Overview

overview

8

Static

static

3

EpicSetup.exe

windows7-x64

8

EpicSetup.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/04/2024, 14:38 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EpicSetup.exe

  • Size

    1.7MB

  • MD5

    20b4abe9f1a234c3c5cf3e3653c73201

  • SHA1

    acad58367ef24db763b12b6c25ddff951dbbde7b

  • SHA256

    78b6a0f85f50da832c2553284c56c83bd847832d328a311477ebf950596a2431

  • SHA512

    fa4847a5e0642ff4ca4b6abc28f4db8c02c4688e026bbe86b68511b61440dfb81134c645c7ae4e54e946c622dac8cc015fbdd6eb5181143483fb7d52eac72ec3

  • SSDEEP

    24576:UxWdbqh6PI7HcPpexcuRTe1ceNWZtUVyJvRXMaffNIIW/SFvWBwVztcZrng8kny:daECKpWIyxppfBmIOBCCZjg83PGbWZ

Score
8/10
discoveryevasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 32 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Registers COM server for autorun 1 TTPs 26 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 11 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 13 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EpicSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\EpicSetup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdate.exe
      C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdate.exe /installsource taggedmi /install "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Registers COM server for autorun
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2576
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /regserver
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Registers COM server for autorun
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:620
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1424
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /cr
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1808
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicCrashHandler.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicCrashHandler.exe" /crashhandler
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1944
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ua /installsource core
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          • Suspicious use of WriteProcessMemory
          PID:884
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /uninstall
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2544
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjkuMTMiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NUNFMDdGQzctMUM5Ri00MkJFLTk3OTAtMzREOEVGQzE2QTc2fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0FGMjlDRDY1LTRDRTUtNDlGOC1BODY1LUExQjk5QkJFRDFFQn0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0I4NTJFN0IxLTkwOEEtNDhFRi05NTc2LUNCRTIzNjU0RDkwN30iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yOS4xMyIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1984
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /handoff "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en" /installsource taggedmi /sessionid "{5CE07FC7-1C9F-42BE-9790-34D8EFC16A76}"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2904
  • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" -Embedding
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\mini_installer.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\mini_installer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:852
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\CHROME.PACKED.7Z"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Registers COM server for autorun
        • Modifies registry class
        PID:1736
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x18c,0x190,0x194,0x160,0x198,0xeafc40,0xeafc50,0xeafc5c
          4⤵
          • Executes dropped EXE
          PID:2616
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2612
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x18c,0x190,0x194,0x160,0x198,0xeafc40,0xeafc50,0xeafc5c
            5⤵
            • Executes dropped EXE
            PID:2216
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --from-installer
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:3044
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0xd8,0xdc,0xe0,0xac,0xe4,0x7280dcd8,0x7280dce8,0x7280dcf4
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1356
            • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
              "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x11c,0x120,0x124,0xf0,0x128,0x1402658,0x1402668,0x1402674
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:3012
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:2
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2556
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=1444 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1964
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=1560 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2504
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1976 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2632
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1984 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2652
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1992 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3056
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2000 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:1524
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2008 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:2684
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=172 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:2
            5⤵
            • Executes dropped EXE
            PID:1476
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2812 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            PID:1720
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3280 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            PID:2920
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3292 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            PID:2436
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3328 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            PID:1392
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3308 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
              PID:2180
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjkuMTMiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NUNFMDdGQzctMUM5Ri00MkJFLTk3OTAtMzREOEVGQzE2QTc2fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezY1MTdFNDg4LTNBREQtNDM4Qi1BRjlCLUI3OEE4RUEzRUI1OX0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0EzQUEyQUQ2LUMzNTctNEJCMy05NjI1LTY1NTA2NDdEOTU2RH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMC4wLjYwOTkuNzEiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRfdGltZV9tcz0iNDA4ODgiIGRvd25sb2FkZWQ9IjEyOTUwNjI1NiIgdG90YWw9IjEyOTUwNjI1NiIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        2⤵
        • Executes dropped EXE
        • Checks whether UAC is enabled
        PID:2644

