4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2

Resubmissions

29-06-2024 19:15

240629-xyjj7aterh 8

15-05-2024 20:40

06-05-2024 19:45

01-05-2024 19:15

27-04-2024 10:03

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
15-05-2024 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EcosiaInstaller.exe
Size

1.0MB
MD5

ead03cdd9d3398c50ffd82d1f1021d53
SHA1

24b37f404d510f4eb7807dd89de20e936fc18190
SHA256

4bf7c84949d8e672e7244e1d36d93575eabeb825bf60b209885e317bbbd431e2
SHA512

ff381bd5ce7aef733c9ce9fcac0bcf3c9da106b09223c2904714bf4f7df334280ebf4792c279bea32cdafd896d5d95f28cbd6fc18a7d56c4fe77b63438fd6c70
SSDEEP

24576:WgZNRxRm9PQBwV418TeWyavVb5AudHRhItGsePtjDZeMizZBx7j:WgHRW9P0wCWy2auFRhIP6pkd7j

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 40 IoCs

Processes:

TempBr0.exesetup.exesetup.exesetup.exesetup.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exe

pid	process
3944	TempBr0.exe
4960	setup.exe
5052	setup.exe
1956	setup.exe
4696	setup.exe
1588	ecosiabrowser.exe
3572	ecosiabrowser.exe
3088	ecosiabrowser.exe
760	ecosiabrowser.exe
1964	ecosiabrowser.exe
3288	ecosiabrowser.exe
2564	ecosiabrowser.exe
4832	ecosiabrowser.exe
2184	ecosiabrowser.exe
4532	ecosiabrowser.exe
4932	ecosiabrowser.exe
868	ecosiabrowser.exe
1028	ecosiabrowser.exe
2096	ecosiabrowser.exe
1244	ecosiabrowser.exe
3564	ecosiabrowser.exe
1824	ecosiabrowser.exe
3948	ecosiabrowser.exe
3144	ecosiabrowser.exe
724	ecosiabrowser.exe
4528	ecosiabrowser.exe
2336	ecosiabrowser.exe
1028	ecosiabrowser.exe
5064	ecosiabrowser.exe
3656	ecosiabrowser.exe
3932	ecosiabrowser.exe
1320	ecosiabrowser.exe
6084	ecosiabrowser.exe
1072	ecosiabrowser.exe
1656	ecosiabrowser.exe
5548	ecosiabrowser.exe
3544	ecosiabrowser.exe
1408	ecosiabrowser.exe
2996	ecosiabrowser.exe
6000	ecosiabrowser.exe

Loads dropped DLL 64 IoCs

Processes:

EcosiaInstaller.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exeecosiabrowser.exe

pid	process
4504	EcosiaInstaller.exe
4504	EcosiaInstaller.exe
1588	ecosiabrowser.exe
3572	ecosiabrowser.exe
1588	ecosiabrowser.exe
3088	ecosiabrowser.exe
760	ecosiabrowser.exe
1964	ecosiabrowser.exe
3088	ecosiabrowser.exe
1964	ecosiabrowser.exe
3088	ecosiabrowser.exe
3088	ecosiabrowser.exe
3088	ecosiabrowser.exe
760	ecosiabrowser.exe
3088	ecosiabrowser.exe
3088	ecosiabrowser.exe
3088	ecosiabrowser.exe
2564	ecosiabrowser.exe
4832	ecosiabrowser.exe
2564	ecosiabrowser.exe
4832	ecosiabrowser.exe
3288	ecosiabrowser.exe
3288	ecosiabrowser.exe
2184	ecosiabrowser.exe
2184	ecosiabrowser.exe
4532	ecosiabrowser.exe
4532	ecosiabrowser.exe
4932	ecosiabrowser.exe
868	ecosiabrowser.exe
4932	ecosiabrowser.exe
868	ecosiabrowser.exe
1028	ecosiabrowser.exe
1028	ecosiabrowser.exe
2096	ecosiabrowser.exe
2096	ecosiabrowser.exe
1244	ecosiabrowser.exe
3564	ecosiabrowser.exe
1244	ecosiabrowser.exe
3564	ecosiabrowser.exe
1824	ecosiabrowser.exe
3948	ecosiabrowser.exe
1824	ecosiabrowser.exe
3948	ecosiabrowser.exe
3144	ecosiabrowser.exe
724	ecosiabrowser.exe
3144	ecosiabrowser.exe
724	ecosiabrowser.exe
4528	ecosiabrowser.exe
4528	ecosiabrowser.exe
2336	ecosiabrowser.exe
1028	ecosiabrowser.exe
2336	ecosiabrowser.exe
1028	ecosiabrowser.exe
5064	ecosiabrowser.exe
3656	ecosiabrowser.exe
5064	ecosiabrowser.exe
3656	ecosiabrowser.exe
3932	ecosiabrowser.exe
1320	ecosiabrowser.exe
1320	ecosiabrowser.exe
3932	ecosiabrowser.exe
6084	ecosiabrowser.exe
6084	ecosiabrowser.exe
1072	ecosiabrowser.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

setup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe\""	setup.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

EcosiaInstaller.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000\Software\Microsoft\Windows\CurrentVersion\Run\ecosia_EcosiaBrowser = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\ecosiabrowser.exe\""	EcosiaInstaller.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ecosiabrowser.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	ecosiabrowser.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	ecosiabrowser.exe

Drops file in System32 directory 2 IoCs

Processes:

ecosiabrowser.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	ecosiabrowser.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	ecosiabrowser.exe

