5⤵
PID:2680

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5780,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:8
5⤵
PID:1252

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5760,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:8
5⤵
PID:236

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5772,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:8
5⤵
PID:2480

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5784,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:8
5⤵
PID:868

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6148,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:8
5⤵
PID:4544

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5656,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:8
5⤵
PID:4736

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5640,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=6620 /prefetch:8
5⤵
PID:380

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5648,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:8
5⤵
PID:4408

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5736,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=6872 /prefetch:8
5⤵
PID:2532

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5232,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:8
5⤵
PID:1988

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6860,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:8
5⤵
PID:4404

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5072,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:1
5⤵
PID:3068

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5368,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:8
5⤵
PID:5140

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5172,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:2
5⤵
PID:5840

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6284,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:2
5⤵
PID:3868

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6372,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:2
5⤵
PID:6140

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7232,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=7000 /prefetch:8
5⤵
PID:5364

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=4412,i,3547174697520568816,5350849291649720730,262144 --variations-seed-version --mojo-platform-channel-handle=7224 /prefetch:2
5⤵
PID:4948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2372

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4004

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:4372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
182.6MB

MD5
7e55e1eb9c5e9bc2e9e9a2e0dce5bc55

SHA1
3e8416fa4a53a4a58788d7014aedabea8f3994af

SHA256
58f5befd3a3977aca535a1f718012545d526e15cab334cd81f90eb0fd64222b2

SHA512
67ec9b6c16904d16a767338055dae74699c5c73e3889416b9ecba640704323689ecd2ca5e52b788c79ed01fad69ab4e34d87ba91f0f90867908737acde956511

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
184.6MB

MD5
72f87117a151fcdcd32f06f52a31887d

SHA1
ea58b8e614287dc345c9552747ea30fbda80451e

SHA256
056329c9898e9e0f8dec5e2c9b18231384b305837893937d007d9ca22228e156

SHA512
b1544a59a7fe57f74fc7e79e6256b503a5198336a22b7e2abc36002b199606bbf0d6c16616186bf0e62be01a2479f75c5e2cf463e951af4da688a3f7da68e381

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
203.2MB

MD5
35c22aedb37ca8332897278dcdf86587

SHA1
9ad6c55c846708e709890b262ff897eb42bcc706

SHA256
15b977b746dfa63bd2b4cd9944ecdabc3c7a93f5aefc0be2a9fa6e0b271094b3

SHA512
3976fa0cbd8a932e31584d538996c4943dc874b259f6e33467850c20c108abd8cf0833475501aa5918db43ee555ebad83241ae0ce31111173bf6fd8759e48fba

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
179.4MB

MD5
b18d2c32fa6618c617babb3dadc3daa8

SHA1
6a196766d9eac6af36615106ea58a907130909d6

SHA256
08eb0f8a2676e7046607a036912c003807a5519fa36fbe07aaa9cd0c1576b8e2

SHA512
eb746ccc69b1a1ba91045190438e9c0cdaf05dbe56471f72c9392305d9bbff539e4d5d958fc8f49c8b47526477d46ba43f27de5b503b0f6c25f4d668894d092b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
201.2MB

MD5
186ff9fb8480ac4189523657266853b5

SHA1
40202fb5d508dc5db7e77c4dbeca3acd737ec633

SHA256
256f1f185d2c61fba0bbfe7c7e00cce7791761cf3e1b5ca6010218cc1e9011cb

SHA512
6dabc4fbee3e0f60c287fdc4f7973068de8fcc4f679c4c92e124c19821dbf7b5888c64a9e5e4dcd1afd267084ff015c80c5ca6b327bc2095e13d163117ef3391

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
175.0MB

MD5
172dd58efd62b1b57b53e94ecce72cf3

SHA1
413664779df0026ca6659f7cee1a41159423a61f

SHA256
1804a684ef4a95cbea0f018874152943c0a8aa024c42f3f108f14e5efdc23d54

SHA512
7b169067079b8a5865d3507396cdc310615da3c3e19b3e79cffe4cc433a2ae66d5b3ed24d0126adb17379581d9f76c359f73375cc954ef76fa857f44b2819d73

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
172.9MB

MD5
35cce74b9aeaf60ff3dae3a8f65d5c23

SHA1
3f8ad96958627b304b1094e8e97cfb871742ec00

SHA256
0869110a06d7b731eeeb5a3c8f2c321421999dac882b188c6e9e8539decb625d

SHA512
e7ef4a5771e1c8a4b34158bd09506d6da110bdca67ff672993cfdc8ddd1078e3c358dcac5754e37ac29d22578ba3928709318c0f492ff52c21909073955baae9