    Network

    • flag-us
      DNS
      updates.epicbrowser.com
      EpicUpdate.exe
      Remote address:
      8.8.8.8:53
      Request
      updates.epicbrowser.com
      IN A
      Response
      updates.epicbrowser.com
      IN A
      178.128.252.188
      updates.epicbrowser.com
      IN A
      128.199.39.15
      updates.epicbrowser.com
      IN A
      167.172.35.137
      updates.epicbrowser.com
      IN A
      206.189.4.63
    • flag-us
      DNS
      updates.epicbrowser.com
      EpicUpdate.exe
      Remote address:
      8.8.8.8:53
      Request
      updates.epicbrowser.com
      IN A
      Response
      updates.epicbrowser.com
      IN A
      167.172.35.137
      updates.epicbrowser.com
      IN A
      128.199.39.15
      updates.epicbrowser.com
      IN A
      178.128.252.188
      updates.epicbrowser.com
      IN A
      206.189.4.63
    • flag-nl
      POST
      http://updates.epicbrowser.com/service/update2
      EpicUpdate.exe
      Remote address:
      178.128.252.188:80
      Request
      POST /service/update2 HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Google Update/1.3.29.13;winhttp
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Content-Length: 505
      Host: updates.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:32:02 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Vary: Accept-Encoding
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Transfer-Encoding: chunked
      Content-Type: text/html; charset=utf-8
    • flag-nl
      GET
      http://updates.epicbrowser.com/service/check2?appid=%7BB852E7B1-908A-48EF-9576-CBE23654D907%7D&appversion=1.3.29.13&applang=&machine=0&version=0.0.0.0&osversion=6.1&servicepack=Service%20Pack%201
      EpicUpdate.exe
      Remote address:
      167.172.35.137:80
      Request
      GET /service/check2?appid=%7BB852E7B1-908A-48EF-9576-CBE23654D907%7D&appversion=1.3.29.13&applang=&machine=0&version=0.0.0.0&osversion=6.1&servicepack=Service%20Pack%201 HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Google Update/1.3.29.13;winhttp
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Host: updates.epicbrowser.com
      Response
      HTTP/1.1 404 NOT FOUND
      Date: Mon, 08 Apr 2024 14:35:02 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Transfer-Encoding: chunked
      Content-Type: text/html
    • flag-nl
      POST
      http://updates.epicbrowser.com/service/update2?w=3:OpMuexCJVOfG9vF4ji09ri_mfcYgVfgD5mIyhp7NDCLgsyi553h8mvN52byZHIso5EGNZp6QdwJuRZ-FMI2mYX4cfc30sGq1Puh1Zsg_oA1Ti6Ggx_WA-JHpqGthLQqwjBfDlVdq_P8yCaCPjKpxCSOqM9UDrf6Yqiuu1C1Q50g
      EpicUpdate.exe
      Remote address:
      167.172.35.137:80
      Request
      POST /service/update2?w=3:OpMuexCJVOfG9vF4ji09ri_mfcYgVfgD5mIyhp7NDCLgsyi553h8mvN52byZHIso5EGNZp6QdwJuRZ-FMI2mYX4cfc30sGq1Puh1Zsg_oA1Ti6Ggx_WA-JHpqGthLQqwjBfDlVdq_P8yCaCPjKpxCSOqM9UDrf6Yqiuu1C1Q50g HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      If-Match: "NT5PWl6NztSFeHZ8BOLrADoGSLo"
      User-Agent: Google Update/1.3.29.13;winhttp;cup
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Content-Length: 459
      Host: updates.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:35:02 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Vary: Accept-Encoding
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Transfer-Encoding: chunked
      Content-Type: text/html; charset=utf-8
    • flag-nl
      POST
      https://updates.epicbrowser.com/service/update2
      EpicUpdate.exe
      Remote address:
      167.172.35.137:443
      Request
      POST /service/update2 HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Google Update/1.3.29.13;winhttp
      X-Last-HR: 0x80040880
      X-Last-HTTP-Status-Code: 200
      X-Retry-Count: 0
      Content-Length: 459
      Host: updates.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:35:07 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Vary: Accept-Encoding
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Transfer-Encoding: chunked
      Content-Type: text/html; charset=utf-8
    • flag-us
      DNS
      cdn.epicbrowser.com
      Remote address:
      8.8.8.8:53
      Request
      cdn.epicbrowser.com
      IN A
      Response
      cdn.epicbrowser.com
      IN A
      104.21.71.132
      cdn.epicbrowser.com
      IN A
      172.67.170.148
    • flag-us
      HEAD
      https://cdn.epicbrowser.com/v120/mini_installer.exe
      Remote address:
      104.21.71.132:443
      Request
      HEAD /v120/mini_installer.exe HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      User-Agent: Microsoft BITS/7.5
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Host: cdn.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:39:02 GMT
      Content-Type: application/octet-stream
      Content-Length: 129506256
      Connection: keep-alive
      cdn-pullzone: 55901
      cdn-uid: af8b949e-8a48-4a3d-aa8b-cac423f0b8b6
      cdn-requestcountrycode: GB
      Cache-Control: public, max-age=2592000
      last-modified: Mon, 11 Dec 2023 09:21:47 GMT
      cdn-storageserver: DE-599
      cdn-fileserver: 570
      cdn-proxyver: 1.04
      cdn-requestpullsuccess: True
      cdn-requestpullcode: 206
      cdn-cachedat: 12/11/2023 19:58:06
      cdn-edgestorageid: 958
      cdn-status: 200
      cdn-requestid: 2c154d49c6e6039546d13bf05ef97fe6
      cdn-cache: HIT
      CF-Cache-Status: HIT
      Age: 1045
      Accept-Ranges: bytes
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y8kIKRzl0qXNsC53S5YN9YsBeyooGISs33nHO9umqQD66g8v2dxWj9tEqXkXa9s9Fsen71moo5uP5k7iVRpjSDHzh8zJUFQr27YJpz4PNK1F85tdJEh6rNwJnsnr7s%2FE4i5%2ButZw"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      Server: cloudflare
      CF-RAY: 87130126ffa663f5-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      https://cdn.epicbrowser.com/v120/mini_installer.exe
      Remote address:
      104.21.71.132:443
      Request
      GET /v120/mini_installer.exe HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      If-Unmodified-Since: Mon, 11 Dec 2023 09:21:47 GMT
      User-Agent: Microsoft BITS/7.5
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Host: cdn.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:39:02 GMT
      Content-Type: application/octet-stream
      Content-Length: 129506256
      Connection: keep-alive
      cdn-pullzone: 55901
      cdn-uid: af8b949e-8a48-4a3d-aa8b-cac423f0b8b6
      cdn-requestcountrycode: GB
      Cache-Control: public, max-age=2592000
      last-modified: Mon, 11 Dec 2023 09:21:47 GMT
      cdn-storageserver: DE-599
      cdn-fileserver: 570
      cdn-proxyver: 1.04
      cdn-requestpullsuccess: True
      cdn-requestpullcode: 206
      cdn-cachedat: 12/11/2023 19:58:06
      cdn-edgestorageid: 958
      cdn-status: 200
      cdn-requestid: 2c154d49c6e6039546d13bf05ef97fe6
      cdn-cache: HIT
      CF-Cache-Status: HIT
      Age: 1045
      Accept-Ranges: bytes
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qQH%2FzyWHj4RwhQXojNf3dUuk5mxD%2BkVwAMfPxFjz8JSX1BSNEDU%2FE9thTiK7HeCPOE9KvQHmRcGPmzaVc3vBkqMih5o2Gm3Dw6%2Bd39iCBowIvBVjs4a1p%2BBdVBTUWm5LVwFyZHqI"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      Server: cloudflare
      CF-RAY: 87130127482b63f5-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      apps.identrust.com
      Remote address:
      8.8.8.8:53
      Request
      apps.identrust.com
      IN A
      Response
      apps.identrust.com
      IN CNAME
      identrust.edgesuite.net
      identrust.edgesuite.net
      IN CNAME
      a1952.dscq.akamai.net
      a1952.dscq.akamai.net
      IN A
      23.14.90.73
      a1952.dscq.akamai.net
      IN A
      23.14.90.91
    • flag-be
      GET
      http://apps.identrust.com/roots/dstrootcax3.p7c
      Remote address:
      23.14.90.73:80
      Request
      GET /roots/dstrootcax3.p7c HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/6.1
      Host: apps.identrust.com
      Response
      HTTP/1.1 200 OK
      X-XSS-Protection: 1; mode=block
      X-Frame-Options: SAMEORIGIN
      X-Content-Type-Options: nosniff
      X-Robots-Tag: noindex
      Referrer-Policy: same-origin
      Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
      ETag: "37d-6079b8c0929c0"
      Accept-Ranges: bytes
      Content-Length: 893
      X-Content-Type-Options: nosniff
      X-Frame-Options: sameorigin
      Content-Type: application/pkcs7-mime
      Cache-Control: max-age=3600
      Expires: Mon, 08 Apr 2024 15:39:01 GMT
      Date: Mon, 08 Apr 2024 14:39:01 GMT
      Connection: keep-alive
    • flag-us
      DNS
      clients2.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      clients2.google.com
      IN A
      Response
      clients2.google.com
      IN CNAME
      clients.l.google.com
      clients.l.google.com
      IN A
      216.58.206.46
    • flag-us
      DNS
      clients2.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      clients2.google.com
      IN Unknown
      Response
      clients2.google.com
      IN CNAME
      clients.l.google.com
    • flag-us
      DNS
      redirector.gvt1.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      redirector.gvt1.com
      IN A
      Response
      redirector.gvt1.com
      IN A
      216.58.201.110
    • flag-us
      DNS
      redirector.gvt1.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      redirector.gvt1.com
      IN Unknown
      Response
    • flag-us
      DNS
      epicbrowser.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      epicbrowser.com
      IN A
      Response
      epicbrowser.com
      IN A
      185.199.110.153
    • flag-us
      DNS
      epicbrowser.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      epicbrowser.com
      IN Unknown
      Response
    • flag-us
      DNS
      accounts.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      accounts.google.com
      IN A
      Response
      accounts.google.com
      IN A
      142.251.173.84
    • flag-us
      DNS
      accounts.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      accounts.google.com
      IN Unknown
      Response
    • flag-us
      DNS
      www.epicbrowser.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      www.epicbrowser.com
      IN A
      Response
      www.epicbrowser.com
      IN CNAME
      theprop.github.io
      theprop.github.io
      IN A
      185.199.108.153
      theprop.github.io
      IN A
      185.199.109.153
      theprop.github.io
      IN A
      185.199.110.153
      theprop.github.io
      IN A
      185.199.111.153
    • flag-us
      DNS
      www.epicbrowser.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      www.epicbrowser.com
      IN Unknown
      Response
      www.epicbrowser.com
      IN CNAME
      theprop.github.io
    • flag-de
      GET
      http://clients2.google.com/time/1/current?cup2key=6:YGht8QXLIDFedWc40o6N__mvXK6mOPKb3gUTnaXQDgo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      epic.exe
      Remote address:
      216.58.206.46:80
      Request
      GET /time/1/current?cup2key=6:YGht8QXLIDFedWc40o6N__mvXK6mOPKb3gUTnaXQDgo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
      Host: clients2.google.com
      Connection: keep-alive
      Pragma: no-cache
      Cache-Control: no-cache
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
      Accept-Encoding: gzip, deflate
      Response
      HTTP/1.1 200 OK
      Content-Type: application/json; charset=utf-8
      Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
      X-Content-Type-Options: nosniff
      x-cup-server-proof: 3044022017a95d23ae6a31f01f7a5b19c2dd1ee0dab7997be6901e211794aaf2944b4e9a02204f89ee7f1567e8fab5ddfbdafba1397236f8655c9c1dce4312bc6fd28b08a503:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      ETag: W/"3044022017a95d23ae6a31f01f7a5b19c2dd1ee0dab7997be6901e211794aaf2944b4e9a02204f89ee7f1567e8fab5ddfbdafba1397236f8655c9c1dce4312bc6fd28b08a503:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 08 Apr 2024 14:39:56 GMT
      Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
      Cross-Origin-Opener-Policy: same-origin
      Cross-Origin-Resource-Policy: same-site
      Content-Encoding: gzip
      Transfer-Encoding: chunked
      Server: ESF
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
    • flag-de
      GET
      http://clients2.google.com/time/1/current?cup2key=6:DTknufPwwPSH2FQ9RxpKgViFilorDPGg9UZ83gf4DeA&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      epic.exe
      Remote address:
      216.58.206.46:80
      Request
      GET /time/1/current?cup2key=6:DTknufPwwPSH2FQ9RxpKgViFilorDPGg9UZ83gf4DeA&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
      Host: clients2.google.com
      Connection: keep-alive
      Pragma: no-cache
      Cache-Control: no-cache
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
      Accept-Encoding: gzip, deflate
      Response
      HTTP/1.1 200 OK
      Content-Type: application/json; charset=utf-8
      Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
      X-Content-Type-Options: nosniff
      x-cup-server-proof: 304302204cdee718c5b7bfa1f977fb1fc667b8a4e1df3b1983012d49db9cd6e754a54f72021f2b35ed4f38b74ee5144ea739180d209a50ec26ad097c6fb3a308da63f51f71:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      ETag: W/"304302204cdee718c5b7bfa1f977fb1fc667b8a4e1df3b1983012d49db9cd6e754a54f72021f2b35ed4f38b74ee5144ea739180d209a50ec26ad097c6fb3a308da63f51f71:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 08 Apr 2024 14:39:58 GMT
      Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
      Cross-Origin-Resource-Policy: same-site
      Cross-Origin-Opener-Policy: same-origin
      Content-Encoding: gzip
      Transfer-Encoding: chunked
      Server: ESF
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
    • flag-de
      GET
      http://clients2.google.com/time/1/current?cup2key=6:yBJMJTmDwL1LRBFQfXJk9b4QVq5UgI0d6BQb2sHhwco&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      epic.exe
      Remote address:
      216.58.206.46:80
      Request
      GET /time/1/current?cup2key=6:yBJMJTmDwL1LRBFQfXJk9b4QVq5UgI0d6BQb2sHhwco&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
      Host: clients2.google.com
      Connection: keep-alive
      Pragma: no-cache
      Cache-Control: no-cache
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
      Accept-Encoding: gzip, deflate
      Response
      HTTP/1.1 200 OK
      Content-Type: application/json; charset=utf-8
      Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
      X-Content-Type-Options: nosniff
      x-cup-server-proof: 3045022100a5625ee805e46093832ea2255c8487a3ee156b9499fb243b75dcbd555b8e92660220563d0b0a37d79cc5272226c2ebedf34560b00130074d5d047277fffad26fc09c:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      ETag: W/"3045022100a5625ee805e46093832ea2255c8487a3ee156b9499fb243b75dcbd555b8e92660220563d0b0a37d79cc5272226c2ebedf34560b00130074d5d047277fffad26fc09c:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 08 Apr 2024 14:40:00 GMT
      Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
      Cross-Origin-Resource-Policy: same-site
      Cross-Origin-Opener-Policy: same-origin
      Content-Encoding: gzip
      Transfer-Encoding: chunked
      Server: ESF
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
    • flag-de
      GET
      http://clients2.google.com/time/1/current?cup2key=6:v3h72OY9kSvNCqTo1IFdr8UVrn4uDWyo96F_n2nMedY&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      epic.exe
      Remote address:
      216.58.206.46:80
      Request
      GET /time/1/current?cup2key=6:v3h72OY9kSvNCqTo1IFdr8UVrn4uDWyo96F_n2nMedY&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
      Host: clients2.google.com
      Connection: keep-alive
      Pragma: no-cache
      Cache-Control: no-cache
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
      Accept-Encoding: gzip, deflate
      Response
      HTTP/1.1 200 OK
      Content-Type: application/json; charset=utf-8
      Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
      X-Content-Type-Options: nosniff
      x-cup-server-proof: 3044022057bdff9959c28e3dd5f8677af9c5fefa9225dd3ddf1eaf4ef4dea2ff93eaca6702202ef12ebde9692ba8be97eabbdb37d3767a793fbf58542c2c6c4fc64b91240b85:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      ETag: W/"3044022057bdff9959c28e3dd5f8677af9c5fefa9225dd3ddf1eaf4ef4dea2ff93eaca6702202ef12ebde9692ba8be97eabbdb37d3767a793fbf58542c2c6c4fc64b91240b85:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 08 Apr 2024 14:40:02 GMT
      Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
      Cross-Origin-Resource-Policy: same-site
      Cross-Origin-Opener-Policy: same-origin
      Content-Encoding: gzip
      Transfer-Encoding: chunked
      Server: ESF
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
    • flag-us
      DNS
      r1---sn-aigl6nsr.gvt1.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      r1---sn-aigl6nsr.gvt1.com
      IN A
      Response
      r1---sn-aigl6nsr.gvt1.com
      IN CNAME
      r1.sn-aigl6nsr.gvt1.com
      r1.sn-aigl6nsr.gvt1.com
      IN A
      74.125.105.134
    • flag-us
      DNS
      r1---sn-aigl6nsr.gvt1.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      r1---sn-aigl6nsr.gvt1.com
      IN Unknown
      Response
      r1---sn-aigl6nsr.gvt1.com
      IN CNAME
      r1.sn-aigl6nsr.gvt1.com
    • flag-us
      DNS
      clients2.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      clients2.google.com
      IN A
      Response
      clients2.google.com
      IN CNAME
      clients.l.google.com
      clients.l.google.com
      IN A
      172.217.16.238
    • flag-us
      DNS
      clients2.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      clients2.google.com
      IN Unknown
      Response
      clients2.google.com
      IN CNAME
      clients.l.google.com
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN A
      Response
      dns.google
      IN A
      8.8.8.8
      dns.google
      IN A
      8.8.4.4
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN Unknown
      Response
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN A
      Response
      dns.google
      IN A
      8.8.8.8
      dns.google
      IN A
      8.8.4.4
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN Unknown
      Response
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN A
      Response
      dns.google
      IN A
      8.8.4.4
      dns.google
      IN A
      8.8.8.8
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN Unknown
      Response
    • flag-nl
      GET
      http://updates.epicbrowser.com/extensions/newtab/useragent.xml
      epic.exe
      Remote address:
      128.199.39.15:80
      Request
      GET /extensions/newtab/useragent.xml HTTP/1.1
      Host: updates.epicbrowser.com
      Connection: keep-alive
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
      DNT: 1
      Accept: */*
      Accept-Encoding: gzip, deflate
      Accept-Language: en-US,en;q=0.9
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:35:28 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Last-Modified: Mon, 03 Aug 2020 08:59:43 GMT
      ETag: "2c-5abf55c1045e2"
      Accept-Ranges: bytes
      Content-Length: 44
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Content-Type: application/xml
    • flag-nl
      POST
      http://updates.epicbrowser.com/service/update2
      EpicUpdate.exe
      Remote address:
      167.172.35.137:80
      Request
      POST /service/update2 HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Google Update/1.3.29.13;winhttp
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Content-Length: 859
      Host: updates.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:36:36 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Vary: Accept-Encoding
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Transfer-Encoding: chunked
      Content-Type: text/html; charset=utf-8
    • 178.128.252.188:80
      http://updates.epicbrowser.com/service/update2
      http
      EpicUpdate.exe
      1.0kB
       810 B
       6
      5