Drops file in Windows directory 14 IoCs

Processes:

ecosiabrowser.exe

description	ioc	process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_1183331822\crl-set	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_1183331822\_metadata\verified_contents.json	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_463766484\_metadata\verified_contents.json	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_463766484\manifest.fingerprint	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_1478705248\manifest.json	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_463766484\Preload Data	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_1478705248\cr_en-us_500000_index.bin	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_1478705248\_metadata\verified_contents.json	ecosiabrowser.exe
File opened for modification	C:\Windows\SystemTemp	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_1183331822\manifest.fingerprint	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_463766484\manifest.json	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_1478705248\manifest.fingerprint	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_1183331822\manifest.json	ecosiabrowser.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_1183331822\LICENSE	ecosiabrowser.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

ecosiabrowser.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	ecosiabrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	ecosiabrowser.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	ecosiabrowser.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

ecosiabrowser.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602792803202387"	ecosiabrowser.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	ecosiabrowser.exe

Modifies registry class 45 IoCs

Processes:

setup.exesetup.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\ecosiabrowser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\Application\ApplicationCompany = "The Ecosia Browser Authors"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.htm	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.xht\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.xhtml\OpenWithProgids\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\Application\AppUserModelId = "Ecosia Browser.OJ4IMXDEYEYBCWEHIBNRX4Q32A"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.webp\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.html\OpenWithProgids\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.webp\OpenWithProgids\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\ = "Ecosia Browser HTML Document"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\ecosiabrowser.exe\" --single-argument %1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.html\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.pdf\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.shtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.svg	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.svg\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.xhtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.webp	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.xht\OpenWithProgids\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.xhtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\AppUserModelId = "Ecosia Browser.OJ4IMXDEYEYBCWEHIBNRX4Q32A"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\ecosiabrowser.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\Application\ApplicationDescription = "Access the Internet"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.pdf\OpenWithProgids\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.shtml\OpenWithProgids\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\EcosiaBrowser\\Application\\123.0.6312.21\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\Application	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.htm\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.xht	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.shtml	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.svg\OpenWithProgids\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\CLSID\{CE9C26D8-7C04-4946-96FD-C95153F34CAF}	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A\Application\ApplicationName = "Ecosia Browser"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.htm\OpenWithProgids\EcosiaHTML.OJ4IMXDEYEYBCWEHIBNRX4Q32A	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.html	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\.pdf	setup.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

ecosiabrowser.exeecosiabrowser.exe

pid process

1588 ecosiabrowser.exe
1588 ecosiabrowser.exe
6000 ecosiabrowser.exe
6000 ecosiabrowser.exe
6000 ecosiabrowser.exe
6000 ecosiabrowser.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

ecosiabrowser.exe

pid	process
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

TempBr0.exeecosiabrowser.exe

description	pid	process
Token: 33	3944	TempBr0.exe
Token: SeIncBasePriorityPrivilege	3944	TempBr0.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe
Token: SeShutdownPrivilege	1588	ecosiabrowser.exe
Token: SeCreatePagefilePrivilege	1588	ecosiabrowser.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

setup.exeecosiabrowser.exe

pid	process
1956	setup.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

ecosiabrowser.exe

pid	process
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe
1588	ecosiabrowser.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

EcosiaInstaller.exeTempBr0.exesetup.exesetup.exeecosiabrowser.exe

description	pid	process	target process
PID 4504 wrote to memory of 3944	4504	EcosiaInstaller.exe	TempBr0.exe
PID 4504 wrote to memory of 3944	4504	EcosiaInstaller.exe	TempBr0.exe
PID 3944 wrote to memory of 4960	3944	TempBr0.exe	setup.exe
PID 3944 wrote to memory of 4960	3944	TempBr0.exe	setup.exe
PID 4960 wrote to memory of 5052	4960	setup.exe	setup.exe
PID 4960 wrote to memory of 5052	4960	setup.exe	setup.exe
PID 4960 wrote to memory of 1956	4960	setup.exe	setup.exe
PID 4960 wrote to memory of 1956	4960	setup.exe	setup.exe
PID 1956 wrote to memory of 4696	1956	setup.exe	setup.exe
PID 1956 wrote to memory of 4696	1956	setup.exe	setup.exe
PID 4960 wrote to memory of 1588	4960	setup.exe	ecosiabrowser.exe
PID 4960 wrote to memory of 1588	4960	setup.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3572	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3572	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 3088	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 760	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 760	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe
PID 1588 wrote to memory of 1964	1588	ecosiabrowser.exe	ecosiabrowser.exe

C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\EcosiaInstaller.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4504

C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\TempBr0.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3944

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_B8007.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\CR_B8007.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\TempBr\CR_B8007.tmp\CHROME.PACKED.7Z"
3⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4960

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_B8007.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_B8007.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff62759eaf0,0x7ff62759eafc,0x7ff62759eb08
4⤵
- Executes dropped EXE
PID:5052

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_B8007.tmp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\TempBr\CR_B8007.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
4⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1956

C:\Users\Admin\AppData\Local\Temp\TempBr\CR_B8007.tmp\setup.exe
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_B8007.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff62759eaf0,0x7ff62759eafc,0x7ff62759eb08
5⤵
- Executes dropped EXE
PID:4696

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --from-installer
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1588

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crashpad" --url=https://crashreports.ecosia-browser.net/desktop-browser-win --annotation=plat=Win64 --annotation=prod=Ecosia --annotation=sentry[release]=123.0.6312.21 --annotation=ver=123.0.6312.21 --initial-client-data=0xf8,0xfc,0x100,0xc8,0x104,0x7ffe57bcbc40,0x7ffe57bcbc4c,0x7ffe57bcbc58
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3572