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
176.1MB

MD5
1c5d056b90e3499eb549a2287cbfb791

SHA1
8298c015abe366757dbae5a4bd1adf1491325bd9

SHA256
93c9539f4c608408d7633ce3c361bac54a855b79da1d72a4f357dc457102d207

SHA512
34e38254edbf5944abd408fd52d4981807e2db39acef93d519176b6596b88ae42606c2a10ee5d51dd31f52f2046ae8af1f4af9a2179b7a1b2c9839da7c53e7e5

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
194.5MB

MD5
39b98d411819ab718d052c6e0bb960be

SHA1
1ffff82ff7c02e61440bcace46d405a6cdeb8f4a

SHA256
d746fe21f1e7eb5c91f6a6b75206febed9e4e0bbea3b0af081913d7ee8b0a1ef

SHA512
1ec9eec40f9c320551838fb6e4fcd64701f43d088a70ed7c37d82f2857c1194e88fedf24c1fd7901bcea8353d486c2b36005eebd4e1d09b624a9d75f39fc5541

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome.dll
Filesize
180.2MB

MD5
24996f9d1ba6533b29ed0108b00c5c7d

SHA1
8326cd95037ca55a6b651ab22c8fd18c2ff4c6ae

SHA256
05e932e72e8131bcbc44ecf1bb43bfcaf533731661c505d3079421ec9b6bc89b

SHA512
6a1c83a65cd82f69999fa6f93f04512a7e21e0e36a9f8bfb195dc998d723ff0e0aab4866db345177214250ec1f29e08c5ffa158fbb7d64ab8825c6df1bc71e03

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome_elf.dll
Filesize
1.2MB

MD5
ae0d60cfb1c9328269688e1baa88a943

SHA1
f7de751e5d9e5049f85d0ad88ab69d18be1b7d5e

SHA256
4bcabd79410e1f09555fce0851548066e8e720f54790c3d761d06925b2766641

SHA512
19222280c38602750b02998d790dfe648d2be88334a95bd6d553d189d702b5102166827a5d5ab25a55c19fb788362fc3b3011b054951b0a62a7fe60a0c7e9873

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\d3dcompiler_47.dll
Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\dxcompiler.dll
Filesize
20.9MB

MD5
150f0e3df0133148774ad54a42856603

SHA1
709d42b5a7f2251291c78225946022591d1aa37f

SHA256
ef457141e5ed3f7da23843abe149edfc490e70b6c11e0d9f5a4c2c56213e9e10

SHA512
457dbae0d312897a3c555cbdd0d14e27ab1b30e864a713636664a7fdaabf04dbab4d340d09cb354bb68777a2f43e6c45edd1a085c1babd14fc552ebacd13b548

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\dxil.dll
Filesize
1.4MB

MD5
cb72bef6ce55aa7c9e3a09bd105dca33

SHA1
d48336e1c8215ccf71a758f2ff7e5913342ea229

SHA256
47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

SHA512
c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\libEGL.dll
Filesize
470KB

MD5
3256b6aa8cf471075fa54a3f55226e4e

SHA1
c048b56d0b9955ca3d7a247755bdde3ccdc72aba

SHA256
77554d8f11ed4a59543d014de3253fbcf28e6b5cef8a00e1d0ff0cc5f168ce96

SHA512
8f8c3a42982c90e614141dbf348e64f5acd3dc81072f81fcf946655f3522e4d60f0e2fbe74b17e2933182f15619bb53207085a6628513e33c265c67b09fe8b57

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\libGLESv2.dll
Filesize
7.3MB

MD5
901a2a0be2869a84460058e15bc59844

SHA1
c42eb917dede03bdb6f9f807e2180d15caddf06d

SHA256
57bab60884711ea370f989ad7588698d3e2c23348297c3f309e64b97d532d673

SHA512
802fcd9711478015e9bb2747f1716c83aec29598933d604fcdcf769ac432525cfd648923ce763ceaf6ee04256fede439bfbecc565eb7ffb5f81450f642f703d3

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\vk_swiftshader.dll
Filesize
4.9MB