      HTTP Request

      POST http://updates.epicbrowser.com/service/update2

      HTTP Response

      200
    • 167.172.35.137:80
      http://updates.epicbrowser.com/service/check2?appid=%7BB852E7B1-908A-48EF-9576-CBE23654D907%7D&appversion=1.3.29.13&applang=&machine=0&version=0.0.0.0&osversion=6.1&servicepack=Service%20Pack%201
      http
      EpicUpdate.exe
      709 B
       3.3kB
       7
      7

      HTTP Request

      GET http://updates.epicbrowser.com/service/check2?appid=%7BB852E7B1-908A-48EF-9576-CBE23654D907%7D&appversion=1.3.29.13&applang=&machine=0&version=0.0.0.0&osversion=6.1&servicepack=Service%20Pack%201

      HTTP Response

      404
    • 167.172.35.137:80
      http://updates.epicbrowser.com/service/update2?w=3:OpMuexCJVOfG9vF4ji09ri_mfcYgVfgD5mIyhp7NDCLgsyi553h8mvN52byZHIso5EGNZp6QdwJuRZ-FMI2mYX4cfc30sGq1Puh1Zsg_oA1Ti6Ggx_WA-JHpqGthLQqwjBfDlVdq_P8yCaCPjKpxCSOqM9UDrf6Yqiuu1C1Q50g
      http
      EpicUpdate.exe
      1.3kB
       1.5kB
       9
      8

      HTTP Request

      POST http://updates.epicbrowser.com/service/update2?w=3:OpMuexCJVOfG9vF4ji09ri_mfcYgVfgD5mIyhp7NDCLgsyi553h8mvN52byZHIso5EGNZp6QdwJuRZ-FMI2mYX4cfc30sGq1Puh1Zsg_oA1Ti6Ggx_WA-JHpqGthLQqwjBfDlVdq_P8yCaCPjKpxCSOqM9UDrf6Yqiuu1C1Q50g

      HTTP Response

      200
    • 167.172.35.137:443
      https://updates.epicbrowser.com/service/update2
      tls, http
      EpicUpdate.exe
      2.1kB
       8.4kB
       17
      16

      HTTP Request

      POST https://updates.epicbrowser.com/service/update2

      HTTP Response

      200
    • 104.21.71.132:443
      https://cdn.epicbrowser.com/v120/mini_installer.exe
      tls, http
      3.1MB
       133.9MB
       59488
      95941

      HTTP Request

      HEAD https://cdn.epicbrowser.com/v120/mini_installer.exe

      HTTP Response

      200

      HTTP Request

      GET https://cdn.epicbrowser.com/v120/mini_installer.exe

      HTTP Response

      200
    • 23.14.90.73:80
      http://apps.identrust.com/roots/dstrootcax3.p7c
      http
      421 B
       1.6kB
       6
      4