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=1828 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3088

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=2068,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=2084 /prefetch:3
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:760

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=2352 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1964

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=3236 /prefetch:1
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3288

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=3280 /prefetch:1
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2564

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3976,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=4016 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4832

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4200,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=4184 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2184

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4876,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4532

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4932

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4668,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:868

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1028

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2096

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5596,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1244

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5452,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3564

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5600,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1824

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5616,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3948

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3144

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5888,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=5900 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:724

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5876,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4528

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6188,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2336

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5568,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1028

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5892,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5064

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6620,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=6636 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3656

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6808,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=6828 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3932

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6780,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:1
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1320

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4412,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=7384 /prefetch:8
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6084

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=3996,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=7328 /prefetch:2
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1072

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7184,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=7472 /prefetch:2
5⤵
- Executes dropped EXE
PID:1656

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7264,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=3428 /prefetch:1
5⤵
- Executes dropped EXE
PID:5548

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7488,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=768 /prefetch:8
5⤵
- Executes dropped EXE
PID:3544

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4140,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=1588 /prefetch:8
5⤵
- Executes dropped EXE
PID:1408

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4008,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=4076 /prefetch:8
5⤵
- Executes dropped EXE
PID:2996

C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
"C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6404,i,2955500352832118577,2563304650798679413,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:8
5⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:6000

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4656

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\ad210a10b150f92\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
e645d16ae573e5f5c64d2403c5708bfc

SHA1
57483b0d2c72dd88eae2d15be6e839f55e8e7d86

SHA256
52cf03a663c3507c948274dcf4e5b505b5e1328a6f0197cc412455925e03a5bb

SHA512
8073cb37b84d10c02a927c0a5acaf5e6db8ff492c1796f2ba19ac842212a2733be6121914ed30007431a16f89ff7794d21c6ae7bdd793c7db1104dcd2ad93858

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\ad210a10b150f92\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\ad210a10b150f92\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1KB

MD5
490ccc6ed6198886e50c9d6d0cde0ff5

SHA1
a2f613dc2d29aa23f03a041d4cf281a70b58f51b

SHA256
f7c2304c7ed1a072c86ee8f3a636e8f23e8d0605516bd9370a40710df11ee948

SHA512
ce4590fd90e39bc919145ad57ae11e184e9ded5977e715cd5b709adc9ecb796d10581588b0d69580d6196b06f682467be0d5332f472bdb4f7c270dcfc2f1063e

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\chrome_elf.dll
Filesize
1.2MB

MD5
ae0d60cfb1c9328269688e1baa88a943

SHA1
f7de751e5d9e5049f85d0ad88ab69d18be1b7d5e

SHA256
4bcabd79410e1f09555fce0851548066e8e720f54790c3d761d06925b2766641

SHA512
19222280c38602750b02998d790dfe648d2be88334a95bd6d553d189d702b5102166827a5d5ab25a55c19fb788362fc3b3011b054951b0a62a7fe60a0c7e9873

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\d3dcompiler_47.dll
Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\dxcompiler.dll
Filesize
20.9MB

MD5
150f0e3df0133148774ad54a42856603

SHA1
709d42b5a7f2251291c78225946022591d1aa37f

SHA256
ef457141e5ed3f7da23843abe149edfc490e70b6c11e0d9f5a4c2c56213e9e10

SHA512
457dbae0d312897a3c555cbdd0d14e27ab1b30e864a713636664a7fdaabf04dbab4d340d09cb354bb68777a2f43e6c45edd1a085c1babd14fc552ebacd13b548

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\dxil.dll
Filesize
1.4MB

MD5
cb72bef6ce55aa7c9e3a09bd105dca33

SHA1
d48336e1c8215ccf71a758f2ff7e5913342ea229

SHA256
47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

SHA512
c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\libEGL.dll
Filesize
470KB

MD5
3256b6aa8cf471075fa54a3f55226e4e

SHA1
c048b56d0b9955ca3d7a247755bdde3ccdc72aba

SHA256
77554d8f11ed4a59543d014de3253fbcf28e6b5cef8a00e1d0ff0cc5f168ce96

SHA512
8f8c3a42982c90e614141dbf348e64f5acd3dc81072f81fcf946655f3522e4d60f0e2fbe74b17e2933182f15619bb53207085a6628513e33c265c67b09fe8b57

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\libGLESv2.dll
Filesize
7.3MB

MD5
901a2a0be2869a84460058e15bc59844

SHA1
c42eb917dede03bdb6f9f807e2180d15caddf06d

SHA256
57bab60884711ea370f989ad7588698d3e2c23348297c3f309e64b97d532d673

SHA512
802fcd9711478015e9bb2747f1716c83aec29598933d604fcdcf769ac432525cfd648923ce763ceaf6ee04256fede439bfbecc565eb7ffb5f81450f642f703d3

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\123.0.6312.21\vk_swiftshader.dll
Filesize
4.9MB

MD5
63d04aae53e03e41a7d82f8431cc14f9

SHA1
1ee414e09abd9323b0250602342ff917607c8b7d

SHA256
bbd5f144433b75fe0580b299b20ff743a0d21d93897375a75d8ad8a59b22608e

SHA512
bac53a3b87f63604a98490fa4e2d921da5baa759574e76362115f49d67d31cd59bacb7cb8035a7cbbbda3267b6e195e6e2904f3b99b9a50d3fbd9ef928bca90b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\SetupMetrics\20240515204114.pma
Filesize
520B