MD5
63d04aae53e03e41a7d82f8431cc14f9

SHA1
1ee414e09abd9323b0250602342ff917607c8b7d

SHA256
bbd5f144433b75fe0580b299b20ff743a0d21d93897375a75d8ad8a59b22608e

SHA512
bac53a3b87f63604a98490fa4e2d921da5baa759574e76362115f49d67d31cd59bacb7cb8035a7cbbbda3267b6e195e6e2904f3b99b9a50d3fbd9ef928bca90b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\SetupMetrics\20240428074130.pma
Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\SetupMetrics\20240428074130.pma
Filesize
2KB

MD5
ff3ebf36de2f77f859cec39eb8ac8413

SHA1
765824706b7d6aec3b8d436d2f88e0dd83476046

SHA256
8ede16d30dd03ffe89a70fa7d925d7fb400246e36ead6cffede4e2e2b98d06e9

SHA512
820ea025dbb178008d8813a2e9dabcbf27282268a2d856c7fdf35e9317c8972dd8d3ea4e52d59f1b019bc0acc3811bfb606509612fed24a3e1bc11100dff1063

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
Filesize
2.4MB

MD5
fb5581a14f52e14086ee997273198788

SHA1
ab92a654b218a630d0306279490121cc26abdbce

SHA256
be6b12e03b36e586a1abb5fdd7f69928e4e1a1c85fce9f2ccdd0358232131c2d

SHA512
6d6534a74b6d875756e2f1919f346b0e8c93449920b03aac96b2844b3f1d363488a529f214b707c9730553fddd5002b85f077cb1d5d949f7fecdfb60ac459bc9

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\6ad45555-614e-4690-930e-7a3aba90cf12.tmp
Filesize
154KB

MD5
d36d18f82847cdf716f8d181db1afbbc

SHA1
e820b54eb4a66ed95e7c9bd385de13de682e3f21

SHA256
5d7adf329a38ce56fc02fbbe56456e37875c79c57e109812bd64229dd6de9192

SHA512
d1f471340f9dfa84aa084e2980dfbcaf6483e40235cb923e1abadd5f655423cdc443799f7e5a37302eea88c8cb284bdeca33a80931899141031fdd3e50e4911f

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Cache\Cache_Data\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Cache\Cache_Data\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
ad549be1ec1bd59022a814c5803790a2

SHA1
83ba30e32cbe2692e04eed3842d0bb8f24d4d3e6

SHA256
55dfb0eb6b0a98bbab8bd67671d6e2524da7bc7a50325cb03d65483ef62611f0

SHA512
84a55894b1fe6627589f8e43f2230b64e68f33ffdfa0d7d0113690260a74d458dc9f3d94d7f1a77e3e11ad975bab997e3c3c8af63337fc989a80ad5bc58c2dc9

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
336B

MD5
0b39eb68b0e25081239504bb07790eee

SHA1
f3b6d3cd31cc4f6a942acadb1d7c0b02f9137565

SHA256
e9423c267253c9adba9c8b38c6e11983aea4098b68cca2e0c22c36b644ec890f

SHA512
32ae68892cdc8869bacf3a628befad85196c570e98355b8b2031f2f6903a8f75212bb01bcc9cee9ef9d42269e93d027a8a9ecd9afacfd8e8975d8dee8a87a3bf

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\TransportSecurity
Filesize
1023B

MD5
696b09a2834850e892296a2ad5ada58c

SHA1
082779a1258a47fc9ccb9f2214ec5b2d5595b42f

SHA256
d7e3dbe540b0258258a7b76dadb21d6b4c58fe302e6933d3db2e992bfd344705

SHA512
a9784d98267e418f6291cc49c57c8c52ba9f7463a476f72fe5a4bc7c3b601fd08ac590596729b7811c578ba44d99e2ab0cd24c953831fbad85874fb6935bab66

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\TransportSecurity~RFe596865.TMP
Filesize
1023B

MD5
f9a21a47b11521124380be025a2bfc6f

SHA1
0d7867ecde93a3b6f806ca7098df68b05510ff5a

SHA256
bb7c13f20c9bf6249cea1b64d573d30f6c39a8601fe8bf71b82629f338f9e81a

SHA512
ed5565b52fec95a0ff31458c8c6c5b3854af1099ae4f88cd89b715754b47f811c61a38fedce0b41d86cb08037c8bab73b9a2c3a2c54938915c3db429e2e66a3d

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
afdf6bade1d199a03760d39416bfee58