      HTTP Request

      GET http://apps.identrust.com/roots/dstrootcax3.p7c

      HTTP Response

      200
    • 216.58.206.46:80
      http://clients2.google.com/time/1/current?cup2key=6:v3h72OY9kSvNCqTo1IFdr8UVrn4uDWyo96F_n2nMedY&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      http
      epic.exe
      2.1kB
       5.2kB
       11
      13

      HTTP Request

      GET http://clients2.google.com/time/1/current?cup2key=6:YGht8QXLIDFedWc40o6N__mvXK6mOPKb3gUTnaXQDgo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      HTTP Response

      200

      HTTP Request

      GET http://clients2.google.com/time/1/current?cup2key=6:DTknufPwwPSH2FQ9RxpKgViFilorDPGg9UZ83gf4DeA&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      HTTP Response

      200

      HTTP Request

      GET http://clients2.google.com/time/1/current?cup2key=6:yBJMJTmDwL1LRBFQfXJk9b4QVq5UgI0d6BQb2sHhwco&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      HTTP Response

      200

      HTTP Request

      GET http://clients2.google.com/time/1/current?cup2key=6:v3h72OY9kSvNCqTo1IFdr8UVrn4uDWyo96F_n2nMedY&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      HTTP Response

      200
    • 185.199.110.153:443
      epicbrowser.com
      tls
      epic.exe
      43.4kB
       2.0MB
       833
      1492
    • 185.199.110.153:443
      epicbrowser.com
      tls
      epic.exe
      943 B
       4.3kB
       8
      9
    • 216.58.201.110:443
      redirector.gvt1.com
      tls
      epic.exe
      1.7kB
       9.8kB
       15
      18
    • 142.251.173.84:443
      accounts.google.com
      tls
      epic.exe
      1.7kB
       8.0kB
       14
      16
    • 185.199.108.153:443
      www.epicbrowser.com
      tls
      epic.exe
      1.6kB
       5.5kB
       10
      13
    • 74.125.105.134:443
      r1---sn-aigl6nsr.gvt1.com
      tls
      epic.exe
      943 B
       5.6kB
       8
      9
    • 172.217.16.238:443
      clients2.google.com
      tls
      epic.exe
      2.6kB
       9.8kB
       15
      17
    • 8.8.8.8:443
      dns.google
      tls
      epic.exe
      2.9kB
       8.7kB
       24
      24
    • 8.8.8.8:443
      dns.google
      tls
      epic.exe
      1.6kB
       7.0kB
       14
      13
    • 8.8.4.4:443
      dns.google
      tls
      epic.exe
      1.6kB
       7.0kB
       14
      14
    • 104.21.71.132:443
      cdn.epicbrowser.com
      tls
      epic.exe
      6.3kB
       145.7kB
       100
      123
    • 104.21.71.132:443
      cdn.epicbrowser.com
      tls
      epic.exe
      943 B
       4.5kB
       8
      7
    • 104.21.71.132:443
      cdn.epicbrowser.com
      tls
      epic.exe
      943 B
       4.5kB
       8
      7
    • 128.199.39.15:80
      http://updates.epicbrowser.com/extensions/newtab/useragent.xml
      http
      epic.exe
      597 B
       916 B
       6
      6

      HTTP Request

      GET http://updates.epicbrowser.com/extensions/newtab/useragent.xml

      HTTP Response

      200
    • 64.227.42.236:443
      nt.epicbrowser.com
      tls
      epic.exe
      1.6kB
       5.8kB
       10
      11
    • 167.172.35.137:80
      http://updates.epicbrowser.com/service/update2
      http
      EpicUpdate.exe
      1.4kB
       1.5kB
       7
      6

      HTTP Request

      POST http://updates.epicbrowser.com/service/update2

      HTTP Response

      200
    • 142.250.178.3:443
      update.googleapis.com
      tls
      epic.exe
      6.1kB
       11.9kB
       18
      20
    • 8.8.8.8:53
      updates.epicbrowser.com
      dns
      EpicUpdate.exe
      69 B
       133 B
       1
      1

      DNS Request

      updates.epicbrowser.com

      DNS Response

      178.128.252.188
      128.199.39.15
      167.172.35.137
      206.189.4.63

    • 8.8.8.8:53
      updates.epicbrowser.com
      dns
      EpicUpdate.exe
      69 B
       133 B
       1
      1

      DNS Request

      updates.epicbrowser.com

      DNS Response

      167.172.35.137
      128.199.39.15
      178.128.252.188
      206.189.4.63

    • 8.8.8.8:53
      cdn.epicbrowser.com
      dns
      65 B
       97 B
       1
      1

      DNS Request

      cdn.epicbrowser.com

      DNS Response

      104.21.71.132
      172.67.170.148

    • 8.8.8.8:53
      apps.identrust.com
      dns
      64 B
       165 B
       1
      1

      DNS Request

      apps.identrust.com

      DNS Response

      23.14.90.73
      23.14.90.91

    • 8.8.8.8:53
      clients2.google.com
      dns
      epic.exe
      65 B
       105 B
       1
      1

      DNS Request

      clients2.google.com

      DNS Response

      216.58.206.46

    • 8.8.8.8:53
      clients2.google.com
      dns
      epic.exe
      65 B
       139 B
       1
      1

      DNS Request

      clients2.google.com

    • 8.8.8.8:53
      redirector.gvt1.com
      dns
      epic.exe
      65 B
       81 B
       1
      1

      DNS Request

      redirector.gvt1.com

      DNS Response

      216.58.201.110

    • 8.8.8.8:53
      redirector.gvt1.com
      dns
      epic.exe
      65 B
       122 B
       1
      1

      DNS Request

      redirector.gvt1.com

    • 8.8.8.8:53
      epicbrowser.com
      dns
      epic.exe
      61 B
       77 B
       1
      1

      DNS Request

      epicbrowser.com

      DNS Response

      185.199.110.153

    • 8.8.8.8:53
      epicbrowser.com
      dns
      epic.exe
      61 B
       119 B
       1
      1

      DNS Request

      epicbrowser.com

    • 8.8.8.8:53
      accounts.google.com
      dns
      epic.exe
      65 B
       81 B
       1
      1

      DNS Request

      accounts.google.com

      DNS Response

      142.251.173.84

    • 8.8.8.8:53
      accounts.google.com
      dns
      epic.exe
      65 B
       115 B
       1
      1

      DNS Request

      accounts.google.com

    • 8.8.8.8:53
      www.epicbrowser.com
      dns
      epic.exe
      65 B
       160 B
       1
      1

      DNS Request

      www.epicbrowser.com

      DNS Response

      185.199.108.153
      185.199.109.153
      185.199.110.153
      185.199.111.153

    • 8.8.8.8:53
      www.epicbrowser.com
      dns
      epic.exe
      65 B
       180 B
       1
      1

      DNS Request

      www.epicbrowser.com

    • 8.8.8.8:53
      r1---sn-aigl6nsr.gvt1.com
      dns
      epic.exe
      71 B
       116 B
       1
      1

      DNS Request

      r1---sn-aigl6nsr.gvt1.com

      DNS Response

      74.125.105.134

    • 8.8.8.8:53
      r1---sn-aigl6nsr.gvt1.com
      dns
      epic.exe
      71 B
       157 B
       1
      1

      DNS Request

      r1---sn-aigl6nsr.gvt1.com

    • 74.125.105.134:443
      r1---sn-aigl6nsr.gvt1.com
      https
      epic.exe
      6.9kB
       478.4kB
       85
      379
    • 8.8.8.8:53
      clients2.google.com
      dns
      epic.exe
      65 B
       105 B
       1
      1

      DNS Request

      clients2.google.com

      DNS Response

      172.217.16.238

    • 8.8.8.8:53
      clients2.google.com
      dns
      epic.exe
      65 B
       139 B
       1
      1

      DNS Request

      clients2.google.com

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
       88 B
       1
      1

      DNS Request

      dns.google

      DNS Response

      8.8.8.8
      8.8.4.4

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
       132 B
       1
      1

      DNS Request

      dns.google

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
       88 B
       1
      1

      DNS Request

      dns.google

      DNS Response

      8.8.8.8
      8.8.4.4

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
       132 B
       1
      1

      DNS Request

      dns.google

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
       88 B
       1
      1

      DNS Request

      dns.google

      DNS Response

      8.8.4.4
      8.8.8.8

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
       132 B
       1
      1