MD5
d7bdecbddac6262e516e22a4d6f24f0b

SHA1
1a633ee43641fa78fbe959d13fa18654fd4a90be

SHA256
db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

SHA512
1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\SetupMetrics\20240515204114.pma
Filesize
2KB

MD5
f0ddaf94792a61eb14bb3eb6b9a1f655

SHA1
9d7c1ac93b6390d698dd2a2de4d81c07dce8cfc8

SHA256
2af55e085979c7e82c1f37d1439736222d741de485284ca7ca514e5d8abad2a3

SHA512
48f851ef2c09d4184d1c1e31fed443595abd0cfa4594c7909533f042d737e74697b741a7121475fff545222083f213165b6e20deb092947f3136ec523e56b7a7

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\Application\ecosiabrowser.exe
Filesize
2.4MB

MD5
fb5581a14f52e14086ee997273198788

SHA1
ab92a654b218a630d0306279490121cc26abdbce

SHA256
be6b12e03b36e586a1abb5fdd7f69928e4e1a1c85fce9f2ccdd0358232131c2d

SHA512
6d6534a74b6d875756e2f1919f346b0e8c93449920b03aac96b2844b3f1d363488a529f214b707c9730553fddd5002b85f077cb1d5d949f7fecdfb60ac459bc9

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\CertificateRevocation\8765\crl-set
Filesize
22KB

MD5
68e6d21d21d3c7995332c5d3bb0b79e9

SHA1
d2902580d0a6994cb8486c7d42265d89a32f8659

SHA256
5697fbd2eb89480b1e0a8f261c51a722acc68059451645565f62466b927311ec

SHA512
0f52e8bf499d0970c23efeca7f6031d9cf5bb9e7d277768efdc869cf02d83c64db1f9aae8eed201360d6fe02d2fa50bb50bc58bc6f418ea915c4125e3da8d87f

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Crowd Deny\2023.11.29.1201\Preload Data
Filesize
12KB

MD5
aa3ef996bce08a9c34fe513d078d1ee3

SHA1
21688d164d442d37fd5471e13b41b1d216f88d37

SHA256
09d2155be71880356a993fabacc2ce01f4fbab99497ec157b53a094b8927c039

SHA512
285c85ca55fa54a1a12c47909b8575e8388570a76f238dc75aedece12e58dc0a3fe15edeffc41af14bb7944a0682de76f0ee0d6502d15973f8d9b1c5b2f828bd

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
2f9b76ba58c867d6e0d2f7a26695f4b5

SHA1
5a71aa8fcd6181eb69e0903f23529f4ec1639629

SHA256
17dcc31dc90aa7639a768b6187a7835615420e0bb7a1e5d8cd36e19e8db228ff

SHA512
28494f4d40ed7a56c0017161e0904949c6e1cdc8e32555e26ba919c623fe36a6e74151c65703ddafedce8aad1ced7c6f3ad3195377ae52bc379faecbf4042bca

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
0d9a48f3a1bfa870be872a93cf7571a0

SHA1
96c48ac84c50699fed62ff698cd2f417ad783305

SHA256
d7dafe932bdfb96e1ce3afe0cf1b9098046cac9eab623d838704d098e2ec24b4

SHA512
27a3aea7c5644e984081ae00d3483f6936b695bfd36b5b8fd781324b2f9c46685a8f4cf80a7e2f5bafc2900981dbab9d4c414de80f1abdb6329d228c8c1df85a

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\cgaoapcdlhbhnephmkbbnkjjlpinoogh\123.3.0.0_0\images\light-enabled-trackers.png
Filesize
367B

MD5
52f72748d83c560abd1c34de91cafe90

SHA1
14b00a80dbadbc2111321d9801aae33c7462baa7

SHA256
0e9c653a24ab780da15cbd7ea650f30c9c33b289ac3d14c6e05e42497e2c7b49

SHA512
042461faa52ffa58084ae4898a48e9c354857733b6e1c8e48c4716d05f0dd94837234c608c297a63c00018a5512e47403c4fc9ce527cb1632e20c79a1542aa97

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\3rdParty\URI.min.js
Filesize
46KB

MD5
2a55f234e8264ae47688e9df44bd1067

SHA1
d6278504ee056fc0da98cbdaef9fe7d77de5394a

SHA256
ea81069514dade1e0a9d95214c518b9ad61ec7629d626ca9a0085cd2f2a9751a

SHA512
3fab188ec0d4a541cba4dc7f1ae254d16186acd8ce9bf01f87f3d13d05f64557d677c76c3bf72b6a809fb1907f61196ba2f5a82eff686cf4085a2bc15ccdc5ca

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\3rdParty\detect_browser.js
Filesize
21KB

MD5
73604d33f78044ef28329042fc108809

SHA1
acd66063f22937b558501b28c6cd5ca744adaed7

SHA256
3ddef451500c3d60dd595d0f3e80dfda8b33c81e317ef4d6849b510b7cc2bc7c

SHA512
2187728ec64bd8e1ee99ec1af9966346eda99ab885df7ae1625906a58adb1c3dfcc61f7a86922bb082cd5d928683097e18d0992eb965be8ea59ca9b33c517f5b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\3rdParty\jquery-3.5.min.js
Filesize
87KB

MD5
12108007906290015100837a6a61e9f4

SHA1
1d6ae46f2ffa213dede37a521b011ec1cd8d1ad3

SHA256
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

SHA512
93658f3eb4a044523a7136871e125d73c9005da44ce09045103a35a4f18695888ecafe2f9c0d0fa741b95cc618c6000f9ad9affc821a400ea7e5f2c0c8968530