SHA1
8c2a9d1d0755c7b2fd693b921492b2c0b58a3ba3

SHA256
40e0cbdde346469155e1c149b2b5cc3f1984446cc4a8355a33b0dca66174363f

SHA512
12ba70048a9b7cb7cbd0e27f43163d9a451a1792277504448312ba9315de1e4bbd380e9adc6f99eab92439ad30b09ce12cca52eb088f3f6a1f1a455bd8be6ea4

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
5ab5bcb72a0bb1878df468aa2c6bb64c

SHA1
5bb3e23013e2a85648447c480fc49fe4e17e9dff

SHA256
691e2abfc46cb894fc694b53af21ce69f84edab6debbfddedebb17934886a667

SHA512
5fe18c34df6d98bfe29fa787bcffd0b7a1d00d9af07252fc7082b17248da13b2238816ccabedec2329e73e2d2e403d7f44c839b085f59ed5f61014e6a6941226

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
fbf1c46f39af40a944fce8f8ff2fc3e9

SHA1
6911456797d6f7a42e0c97c5a61c5d2a6d141be2

SHA256
a71381cc72ffe17c69401cc3e29beba4f758b94b1a51906e44f7812246e3c5b6

SHA512
6dc863d9da2a44f7189ffd48b514a0af161f400da000c18ca1cee72e5c8e7f668691959a9e7b077e880120cf39e5e99a6d31f84df18c734d3c46b0a32e01905d

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences~RFe58e087.TMP
Filesize
6KB

MD5
77a2716afac583a034415267882fa8de

SHA1
9c76a0fe9721ead9ae0d55a94ac748884d16cee2

SHA256
9f439b659920a1d30bb00624e4f5c8201d5225b01461a4cbba3843b4b6a19f6b

SHA512
8bae499058776dc5e443a9b8ce11be0f7f82b8942a23416d3f19ec630cdf2c6d925b541ab1bf63f2c445ba35286cfd8dd2c18041d350a838454d982c5fb59ae6

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
360B

MD5
d1529a98740f57815bb685d11dd4f59e

SHA1
28e09d0d3bf7d9256aac14c3c9f4547b68a5a785

SHA256
fc999f93c9f774c5d8b78cf776fed068959b22a4d11b46386683d8672ad1ebb4

SHA512
f4f52f43e4f0c2448e765a33a6c78d38485ee9f5a9608ad397f4d253b7210592fcec6e49d3711c5af3a6d0e15d26106c5e16046259953afdd1fa2154e6d78e0c

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59013e.TMP
Filesize
72B

MD5
2161ea117baa19431ad0f1caaf42a142

SHA1
ddf68abc3278419856938f709f19710816d5fe75

SHA256
177eeba797bd65f374b27da53f08f36ff01abc903f703667f9fe6cf60b870fb2

SHA512
1bf83af3f9ba5a4465c2b67c5326d164cc46ef82deef896454077c66bd7581b4baa6398bd190bfb6cddcdbf40f6c06b878a1df8730f2f1a2dea8b420cfe5acbd

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Site Characteristics Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Site Characteristics Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
2KB

MD5
bbbc13a4f95f5c3c0bc1401fbf8d47fe

SHA1
c2d656e98448b8be6d4a62e14b303b8217221ca6

SHA256
d83881f0fef61572b7fb277a0c8f0966284aaa4b0f3310dc315baf4ffff49028

SHA512
08c00be6c58f926736477c16ea4431a352da761e238b48f8121050760b098d5f2b0eb93cc3ad898a8fcca5c0534f8050693dff397c5550d6039d9a8240309ea9

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State~RFe58b8fa.TMP
Filesize
1KB

MD5
66214c72846a399e3c17252481e7c3ed

SHA1
8bd3260da32b3ae74fce8e7329b5352f8a62a90f

SHA256
db5f2f00b6d2f93d199736ad0ae356e3a1a6f18884bc6ae91cbe3865a5fdc2c4

SHA512
c3fa9919d8385d69dc0d35cf6ff37a8a125c244f5387f2806260eee86122e2c8ff152c843ec785a5439c742130ef5cde93cc1c3dd34ab1d9badeb21ff274aa11

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_A99CF.tmp\CHROME.PACKED.7Z
Filesize
101.8MB

MD5
e56344515ddf80497acc19b605ae9fd5

SHA1
914446864117c895641152f6d7fd68fcac613dc9

SHA256
57672708b14e2d7eab6682b1175b059e0aa1114dc4e3d58aa93a720d397c5e01

SHA512
c485197b7741b29dfe75df96998da2ad65551facd235f2ade5abbc271dcbbfd5038ffcb7d701a8b4a12e91263de48b1d569276171228fcce5f838ef2734b3abf