      DNS Request

      dns.google

    • 224.0.0.251:5353
      epic.exe
      204 B
       3
    • 8.8.4.4:443
      dns.google
      https
      epic.exe
      3.8kB
       10.6kB
       23
      29
    • 104.21.71.132:443
      cdn.epicbrowser.com
      https
      epic.exe
      14.6kB
       779.2kB
       141
      660
    • 8.8.8.8:443
      dns.google
      https
      epic.exe
      4.5kB
       6.5kB
       10
      10

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Epic Privacy Browser\Installer\Log\EpicUpdate.log
      Filesize

      128KB

      MD5

      f9f7891dc4f54af0a5c77d7fb6969af1

      SHA1

      6ba5ff670df24adfdba12bf8678407c0670c9b2d

      SHA256

      5880da35c95bf0656d7fba35862383cd1f8e73c2a1a314bca2a79eafcce90252

      SHA512

      e48cac6a7add9e938cc5bc4c7dbf908ca10ea5a44ceada9c4419bb77636aa028ca66b5900c346145812ea1b810c5e8ad55ba2d8ec378918482d952f6185fa780

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\120.0.6099.71\Installer\setup.exe
      Filesize

      2.5MB

      MD5

      e6b35b8a8020960b8c1f19d6dcd3d4da

      SHA1

      7c86589f76cb835d34ec0a705a28becda2b18154

      SHA256

      c2f72a462b58e38804130d8a3be427bda639f759cf3c622bb1353e89ada5ec80

      SHA512

      a58538d79a56dc09fb6768bb01b3fc68b6fa839244eb93666de771153e5a2c7786c8165de363cd4c3faa6f7002e841786727923510c39423652a478824930787

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\mini_installer.exe
      Filesize

      123.5MB

      MD5

      40bdb0d644d15cdf3fd5a7b66fc3b666

      SHA1

      8cf0a0211d73cb591039e269df686deccb071111

      SHA256

      19b23e793e11c4fdb9952712a032592055082b1f02792665a93a961ad292732e

      SHA512

      9a3b778ad99c48ef2423aec60ac01ee1b98d4905e83f8df5bf8722ee8c98886fb028ff64c80286cc798a724e027e929706390f8d94accc46c815b775c6fff537

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad\settings.dat
      Filesize

      40B

      MD5

      905c9f348f489f245fe140fe5bbcf466

      SHA1

      fa70c09e3030ed2a9b44e5165fc2e78a98377179

      SHA256

      843496b6503dde63c0555bfff9dbd557b079759981ea58c3a1ed6dad633e11c1

      SHA512

      9dcb23dfd996b81bdc2e814a09521ae831f07ad934985750857dbddf7a1a1755b82f2772973e8434bd5f54179d26e93ded6b7421b2a546f77f2160b35bf59237

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\49f46ad9-eccc-4555-9ed6-525e8df8c922.tmp
      Filesize

      211KB

      MD5

      847881642c356fe9b957f529d031bbd7

      SHA1

      cde3f2af0cc9ecb436aa51f73b22e2eb68e1582e

      SHA256

      a081a765af53ea089bb7dfe5f46ff07e93b4f0cec94bd5bd1ba5f2f22f56634a

      SHA512

      7ba6fd4da828f73ba64e626f6f98074ef90b6676b970770e18a18a4932ae47f97e9dec816daf2b66182f40dded5631e158a75ba169eb0551ba76ab2b34e90c25

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Code Cache\js\index-dir\the-real-index
      Filesize

      48B

      MD5

      05ab28702c0e75b37cef8fe9e59a0345

      SHA1

      a46f7084ce3dffab3d4c6bdb4d8b5cee124b0c15

      SHA256

      b6970ba1db0ecc62c0019fda2bd500d2bf1ca9484b39aa1ce8ede102657a74dd

      SHA512

      b8405c9925fbd78c002947123b1078bf16563be1a34ec964531c7788ebc2586a6f8e337ef458580af0380ded44be4f7545f32229f07aa651db52da6d1f2a8bfe

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\DawnCache\data_1
      Filesize

      264KB

      MD5

      f50f89a0a91564d0b8a211f8921aa7de

      SHA1

      112403a17dd69d5b9018b8cede023cb3b54eab7d

      SHA256

      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

      SHA512

      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Network\SCT Auditing Pending Reports
      Filesize

      2B

      MD5

      d751713988987e9331980363e24189ce

      SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

      SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

      SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Preferences
      Filesize

      4KB

      MD5

      d1a939c087b771fd2a71c034e9128138

      SHA1

      144ecc3f737c0544737d1a0175d175c5da835f12

      SHA256

      05b50a410dc85a15d62949a1e8f71ec3d273c00cfb518491de2a90f9e6cde2c2

      SHA512

      21384c5db92abcbf3ed55a8c020f47e8d95dc6230151901758c10e4d5f5ce03e503f0c3cd51f37c696bb40be3c14b40da921941b7128e9da0c31342c07ce90a4

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Site Characteristics Database\CURRENT~RFf778363.TMP
      Filesize

      16B

      MD5

      46295cac801e5d4857d09837238a6394

      SHA1

      44e0fa1b517dbf802b18faf0785eeea6ac51594b

      SHA256

      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

      SHA512

      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Sync Data\LevelDB\000002.dbtmp
      Filesize

      16B

      MD5

      206702161f94c5cd39fadd03f4014d98

      SHA1

      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

      SHA256

      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

      SHA512

      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\d75cb106-d60a-40c3-b5e4-06fb6152cdd7.tmp
      Filesize

      4KB

      MD5

      36d3572078543e84a709cb2dfaee443c

      SHA1

      52f1067b86cca52f14074c7b98dbbfa23d0abb68

      SHA256

      a237ad12bbc17c8578a6630f7d94517202308b011beccabe8d74e9f03adfa00c

      SHA512

      a2f1bf594b66f1504bb030476fca00ff083ce56f48a6099d225b0e27384e7103534d1fa3f897903ddad68bfe06f438553677d67c7f28abd6f12591f845834f4a

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
      Filesize

      41B

      MD5

      5af87dfd673ba2115e2fcf5cfdb727ab

      SHA1

      d5b5bbf396dc291274584ef71f444f420b6056f1

      SHA256

      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

      SHA512

      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Local State
      Filesize

      2KB

      MD5

      69a19cd732fc5d6b1f1184fe1820f989

      SHA1

      f1701cf272c712c7f399bc01233d5e7c1aa4b059

      SHA256

      7c68b0cbbe1334bafd4fa0938255d327415cde7f4c9426570acc8b6b101bdf6a

      SHA512

      ffae1837683cf69dadb9e6c86a3fc1663e11b0b2229b364997ba678faea5ff1d1845f170e8ac498959f29d75d7ae9f4d851786fb98aa94129c37143a89a8482d

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\ShaderCache\data_0
      Filesize

      8KB

      MD5

      cf89d16bb9107c631daabf0c0ee58efb

      SHA1

      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

      SHA256

      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

      SHA512

      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\ShaderCache\data_2
      Filesize

      8KB

      MD5

      0962291d6d367570bee5454721c17e11

      SHA1

      59d10a893ef321a706a9255176761366115bedcb

      SHA256

      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

      SHA512

      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

      Download Submit

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\ShaderCache\data_3
      Filesize

      8KB

      MD5

      41876349cb12d6db992f1309f22df3f0

      SHA1

      5cf26b3420fc0302cd0a71e8d029739b8765be27

      SHA256

      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

      SHA512

      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\155fadea-20ab-49a7-a01c-ff00c5332daf.tmp
      Filesize

      1B

      MD5

      5058f1af8388633f609cadb75a75dc9d

      SHA1

      3a52ce780950d4d969792a2559cd519d7ee8c727

      SHA256

      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

      SHA512

      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab6CF6.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdateHelper.msi
      Filesize

      40KB

      MD5

      c8f6a0a4a113c0b698a6ba6a4d82d7bc

      SHA1

      08c823d01961320f8429b338f835d6f8ff5db023

      SHA256

      e908d7d23aa40f74068f97c90b9acc1e103706425a7ffc2046fcba5e45b1d910

      SHA512

      ffcd47711a795a6e379fbf1e49441b26659fcd4ad79610e127edf1fb2f76c361406f483142e21311b16f3d3127109884fcde77a54cd3fce6f549ba81a7781aa2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdate.dll
      Filesize

      4.5MB

      MD5

      be1251e33e310931312839e7e92d5428

      SHA1

      ae5fa300f2346379390e86c1bc9dd5241e6096b5

      SHA256

      df801078e2512a40b32bdd801e771ad94ed9620b7be9e8146dbfbf08e6043281

      SHA512

      6dcc6c1df52c91ffb7a1a2eb340f58b9c6c617e43e6046d0aac13571f9854edc3f06cb5472e89447174fe7ba455c7552ba354ddc4d1e7d2c518b94de41b1dac2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_am.dll
      Filesize