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\3rdParty\purify.min.js
Filesize
18KB

MD5
3b1ad8517ae0093f2b85307a46e1265d

SHA1
7445f68a73c8a71c2927ceaeb3a632fc0325cb1b

SHA256
93b5fd64e221e705f75add7c68603529e777c505714633bbbb2446d4ca52c2cf

SHA512
82d72b6ac627c9e076efe21e8c296cc0595bfde820b7e92146bfa52c078d720839c768a39566a204e3d7664c22bcd8f5e4b684eacf42cd5e7b86ca133eb439c6

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\LomUtils.class.js
Filesize
16KB

MD5
30e42cf3daa7d8cb33d8561dc9bbde03

SHA1
c6b79d7d88396dfc00f2bf4a0e8a3ffff069669c

SHA256
38b65b06bd315900b4669588a79bfcdcb2a14328ee8048577e961ece2b3c42d9

SHA512
48878a87c48a33cec523af46a76ff7c8df07848964ed50dedab5c991bd4b9724f313ed86cc02a9f8eedd6f1bc7c25542ef4515dba58aade5454ed11658b9775c

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\background\LomConfig.class.js
Filesize
18KB

MD5
95450c6f286749bdbb6957f9f72ff52d

SHA1
95a41a09c943779e13957ccf089eed94a291abcd

SHA256
0a3d06681bc3315b3cd3baf7c0dd7019a3cf5fa73c1cfa810cdf545ea2eece74

SHA512
4f69ac44ab241a5fa6a2ff90cad4fe1a0fd06c819f302616e680138141b19b12224505ef9c12d80d5f1bc65fcd677ee44f00c3304faa08e084efe1fcd6694d79

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\content\LomBar.class.js
Filesize
9KB

MD5
fdd4de3bd31510f6c49d24d592630e90

SHA1
6f4d4770f090b8001f956d5936a167e536344215

SHA256
739456bc7a22bc69c9064280c2d9dad9218bf2493778d5bace15a67fc0d95b1f

SHA512
6413afb710b67c673eb7562678709413204509305519b2afbb529f73dac8df4703fb0655c420e1d2a89d042cee6e1a9c1e6a10fcff9ca77d7bb7db6e31d0ab94

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\content\LomBarPopup.class.js
Filesize
4KB

MD5
67a691145ea2e42279cac10297b63f93

SHA1
4bae4a22097f073d6e95588855aeb3d4deca5142

SHA256
a2ef5cd60f25c018bd6c6b471e0744f27b623ebf05e493a1bfbb22b19ec80e94

SHA512
a09ff5e27034aec26ae189b3072ce2952fa947f50589145e04986521e8299ad37871521888e91b1fc471e791ab8fe3861ee613ed7fc47dffa6b7a38eba0659da

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\content\content.js
Filesize
16KB

MD5
d4fcf3292c8f9f465cf31a78719f5c23

SHA1
f1217c6795349cbd7bd9895286dd2bdb6c2395d5

SHA256
3a637d3827cb75501480c949a248bb2173c63094bbba5059b63820e822f293a6

SHA512
87c1dc1f7923ecb9dc72bc27f58112b1d52dc2437ef72bb358ccef53f29c0a44b7247338100d2b23f01bb49e43f8ac425773b91afee537a939fc8f4508118c9b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\content\showLomBar.js
Filesize
45KB

MD5
2afe14952b264d12a9c557a31c1720b0

SHA1
31aa1ba8ff0e88b4ddf03ff3857b86e2fd2e8aa4

SHA256
e2b5a7ac3c5274949b849993953e7f848a06317734030eda8f1351d5e8a85fc3

SHA512
244e6c86a333c837989c3652c9e2bdedfa72867ce870079910e31104f1632fa59a4907f34f716a3abd1e0a28b9bf8d26f1240392cf3aa2c60c66736267907a5f

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Extensions\phgkdmfdfjciapbienmclbnfelonckjl\0.3.2.1_0\data\js\translation.js
Filesize
14KB

MD5
60a2125a1be5be748d71bcfe88337726

SHA1
67a92f2955e88f6d5de10c963aac0d05d9346f4f

SHA256
5719147ea4c230591cbae45e600196f1940cb5cde5da72f99efdbf324bbcd983

SHA512
efcde5c306bcc9bc29784f6aa53129efc2970c7f5d31f9364f4e27577f350389a881e31fd94f2b83fa083107071aafaf94c3fd850c3e14e59149aa28e697a222

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Local Storage\leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Local Storage\leveldb\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
186601d777554e8bf9e0f7035a491d37

SHA1
bcb9d2b5723429b64631c5fffb604bbde313c4ca

SHA256
7e55bb035ece1ed9ad7bec6985f03690c82a02c8e4d9659fe1f14b1a1e2e384b

SHA512
f2b5497af6d1dae9a865e882b2424beeb5e4944e513ce45318d4f617d16c329c44f3b80f68193b504bfa54b47625a204dafd2be562087c7a102eb7c127c45fb9

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\Network Persistent State~RFe58ef0e.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
388f76b958c2deb58fd9d69fc0ec86e9

SHA1
ca79ab19a5149f50ad22394e950c9322d6af01ac

SHA256
bca8a764d770c85e59bb80a90a1e026261583daede240ea6e628c3d33a05540b

SHA512
7a43ba546f9f592c0e365dcaf0a286e190cd58ab528b2a82f4e31369e09e16f5308d5041c5db13f392abfa8678e27e9e530cc97f4eb8d4430d97806ba4b4bb82