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_A99CF.tmp\setup.exe
Filesize
2.6MB

MD5
ffb2b92410a8d4808aa425d72acfaa0d

SHA1
a3dda22a3dd64ae4a70c976bad73babad4cd78c9

SHA256
8ae46d3c371e7835c5998d1e1d8a5665f45fa567dfe5e19461c01dd68d9bb26e

SHA512
946e1b9d8dccdd655b69aabae2597620a30ecee3aa5df40190ab39574a5f1b39e7b687d920867f04e5e051d3c6c0c551a092fc09cef24e190fc8c12ea0953b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe
Filesize
103.1MB

MD5
269e0fc2df6e318fc4dac1a488b6d69d

SHA1
698db85b18fffd7ecf422ec73b06a2f5ac58882f

SHA256
9f2b2ced98d689991995ec190394bed75571e9c3db9a7d98ffec61fe301c064b

SHA512
70120015b375e3eb71f587f64dcf28dbd9c7c768cd5084d463df725203eb715398c922589d6497495763fbd27990034b67a6cb7e4df030055f2c9173aa2cb791

Download Submit
C:\Users\Admin\AppData\Local\Temp\be0d39a3-bac4-420a-86e0-abcde8b2f91c.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse5110.tmp\MainModule.dll
Filesize
3.6MB

MD5
c5f78d7f3df8b816ef881d342f6e9520

SHA1
251a4bc26a697e4641483ce7a3ac694874d7be52

SHA256
b0c4e04590f521358d7e3cf5201ffc551b6cbd7182a6e8229e94f47105c71822

SHA512
c9af575cde74c1520ebd49df15116d4165e9c5314cc4c402463388552ee35768ddc31d8a3f38ab2488357e7fc112666e02c1c6ac6c9f4b6eeba787afcafaa2cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse5110.tmp\System.dll
Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ecosia Browser.lnk
Filesize
2KB

MD5
e434f8e2ceeb48b81f4812629aed653a

SHA1
2fc085eb15d152540758171c8466f81f38d3df26

SHA256
db2df5b4b2ad88e1209c26bf1eed71dcc1f65c7911e2822767679a1828faa197

SHA512
2d6953324108e6fb00d4a69d189bac54e6271e126d15e0f23087c64b1d1d6f95671a336470380a0a5df87fc7fe8ae00681b7f84df30e6fb69549bba91ddf8934

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ecosia Browser.lnk
Filesize
2KB

MD5
3eb2081af1e393b34aed75aa3eb8b911

SHA1
de22bab53c53c36adfc153dc1a70e4f0d7cee8c9

SHA256
dce0374d6fb801a597088df74917c58e9ec39a3b16d6880d0880e13c1e7e8ca7

SHA512
20fd4ef83089509b55948e7e8304ce1eafbfc7fd4e13d9f960a8014ae5b759034b39e62dddff49d0be03200347cc05f4026080153aa15699831ded895d2a3819

Download Submit
\??\pipe\crashpad_4552_ELIZFYAECEUSTRIU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/236-317-0x0000018C66060000-0x0000018C66061000-memory.dmp