      23KB

      MD5

      d88c63b686242cc71ffe7527e6bfc387

      SHA1

      d684c14aea47bd05bdf6b97ad2d83661bfd12da5

      SHA256

      1cc7bb6883bcbd0bfe08faba1bbae512fb5f9d8aacce1a80ee55955760e9f0c7

      SHA512

      f708e7c0e3fe655367306a0c3b91d6ee9ff5e80bc30c069c1d1969b7f46d00b46bac964a3b01b7f03b8a6c110521764e1e78f158b1c8d754520712f7188f9e45

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ar.dll
      Filesize

      24KB

      MD5

      de553ee3dac04b2a52e5b8317dbe3922

      SHA1

      2e98677a966e260738bc5a29c5019a1efc055c92

      SHA256

      65e2f79b249b2944a8f81980486574b15deff2db43ed61e5cf8edbb32959d242

      SHA512

      7f96853ee6cefb46c6ef58b9ca3bf0d4e94ec1e32b8a58a7f7aad52f1f16f4216946b045c191316779c170d72e28b7c8714d41cb90200b6dc5f8655ebcc939cd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_bg.dll
      Filesize

      28KB

      MD5

      81b8726d6f13c61d76f61f408f6387ad

      SHA1

      216791ae4cd983a22852f4056305ed60ae99591d

      SHA256

      fac78816992737c04db4c0ff5e2e872b36cbba33a5e881fec4e917595b624919

      SHA512

      70d1b2fa2580e43db78ab5040712b8e1f1bd0d72026546101d04689e2521b127280211b95dac4c4fd365ce9de17e1fc0710f2a3c1829319ad24aeeef79c5df11

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_bn.dll
      Filesize

      27KB

      MD5

      d57a370b804835a938258ed7859742bc

      SHA1

      dc75eb12bff887f43df461b04a4b2aae8a30c5a9

      SHA256

      ab965667ac81a9f405f9088c6a34e05c9f75fbb086dd721208983d543c48ddf9

      SHA512

      daa7df808c1282c7d199e1d15ee55168cf353465ae2d4f0122a70f988408d390d24ae1dc7f66e71ba9eda48c35761e852e349f806a15ed32486e16f034126afd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ca.dll
      Filesize

      27KB

      MD5

      96a28b5d2f3bfb0787959491688e530c

      SHA1

      e02aa14bcb527802e025c0eb3a577950fd5900ab

      SHA256

      d56a28be1253366645a16345175a09a63094785e3a88cb9d0b3fd2380bfbcd6c

      SHA512

      8fcf08f65ed0141a9b4344e1382bd3aeb8894a0984539165318c701c9f2e5958721d99d7b63c309c9c996d3574f82a2ecf001e19e5c2c4cc681044b1257446bd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_cs.dll
      Filesize

      26KB

      MD5

      e18d69356cf35dfd4e8351c730eab4ee

      SHA1

      f3b0227bf77776012d3d06c17d1a9a1bba4ddf85

      SHA256

      08a1833bcf351a9a8e830c606dd11abd765c33b424a77da1a24678f7b3366975

      SHA512

      54505db74d1e106e67d8b165421e91f8d29c563e9b8decc97a870532305c5a380b0b2e5d3810d11f58ba272e7c7d7a0733846d7b662a83ae504d7675da36b67c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_da.dll
      Filesize

      27KB

      MD5

      04d97fd41c84c1a976d1e53720bc2202

      SHA1

      526a06cb86d4cdd1b41e53a0d1f0a7b5d08d4332

      SHA256

      025b963e649bb16927b05161af59dbfed383ed5e6b70a9ca10a010d50760b2c4

      SHA512

      b437730b7303ef285c12d83f6a5d3c2b30c56455c4e26c8d32a4e9d8a42d5221736473ed7442c657dc7f6e021407f835e5b225c9b89823cbebec010b1503dfed

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_de.dll
      Filesize

      29KB

      MD5

      a9417a072b34c3f41ca98e5ef43ef1b7

      SHA1

      9669568a3f3e9082d0a95f3b6cecfb1fc55d378e

      SHA256

      8fe982e9c8fc1b4ed1795f47de27fbfa7ea2c4c18295077027954309e164bf37

      SHA512

      c496774c0de81cf2c50d111d8c9efda6cfc631643895182891598723bf84427c6b97d4836feb82ff6d9644c70d4c7dbbcd5479568ba5e1dbbc3a34833ba01a64

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_el.dll
      Filesize

      29KB

      MD5

      665a16ab999fe7b97286ae2f988e3eab

      SHA1

      c6962cc98464d0dd64f92065af4e0818d5b38616

      SHA256

      d0811d10ca70a3f1aefbe224e89b3094a66c77d675c7b227b05eb61a9d0b9312

      SHA512

      bc3528fb599a237c7dbcf3857f72a77786dc31c5ec1766e955cd1ed3b52c1831e420e19aa33cdb461fdc5370d3910081ae454f29adf915e1c57c68b9fae6403c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_en-GB.dll
      Filesize

      26KB

      MD5

      0326479ee247f6c643833ed7858da929

      SHA1

      e3973d7fb630ed958739f2afc1099ced7acaa890

      SHA256

      6fd1413a1eee2e8181df176388c0fede5c58f473e4637c6e845b45348d2377f0

      SHA512

      aedcac771168ffba3a46d88a75c067a727001e34cabc311b31fb5c3eb51be56d1aa09b6f791cf052033f0793825538c9271283b276634c2ce1a518b11143b83f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_es-419.dll
      Filesize

      27KB

      MD5

      737467326da390e801c46afa27bdf222

      SHA1

      e26a20456b5989761f4b007bf7f69fe38cd4c13e

      SHA256

      7e9041bc445a7bc64e7842c827e8206bec5d2de30b48382c808d1045521a2efb

      SHA512

      009fa89d01dbd498ef4f5026119f4d36110d2f88fe3ffa96d5326e2236fd363fd5e4ea6f0c54a0e869e055429fb5729737d938058173c8a3d285d79d890a89e5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_es.dll
      Filesize

      29KB

      MD5

      218bead93fe588064ce4ae59bb394f50

      SHA1

      d2d2f1450178725d6c6d78c81031f91a1987f48c

      SHA256

      4ccb12c38399b3d31484de4ac046cbe7216b46ef8b0d102a6d488a62ba827f7f

      SHA512

      227cc018faeebb1abf7426bf306f9d2ca48c11d349d01111af315eb1a02b27298bf52736848855ef90e4ec3b4c148894eb53e9663912ae37fa30d9eaba3b1125

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_et.dll
      Filesize

      26KB

      MD5

      6c943af4ebf403d95e7a6542a49d6dbc

      SHA1

      7acfc23ed5207b3a3910baeeb68af7d9efc89579

      SHA256

      c2463a6eee0caf3a9ce4aa91d234bc3633d8be4229ddea7fcdf41d1c515d376b

      SHA512

      e6a3dc76f45b5c541e9ae74a6562a2addc85146c3dbad0ef5bde2e0ad6338867586bdf4dea79488fad3ec1b53e934a0354a8a7a0ce767e783af21ca372f508d4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fa.dll
      Filesize

      25KB

      MD5

      a047b4703e5e72411fa453bd05f76311

      SHA1

      61a3e70dff8628ba5ce206ffef431d6376c85287

      SHA256

      d043d936ea3805d5111ec803e12b2c8ce50c551526028713b4445c3584c997f0

      SHA512

      985ed14af7c032a164dfe0e3542538756983eface5ce767be371c193366c209ae1f1fd3c529a886638a34bfc4281bf6b02ed4c9f1fd05339cbcdce0a09dd8b20

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fi.dll
      Filesize

      27KB

      MD5

      86c1e08adbfb154f51415789005f6123

      SHA1

      4bc5cafc6295a34524d32a23cfc27a0e0f81fd11

      SHA256

      7f5a0c886ccc6b9decbb77c99a146cb355754337eec837b7fda051c873da3d68

      SHA512

      619b1ce34fda5c67a874bd0be7e5cd34f4a3361335cc90c765ee7bf09ccf47a15448497d1c83728fe7949e8e40a53c0361c84877a3ffeb0a130e3891a445ce2d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fil.dll
      Filesize

      28KB

      MD5

      ddd37d2387261378a213b3ef2c21314e

      SHA1

      f4d85efcc2720bb7b65b0d50b1e8d20e5c28bf00

      SHA256

      a464f40505d2ef5fb558050e225ae8de6a7355d677a29dc3eb941c3fb66e18ca

      SHA512

      b97fdf1abb3c16ec86e51b33b24faf267cce84cdc3c53a38b668e83382114e947ed6e2806c7717e41e92c8a1763b58960c58c0d3a5fd644aeb5941eff89acee9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fr.dll
      Filesize