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
7KB

MD5
d49239682e9b25a447a45b2af0186ce7

SHA1
dac1e222f175214c2860d8787b6c5e11e6024930

SHA256
bddfee204d878883b7422ee41d1a0503325d8e0587c9b3f9d3ca9d0dc1affea8

SHA512
45ac36e677bba2c276031f1ffa3ea9b40f345190552c748edd1edbf5521308a75bf39a07a9ef685ae0bcc50053749d79607ad46aca33464d1971716b3fb3ae20

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
fb5597f1fd28c778a9079ecf38740f2c

SHA1
cf633c4344bbf0e74efb839d19464c83c77bab80

SHA256
6daf27776ca6a9f95550ca1ba0e3cf66cce9633092cf44d27a10a98b6f8951f8

SHA512
de341aa90b4d42b62ea80cfba43db1557ee11d23bc9bb908f6e3e79ea182e10e04d08493ea6164d8d9bffaa128c672702bea58b27f9ba2a2e085cfd4ce6f014c

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
6KB

MD5
032948b6d035064470af013bd5da1910

SHA1
a45586838496b7be6a03eb9faab7e6b43d68b529

SHA256
ea9c69c7c9b47eac9530a2d718ba184563613dd7bf31f1a8bfacab411e54b754

SHA512
0bf2ad350b9fd6b2d40d868791a03eff5a22c77b6bbc11faa2e401e3cba5dc35621ac1551e12bca7688a39191485c5d453b4c740777c730e4cdd1f27061111cf

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
7KB

MD5
660dbc6e4a92b96047441ca2f4652474

SHA1
381c4d3f9033bb46236a3f0a1bbe40dcb915959a

SHA256
e5da1e1ab2562ca9d18e5b6f4659e467e314074f71bf56bf29eff94bc8752f1c

SHA512
51f5b5711ae874c3a835b86afffcc3c33cd7451a03e7b33bc62104db6e9560f4eea07165d593c882a0b8bbe61289b29dd9cb40415c11c3d1512abc7a02651cc2

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
7KB

MD5
83a762db236fd896637afd766d441c0c

SHA1
7288d10a01ec664a57e17cf34685cb5ec137b639

SHA256
bca31dd2d2b64b0fa9f08e3a52bc062d2ddcc8407c0d2cc320a8e90f0373c1d8

SHA512
21788a7d5b1347b6440e68362a74d7616691125488b57bd3fffad64279cc7cb3dff1158418511175645150b189281b6afdd33136d7a734117b49d020f0cd4c35

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences
Filesize
7KB

MD5
a003d8c85ae1c6e61ca5c33fa345b5be

SHA1
f158b742ef85ddf9746efe3a7a0fd6b0e0d4c19e

SHA256
cc7f7488426cef4183829c95ae1f97e2f38da5ea5ed3075c6d7f9619388e1a93

SHA512
e3ad37c053466cd32cb10889e19c9dfc98c61a97aa738575bd5ea748ed6daa2ff2243d266bd1b15e695c3fc912d4e6c8cd6143c2bd7b7609d81cb99948e8357a

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Preferences~RFe583236.TMP
Filesize
6KB

MD5
164e3decde7d69a9f54e1457fb5e4536

SHA1
7cf147b37617166c31d158ac7170213d51d5b364

SHA256
e895b337b8ac7d25f91f46b93a077f3d353d26881459bf929e49e51cab88caa5

SHA512
36c4f96f7f8b1a04ed571a1b76df2162bf15d372bd5121f60f24939548425beb50243c9d25431c9b203cb49b7e63da8161f167547505ff434d33da9f55ca776c

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
360B

MD5
0e7747e0345b532e21c203e7e4d1039d

SHA1
da8116377d410a00308fa2ae0fdf971b879f90ef

SHA256
07b0ca06b850f47523b747b3344b0d989faa0bc5c11262e77ac9dcacff9461f3

SHA512
310cf60b1baa3dea86f2dcdce3883f778b9b4d38580a6c2119d030fbb2534178c430fa48fe0997bb170cc81cfeabaf44dd49afd10525eb1c71b94b61578f0162

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583a93.TMP
Filesize
72B

MD5
037e92b7a0aae6b436a91fd43949e6f1

SHA1
475c671208d07c988326ebd6e6717eb621ffccb7

SHA256
c7e1ac6fff98c3b403a3a320585b9d498cde818df9aabc3c89126a06a64a2773

SHA512
4f77512dc19fcfeeadd6430f2e94ad9e1ea7542684da83ea571e0e15b938987636f5f575f6321c1e34a6408dd243216814f1289e3de84458a396c02b1076f385

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Default\baace44a-aa57-4d10-84d2-5718da06fb36.tmp
Filesize
154KB

MD5
d36d18f82847cdf716f8d181db1afbbc

SHA1
e820b54eb4a66ed95e7c9bd385de13de682e3f21

SHA256
5d7adf329a38ce56fc02fbbe56456e37875c79c57e109812bd64229dd6de9192

SHA512
d1f471340f9dfa84aa084e2980dfbcaf6483e40235cb923e1abadd5f655423cdc443799f7e5a37302eea88c8cb284bdeca33a80931899141031fdd3e50e4911f

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\GraphiteDawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
2KB

MD5
f3cf8cc0f0cec45e535ce255ce5709f6

SHA1
374b1b7649f24fc874e5c5698cd893934d1f0fc6

SHA256
f5aae2d32f41e37a7afcd7fe61a494bbe12b3c52468cca921f5ed059345f7727

SHA512
2267946f3931d15e17a5038147b86d1cb74610ced1a4f5f940e207be332130eca88f778abd145d8fa54f520b47aaf8f471f3fa2207fc37ae832f45baac88d9c5