Filesize
4KB

Download
memory/236-735-0x0000018C64840000-0x0000018C6486B000-memory.dmp

Filesize
172KB

Download
memory/380-1026-0x000001E601650000-0x000001E60167B000-memory.dmp

Filesize
172KB

Download
memory/380-337-0x000001E601680000-0x000001E601681000-memory.dmp

Filesize
4KB

Download
memory/868-1001-0x000002083BCD0000-0x000002083BCFB000-memory.dmp

Filesize
172KB

Download
memory/868-319-0x000002083BD00000-0x000002083BD01000-memory.dmp

Filesize
4KB

Download
memory/1252-878-0x0000018981660000-0x000001898168B000-memory.dmp

Filesize
172KB

Download
memory/1252-313-0x0000018981690000-0x0000018981691000-memory.dmp

Filesize
4KB

Download
memory/1580-325-0x0000017EE7400000-0x0000017EE742B000-memory.dmp

Filesize
172KB

Download
memory/1580-295-0x0000017EE7430000-0x0000017EE7431000-memory.dmp

Filesize
4KB

Download
memory/1780-121-0x00000251528E0000-0x00000251528E1000-memory.dmp

Filesize
4KB

Download
memory/1780-120-0x00007FF97C2C0000-0x00007FF97C2C1000-memory.dmp

Filesize
4KB

Download
memory/1780-1523-0x00000251528B0000-0x00000251528DB000-memory.dmp

Filesize
172KB

Download
memory/1988-539-0x0000018A27900000-0x0000018A27901000-memory.dmp

Filesize
4KB

Download
memory/1988-1032-0x0000018A25F80000-0x0000018A25FAB000-memory.dmp

Filesize
172KB

Download
memory/2480-1003-0x0000011441620000-0x000001144164B000-memory.dmp

Filesize
172KB

Download
memory/2480-315-0x0000011441650000-0x0000011441651000-memory.dmp

Filesize
4KB

Download
memory/2532-1450-0x00000203B0FF0000-0x00000203B101B000-memory.dmp

Filesize
172KB

Download
memory/2532-394-0x00000203B2810000-0x00000203B2811000-memory.dmp

Filesize
4KB

Download
memory/2680-297-0x00000258BF1E0000-0x00000258BF1E1000-memory.dmp

Filesize
4KB

Download
memory/2680-326-0x00000258BEFD0000-0x00000258BEFFB000-memory.dmp

Filesize
172KB

Download
memory/2800-324-0x00000201AA7A0000-0x00000201AA7CB000-memory.dmp

Filesize
172KB

Download
memory/2800-288-0x00000201AA980000-0x00000201AA981000-memory.dmp

Filesize
4KB

Download
memory/3432-290-0x000001169DE20000-0x000001169DE21000-memory.dmp

Filesize
4KB

Download
memory/3432-323-0x000001169C460000-0x000001169C48B000-memory.dmp

Filesize
172KB

Download
memory/4372-1525-0x000001AF41600000-0x000001AF41601000-memory.dmp

Filesize
4KB

Download
memory/4372-1535-0x000001AF41600000-0x000001AF41601000-memory.dmp

Filesize
4KB

Download
memory/4372-1526-0x000001AF41600000-0x000001AF41601000-memory.dmp

Filesize
4KB

Download
memory/4372-1530-0x000001AF41600000-0x000001AF41601000-memory.dmp

Filesize
4KB

Download
memory/4372-1524-0x000001AF41600000-0x000001AF41601000-memory.dmp

Filesize
4KB

Download
memory/4372-1533-0x000001AF41600000-0x000001AF41601000-memory.dmp

Filesize
4KB

Download
memory/4372-1536-0x000001AF41600000-0x000001AF41601000-memory.dmp

Filesize
4KB

Download
memory/4372-1531-0x000001AF41600000-0x000001AF41601000-memory.dmp

Filesize
4KB

Download
memory/4372-1534-0x000001AF41600000-0x000001AF41601000-memory.dmp

Filesize
4KB

Download
memory/4372-1532-0x000001AF41600000-0x000001AF41601000-memory.dmp

Filesize
4KB

Download
memory/4404-727-0x000002069F410000-0x000002069F411000-memory.dmp

Filesize
4KB

Download
memory/4404-1451-0x000002069F3E0000-0x000002069F40B000-memory.dmp

Filesize
172KB

Download
memory/4408-996-0x000002010F070000-0x000002010F09B000-memory.dmp

Filesize
172KB

Download
memory/4408-348-0x000002010F0A0000-0x000002010F0A1000-memory.dmp

Filesize
4KB

Download
memory/4544-322-0x0000014639610000-0x0000014639611000-memory.dmp

Filesize
4KB

Download
memory/4544-327-0x00000146395E0000-0x000001463960B000-memory.dmp

Filesize
172KB

Download
memory/4736-1033-0x0000028A81650000-0x0000028A8167B000-memory.dmp

Filesize
172KB

Download
memory/4736-335-0x0000028A81680000-0x0000028A81681000-memory.dmp

Filesize
4KB

Download
memory/5140-1034-0x0000023081660000-0x000002308168B000-memory.dmp

Filesize
172KB

Download
memory/5140-819-0x0000023081690000-0x0000023081691000-memory.dmp

Filesize
4KB

Download
memory/5364-1502-0x0000019C3FFA0000-0x0000019C3FFCB000-memory.dmp

Filesize
172KB

Download
memory/5364-1495-0x0000019C3FFD0000-0x0000019C3FFD1000-memory.dmp

Filesize
4KB

Download