      28KB

      MD5

      bb6dcbee3a39fd54c3f357fe022fbc4d

      SHA1

      1604459acb7fd71542d1138828c7e2d1016a1ab6

      SHA256

      32208618047b53eee1b235de2c82abdaf006ffa59e91c238cb75eaac30cbd166

      SHA512

      c192ef041bae2369dc249a98791782176f81d0d174dcf82632594f939d1ab01bdb0e0681277d2fd315d8743abff59464ad9f6e092a5f2803832a0bd5197fe9c4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_gu.dll
      Filesize

      27KB

      MD5

      704dfd5af3aa897887feb87aa48e8318

      SHA1

      c125e771d60ac73ea6fa0f6959112f3cf131a2fc

      SHA256

      7fd17ba7a0c0baadfa2a0ca96b4d2f31dedc6b347dff41582b1e6637408fd4c3

      SHA512

      92417dcb1ca9c5054e8d820ddcf541658006fd2214ae834ffaeb7a82112810ebfac2afa8324d0b5767d1e14e8e3216ef2d5c049c9a8c659ebdc9e05b8155d2b4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_hi.dll
      Filesize

      27KB

      MD5

      0a47b1ef806c7880c645bd20b416055c

      SHA1

      f954be7b1f33af37ff3de4e1ea2483b71908bced

      SHA256

      757dd37980010c2e7da78b6f69e9a087ede1ad87a3c4d918e58d33932d525ef2

      SHA512

      8a6ff6b943d2730a0dac4ee873a5b0d3355b82ae5f85470d0d8130519f1efc2a2de19401096bc7d545938d9c32cd2253ef6bfa24a2aa54408a093ad21adeffd1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_hr.dll
      Filesize

      27KB

      MD5

      7dc48e2f1281d500eb74af4717389681

      SHA1

      bad753522a3dc76e4fbc8050b8d871b4bf8bd0d5

      SHA256

      d101854d9671ca7871f5b35ccbd672c2d0a754d566ed0540cec493d6b38f22d1

      SHA512

      ea4ef260922a1b71f895623b830f7952906136b41887b325a8b590f6d75a6d8edafcb1da85b28c0dcbc2981e68d47deae17e0f478debda9e174427fe582130e1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_hu.dll
      Filesize

      27KB

      MD5

      d61c4882cdceff3da989c403fb43d89f

      SHA1

      db2339b8f0c5db84e59f139bfbf1fcd4687a4cb3

      SHA256

      b3d70dc9d90317e413f4d9e3bdfe3dbabb59ac4d49a671726d770aad70f7e255

      SHA512

      3aea1526fdcf621aac38db213f776a28c0f82b8e0c2795901ca17a86cf8d3796cec937821e8ddd2eaae3ebbe251fab032cab4b466f1431d54097a6b7a80389f3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_id.dll
      Filesize

      26KB

      MD5

      d33c46a32430646966013db736a54a54

      SHA1

      9564b827d3b5a426499641d844ac611d19f85a91

      SHA256

      9fc4ddc3a79d558111b6c6786572d6d1456905743d23811a713b676f2adc6aa9

      SHA512

      19b5946f15da8bae96f499df8f14cf7f4a0e69717b97f21393b7e3cb00d40256e583e506d154109888a193fe215310f09c7a4e0eb0795e1f4bc3b8880d3872bd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_is.dll
      Filesize

      26KB

      MD5

      c2881f5e67dd3978567fbda4a007eef7

      SHA1

      32281d03b79449b0fc96b6191ed23749c71fc10a

      SHA256

      e536892e77d123bd31fcfed7e387b3f03bb0aa7a4c5a20676414efe467d4e8e4

      SHA512

      8dbad99967fe4d309a37d3b259c7ce6ce3d36618d3673cd86c0efae5e4e84b5d82cd477e3f7843810d3c034799412455755adc09f617f4dd84e238bf16858f0e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_it.dll
      Filesize

      28KB

      MD5

      7c8e9dec722a5c374193772d1030cca7

      SHA1

      901f5cfcf275ceb3c7ef6d4dbc6d959cb05548a6

      SHA256

      4004b81177aa7c1421f14acbe76683d72b9f2df2cbe54f59bdae2ff263ecf2ba

      SHA512

      fc570b941823618272c843f43f365a2c386130874798e420bbb61578387e7d3979ca6b536cbce42c24042e90655bc711b087757bcc7d6aafaff014376f472dfe

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_iw.dll
      Filesize

      24KB

      MD5

      0a3a248253c7a9f8532e25b5c4736a52

      SHA1

      26ff1accd9f5bad304717b90f986da666e9eef75

      SHA256

      6ab18120723bd8fbb204962026bcea1b23c2bf488a24180b5839243375709fb0

      SHA512

      39b3ce881b8ea81e512ed963c249e241237085d36d3b9c230ac08ea61c1e8e1365d534983c88a7673fa3d188006b0ad788579c844b800aacf50f5947291f9e36

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ja.dll
      Filesize

      22KB

      MD5

      5a2e260a1dada2211820fc10eb1823dc

      SHA1

      2506a78c30aa296681a170704b258d3ddff52d2d

      SHA256

      f4d2f3f5cfad7e15ce51a1a597672fc959562decd1d4cac91d4cbdaf40b74b60

      SHA512

      43c7126cd6e436346fac37b4e7ca2fc8b8be8d1c4b01f5df0720b849af2cfe5721f5d1a5c1aad9232b51ab41542b1c9d1fec04fa768a7aed6dd115205497cecc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_kn.dll
      Filesize

      27KB

      MD5

      45f3ce2166d548f70336ec57471f5a7a

      SHA1

      f1168a4a8c33d134e62edc829a127b23e67e288c

      SHA256

      71bf3a4647d5e194c12af1c34b997373d3730c7dc75a9f540cfaa398a9c88d33

      SHA512

      75afe201bce2f3242ccd90597e5c874c3880b3dd67d4183d3b0e6f71fc7d1b8cf72912a87d056555fb3f9d6ecd7196db3dd9a93062999788081ac305797b70c8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ko.dll
      Filesize

      22KB

      MD5

      92fab51f986d8240771fd9fa66b6c71f

      SHA1

      38a0eea63cd18847cd7fb27601e4306411b3389b

      SHA256

      1fb69e9e1b6ea7ced41701057e9eefe25f80fb4c1b71828fcd6868b82a4615f7

      SHA512

      44a415d88d5c9f2c11abfccaaf7fcdf4965b959e6f0856834e8535a0158b8735249548b550037a5bdd836526dcab556192218ffd0d0872fbe884cb168fe9756b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_lt.dll
      Filesize

      26KB

      MD5

      b20685f9d9c766c4a64cccad1ddb4c3b

      SHA1

      08dd00860753e2a7ae8e9a0d86ad7c3293088d40

      SHA256

      af7d1ac7df40689b4b7e4084ab7cc0c75d11e37aa4b070dca8c3744930a7286a

      SHA512

      c0e74ecf4174e4eee9953110fcefbee3a78d8863a890db005466ffd81a1bb00c9b1a1bb8a2936b58f9f3e69264bb6080f262623e543625513cee306d1067d4ea

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_lv.dll
      Filesize

      28KB

      MD5

      42f15afedfbcad904a8e99681a2edc27

      SHA1

      879a350fbec08c3df97f59cac24033f38bb4fbc6

      SHA256

      5e7e3e37a1338454ca3fb7d1957a7c4336584eebbe41eb0d09776dd6da2884c1

      SHA512

      fd60dba6642842a70d1dd250452175ea4412749387f7df90a8d4af1707c1980820e40599f0888be181ee92a4a809a783e106e629bd9844198d7d1946c6d5f9a8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ml.dll
      Filesize

      29KB

      MD5

      6de81e001d5e656946eb33298d671c45

      SHA1

      81590e474e6f814f86883482be46d3890a7c6a95

      SHA256

      56e27538bdf50437d7f1effe50453921db0c07f73411aa458ff34200dbe5080f

      SHA512

      62752549f199c04332f7204ebe3c9b87428b9fd0af0ba1082afc71d6e38cb44a76863095df5d7095eefee64863c451475167c0e97afcab053cb06482973f1021

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_mr.dll
      Filesize

      27KB

      MD5

      eee8a71d42faec3a3c94dc9118b91680

      SHA1

      0a69231ef3f0bf86e7ff4c918bb427d22ffd24a0

      SHA256

      7afa7bff28befd7fd40ef9f76dacc19013913b11256378fdad8742aea46b37a9

      SHA512

      20555bc2ba3094d87c2ce231e28728b011dbbae636deaa7229d0cbafdc6531bb5df1f9f52b30fda2f2213ddf19148017330c7559779c77b3a62c8f4f48d5bcbf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ms.dll
      Filesize