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
2KB

MD5
07fd53306a06952efa9ab8a85df1d80f

SHA1
bcd1c24bee935e0800e272c5bd9587f7d3ca1348

SHA256
2bb847d17693218346513455de3c01b713284e3e36d1825062e8c3c158a93322

SHA512
be6a145fa5fc51c8a883c1ea3722d31662b72aa744ac75fdb718b3d4797fac5f476801d5edb6eddd2112709e39bf78c8a7f6ace19373346b820c4bc168bbaf3d

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
5KB

MD5
f57d0896d28db0f52d2314e1feab3fcf

SHA1
d475bfae147e5cde48345d7c2303545a0d57450d

SHA256
60c5b6d4cfad08e7f5a86ce3d613485f20fa684e64ce0f7f1a1915bcb4733720

SHA512
415d11feb966810192617e24ec62826ea916f862277df6f2496b4a879e65b0e07f793d2e8d1b4351f1b6446ca23d50b99e59a0872315c3f03e452feb0fff78d4

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
5KB

MD5
5699b857e3843b9310ac2648d0192307

SHA1
4822afcd33293233e846ad43e2d00a5cce8d5397

SHA256
d6518eff0d0ab947c336118e780fff1cef37cd506ac1e4e6abf344028e9e9d12

SHA512
d3be4d1857ca3997c1fee1ddd1bdb529b6e55f828d0a4f947873734f37ab6c882abb83f6c72431771feddddc33871bc54495eda67c7193fa4db5f4d190cf93db

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State
Filesize
5KB

MD5
e70b56cb743f85de852e4a0b682e79f8

SHA1
27d61c96376cb86aca745a90e9516db51b838426

SHA256
c765a8956e2effa0e520ed157a45bb6471d40c3f8522c8a6092c61abb2a6ce81

SHA512
c60fe827ed5d1a4f6782c78f88709d96c5ba378828c7f7cb20226e0d25750c43f71abe3f75f97169bcc80cc9e2b00a17447af72be164a2b29cb20177645ef382

Download Submit
C:\Users\Admin\AppData\Local\EcosiaBrowser\User Data\Local State~RFe57f6a4.TMP
Filesize
1KB

MD5
80f7c7ade685d31e2da0ec4f40bb408f

SHA1
02b713b9b4131f37475d24577e531441bf87739c

SHA256
f614feb534d40bfa56b90bb25de458fb2fff19216eded95b3644c8c7483a0ff3

SHA512
c37df9f7319198bff15f46842b7d4aa510358fefe802f61fdc90a6e0c976a053d9d1ead661a953a03cb86a4a547d4a24cd8411fe3c34618b4e7cbec83d2f8df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\5b5365d1-4244-4188-8e5c-a11e468c0bd9.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\TempBr\CR_B8007.tmp\setup.exe
Filesize
2.6MB

MD5
ffb2b92410a8d4808aa425d72acfaa0d

SHA1
a3dda22a3dd64ae4a70c976bad73babad4cd78c9

SHA256
8ae46d3c371e7835c5998d1e1d8a5665f45fa567dfe5e19461c01dd68d9bb26e

SHA512
946e1b9d8dccdd655b69aabae2597620a30ecee3aa5df40190ab39574a5f1b39e7b687d920867f04e5e051d3c6c0c551a092fc09cef24e190fc8c12ea0953b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss67C4.tmp\MainModule.dll
Filesize
3.6MB

MD5
c5f78d7f3df8b816ef881d342f6e9520

SHA1
251a4bc26a697e4641483ce7a3ac694874d7be52

SHA256
b0c4e04590f521358d7e3cf5201ffc551b6cbd7182a6e8229e94f47105c71822

SHA512
c9af575cde74c1520ebd49df15116d4165e9c5314cc4c402463388552ee35768ddc31d8a3f38ab2488357e7fc112666e02c1c6ac6c9f4b6eeba787afcafaa2cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss67C4.tmp\System.dll
Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ecosia Browser.lnk
Filesize
2KB

MD5
0781c2be253e0dd16f2587706ba5f9be

SHA1
415a20fd2683aa19cdcb2a15a527ff2b7282c223

SHA256
17fc17e77448cc30de393c517e1678d7961f8eda475874da4b01366c7624a8da

SHA512
840349b5c99a87b59326ea63316ba8fb4dc2996bce30eb56a0d96224b1f0092e222ce838118db3d04a8decc038542acbc701e993963971392f30e57208f76af3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_1183331822\manifest.json
Filesize
94B

MD5
fe8f96bc535223c1532ddbc4dc38885b

SHA1
ad3916f92c03c1073b3022a359ecc2c49c7d37fd

SHA256
54340c6b39dc0e76c82db776bc6d9d440888946b18e975387ea721ab66753c85

SHA512
f992f6cfae68f38252946ea1dc31d5a5b078242a6ccd7b16fa3ba90323b34e5b840337fa93c47fef3cc352b713ea6e02c5c97fe648fff934fc8dd9c8f7bb4835

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_1478705248\manifest.json
Filesize
108B

MD5
55d0da4886efa9d373256980afe0b0c4

SHA1
495d838f50d5e76226480487be4770fdf289bf2f

SHA256
816e30826889f2e140b03e0c7cfdcd31dedb307c30712b017843080b271891a9

SHA512
0591312ee7c3e51cd0b2c13cd97aab7f65fb8fb1eaf65ddef3e3a7a49218893e1827ca3b217ecacfeb02bde8926ae81ad893db1031b2e891d2b06aff6a6d5327

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping1588_463766484\manifest.json
Filesize
111B

MD5
225c08f039684dfb54aac162dd9d5b9e

SHA1
426bd1044bfcd5e1a10b58ed1f217a6b33b2e9c3

SHA256
98306b21c0aaf9546301f4ab7fed785dc369c67e2fd2ad4d62fc63f072a51e3c

SHA512
d6ff6cea0c08d13a642996a110432792048d21160c04543fbcacc60abcde362318e13a42fcd7520bc7673e98544a68a3eb6cc4338f4f4d8e90e0dfd5c40b77b7

Download Submit
\??\pipe\crashpad_1588_TPKDZGVZBPBXMDAM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1028-1412-0x0000020C01660000-0x0000020C01689000-memory.dmp

Filesize
164KB

Download
memory/1028-511-0x0000020C01690000-0x0000020C01691000-memory.dmp

Filesize
4KB

Download
memory/1244-1410-0x0000019C35400000-0x0000019C35429000-memory.dmp

Filesize
164KB

Download
memory/1244-315-0x0000019C35430000-0x0000019C35431000-memory.dmp

Filesize
4KB

Download
memory/1408-1822-0x000001EA16880000-0x000001EA168A9000-memory.dmp

Filesize
164KB

Download
memory/1408-1806-0x000001EA168B0000-0x000001EA168B1000-memory.dmp

Filesize
4KB

Download
memory/1824-321-0x0000019681690000-0x0000019681691000-memory.dmp

Filesize
4KB

Download
memory/1824-599-0x0000019681660000-0x0000019681689000-memory.dmp

Filesize
164KB

Download
memory/1964-1502-0x00000268271D0000-0x00000268271F9000-memory.dmp

Filesize
164KB

Download
memory/1964-117-0x00007FFE77F40000-0x00007FFE77F41000-memory.dmp

Filesize
4KB

Download
memory/1964-118-0x0000026827200000-0x0000026827201000-memory.dmp

Filesize
4KB

Download
memory/2184-251-0x00000196C0770000-0x00000196C0771000-memory.dmp

Filesize
4KB

Download
memory/2184-252-0x00000196C0740000-0x00000196C0769000-memory.dmp

Filesize
164KB

Download
memory/2996-1873-0x000001E6D12A0000-0x000001E6D12C9000-memory.dmp

Filesize
164KB

Download
memory/2996-1854-0x000001E6D12D0000-0x000001E6D12D1000-memory.dmp

Filesize
4KB

Download
memory/3544-1724-0x0000024EAA920000-0x0000024EAA921000-memory.dmp

Filesize
4KB

Download
memory/3544-1748-0x0000024EAA8F0000-0x0000024EAA919000-memory.dmp

Filesize
164KB

Download
memory/3564-317-0x00000248659A0000-0x00000248659A1000-memory.dmp

Filesize
4KB

Download
memory/3564-778-0x0000024865970000-0x0000024865999000-memory.dmp

Filesize
164KB

Download
memory/3656-568-0x00000198D5AD0000-0x00000198D5AD1000-memory.dmp

Filesize
4KB

Download
memory/3656-1413-0x00000198D5AA0000-0x00000198D5AC9000-memory.dmp

Filesize
164KB

Download
memory/3948-781-0x000001D401660000-0x000001D401689000-memory.dmp

Filesize
164KB

Download
memory/3948-320-0x000001D401690000-0x000001D401691000-memory.dmp

Filesize
4KB

Download
memory/4528-468-0x000001A2D1B60000-0x000001A2D1B61000-memory.dmp

Filesize
4KB

Download
memory/4528-674-0x000001A2D02D0000-0x000001A2D02F9000-memory.dmp

Filesize
164KB

Download
memory/5064-1405-0x000001FA37270000-0x000001FA37299000-memory.dmp

Filesize
164KB

Download
memory/5064-554-0x000001FA372A0000-0x000001FA372A1000-memory.dmp

Filesize
4KB

Download
memory/6000-1895-0x000001DFCAA60000-0x000001DFCAA61000-memory.dmp

Filesize
4KB

Download
memory/6000-1888-0x000001DFCAA60000-0x000001DFCAA61000-memory.dmp

Filesize
4KB

Download
memory/6000-1893-0x000001DFCAA60000-0x000001DFCAA61000-memory.dmp

Filesize
4KB

Download
memory/6000-1899-0x000001DFCAA60000-0x000001DFCAA61000-memory.dmp

Filesize
4KB

Download
memory/6000-1898-0x000001DFCAA60000-0x000001DFCAA61000-memory.dmp

Filesize
4KB

Download
memory/6000-1897-0x000001DFCAA60000-0x000001DFCAA61000-memory.dmp

Filesize
4KB

Download
memory/6000-1896-0x000001DFCAA60000-0x000001DFCAA61000-memory.dmp

Filesize
4KB

Download
memory/6000-1894-0x000001DFCAA60000-0x000001DFCAA61000-memory.dmp

Filesize
4KB

Download
memory/6000-1889-0x000001DFCAA60000-0x000001DFCAA61000-memory.dmp

Filesize
4KB

Download
memory/6000-1887-0x000001DFCAA60000-0x000001DFCAA61000-memory.dmp

Filesize
4KB

Download
memory/6084-1385-0x000001DE9D050000-0x000001DE9D051000-memory.dmp

Filesize
4KB

Download
memory/6084-1415-0x000001DE9D020000-0x000001DE9D049000-memory.dmp

Filesize
164KB

Download