      26KB

      MD5

      2ca2228a1f9aa239a0d4ddad8252996f

      SHA1

      7917c8bbbd07ef4d244676669a88762749b54673

      SHA256

      e45f0700048e3255f4056bb09033e187ce2ca69e64f5bbc1f50c8ad3c8b07adb

      SHA512

      79692e3cc5a765d6e92a111717b2b07bdab9fc25f975b97b00434fb7d801a1bce0876b170d9fab92943ccc6e1cfce984b4d850dfd5dfdf9902ee6d3107ad820c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_nl.dll
      Filesize

      28KB

      MD5

      f45b90c6489b3f3cc1202fae9620893b

      SHA1

      5dda75a13dc6f24d914cb741c9d48e8e60128021

      SHA256

      ee784713a2dff6f4fefc930746e7b61e05f60630de55b86560df8ce72b5f6b8d

      SHA512

      65dc4da4a306f8092fd3e6e20fdde202bcd614d12208b26f6e53a9ad7304f8c3cc616de791b8da95c29799ded312d13cb6d82f836a8abab21532939fb6c6055d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_no.dll
      Filesize

      27KB

      MD5

      2584b43fcb8e6bef536e370e81d304c5

      SHA1

      4e2c43ee3c5a63313b481b2d57d2185aed42717c

      SHA256

      f39f172221fc8aa910bb359c3bb0a3a62f9f0feee1cff5245bafa21d10c1303f

      SHA512

      fffe2d48d7498ac53bedb293b3040b3b1bce7b26573d341b06764dee3e5607f58f8fe58df72ab9d3e3a5e726b93844548dbe6cbef49820e99287516cababfcef

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_pl.dll
      Filesize

      28KB

      MD5

      dce7239d44a7d5656a38eae49bedbedd

      SHA1

      9730ab9a4b5d734020e0d06ed07daf595454f32b

      SHA256

      e42937c5fb812227104a27d4c08fd9f8966dff2a72db2abb3a4907e0945f8e60

      SHA512

      9430857b50db9b321593dbbfa493f67151f244d229259601c5da6f4975b655a557eb492fddf80ce35f9d82405354f42759768ab94c7de84c4bf1162efdf5207f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_pt-BR.dll
      Filesize

      27KB

      MD5

      3936da5d7f6576d551e817024fa54c5b

      SHA1

      cb26558ef379bffb2626ad52c6ac4be1a878730a

      SHA256

      d2b2720458884071adee98c7027925f0eeaa512239da212283d75d2f608b2b3b

      SHA512

      28cd341229f52ce0b37fbced7fde25e308da9adce4cebef8ebcef7a76109a2b93adaf0eaf47df25f733010dc7beb8f049c70bf8fe508f3611854490d34661805

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_pt-PT.dll
      Filesize

      27KB

      MD5

      41615489699e6550fa0df0bbf4ec1866

      SHA1

      a22f878abe1a534e5bc6eee230e78d7a9457c7d2

      SHA256

      0bd431834964ae5e85b005b4b77e98167bc74af3edcf10d4a31ff60fa4504a3c

      SHA512

      0e65203c5bf31170197c7414a7ff9f05ef4a1b53a37199fba7b08b1268ff77c76226be39864617d408ceda7bab173d29e4464417d6cc06ca458a17279baa0035

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ro.dll
      Filesize

      28KB

      MD5

      ca36229ecda98c7c306444b6828008f5

      SHA1

      8d08861b2b8970177238db0f463cace059cf81dc

      SHA256

      9956c1624c66bf371f3d56dcd41589b078803adfb561c5461c8cac3e4cc50f1b

      SHA512

      1221a1b4b89fc8d697ed6e1d6babc56186f908838ef244c1a28352a85bf8b735c49265dea4029d12022e31d74123768e53fa54f8d09707c87ac4bd2cf53f8bd9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ru.dll
      Filesize

      26KB

      MD5

      01145b5ad8590e8375edb0cf966c6e1c

      SHA1

      b1a550774ea0f20b60c20f2289c8497d42135500

      SHA256

      a447182c8c48212ef844efe205049fb619908de6d36739f12f4633e50b33def8

      SHA512

      d099dfbd72d512b611163cb1776601fc23b85c9441d9621cf56e72f8476c0b873ccec6daee62505180d4f41eabe786e8ed270b032d18056548f7ecae7fa9c566

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sk.dll
      Filesize

      27KB

      MD5

      099bf80f276225c4bd61979b6fb53f61

      SHA1

      4c5506aa213184c4b90eb5d9c5a2700a645c0d2d

      SHA256

      8e530aa8f8921b7720a683cb0d55ac282e7ffac1e62af8bc0cbb6d52054a0da3

      SHA512

      46b8bd7952ad37687927fb8174a2e787f678b7b37f80a5135abab32027b7242a129dbace9136de5d1bbb45ee1ff89f9de48837136fa3eb9b39544a4b6f24d2a2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sl.dll
      Filesize

      27KB

      MD5

      4bb0ec0ac8757fff5163458a68765319

      SHA1

      da09de35fe17412d83f4947b063635a589095ace

      SHA256

      90854b840570e5c809679283f7d9fa1cbcefec645ad5c1f3e61a4df8018c4902

      SHA512

      7b427158b6223fdf368993a71d89571112b4d3e38ca98e45f2b0c99ae68521d41cfccf0898818057d78fb0082d029f9b4804e4ee44927340b04be78ff9bf8b8f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sr.dll
      Filesize

      27KB

      MD5

      be3a5f14fcf91c43abd0a20e838aebd0

      SHA1

      c513f3a2ceeaab2874768471db8692aa8c4cc7b6

      SHA256

      51f58cb454a5c78341aaa4f0466e450c82f22a0000d32233263752f40f20b876

      SHA512

      21a4deea039d884bf0ae3e032182bda91671226e9946704472ebf6d19a92e2d506d4720075a8110a0d81f8f3e15d30f4a9535b690643f62611f5fd91cb18aa55

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sv.dll
      Filesize

      27KB

      MD5

      4f09141c88a23dab8fd840fabf06e191

      SHA1

      8590fd88fd5e7aca276a50c09f90f0125e935c01

      SHA256

      f90964febd0305f8052bf605a6ad8a8f9c6f33a1e89497fececcd912bfa76416

      SHA512

      e69c8b0d7a45bb389bc1de639a51ef1c8bb8ceb04593f0faf991ade220795427e3a9ae3afcf7ce8ebb173963d9773e44f2b235c8a284bfe91a921dd956e29462

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sw.dll
      Filesize

      27KB

      MD5

      86b5c41c84a38c404649c8c0b087153c

      SHA1

      1b149e4e16005a28d4e2bb4fdcad8f4988167f69

      SHA256

      c262185e4b3be7e3d21fd4c2d2090ccb819a28f232a982600fb0209af28bb209

      SHA512

      f296d187c82076a4ac01172810a36ec3b6f7dd12bdd19d7b5fb84044a7b2a45654e0379e152afdf00667454235dc86f75e8116ea56520a3fc79839a6a87c163b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ta.dll
      Filesize

      28KB

      MD5

      cf28ae6f6aac4bfad5c9ef174e32a3d6

      SHA1

      83b116479afe6fcf94a841554d86cc7f943ae33c

      SHA256

      a0058db5a994e1b7bd8fc01540b477e3804b29544c1c407b3470da64c7bcf922

      SHA512

      6dd0db3aa75117a46b064b803b87d7ce67a19016ff4513e41e4a34cbfec26f2ea1d6996178e4a16dfaabf568cc301ed9c129fe2708a530299b266e86fc2d77ba

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_te.dll
      Filesize

      27KB

      MD5

      2c2e4164927dc5bebcb7b5d21f576ec2

      SHA1

      1b7fb51903c30b6d4f5f80113c299046e8e2a503

      SHA256

      2c0ed75dc10fe1befb8cda11b0c43b3c7a0a80f599178b63cf504b5382821f26

      SHA512

      589e4d584159d5fc65c86a32779ac418479e78abdf79d39d0f1c947d66af2c60a03add725d4a97fd07db11dca158e813c3b1b5dc048a6552fba36ad91e15e2fb

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_th.dll
      Filesize

      25KB

      MD5

      4a09e4adebd70eca03292fe40e372bb8

      SHA1

      c3205bd203e7c289f2e5e9f9e78b522aea1a6dc8

      SHA256

      aaefe7deeced4374cb13f963b852920458240422546f0d3bb815f74a281559b8

      SHA512

      7bb2e360d1082cacb559cbddca538ef1260cd378b8b4cdd4a011429df9f96a720e3924619ebc1f237e25edd89f83448cb86bc74ab7984b47b4729972ae0c263c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_tr.dll
      Filesize

      27KB

      MD5

      5379bd0e00d1c6720d62d6232cbf2b79

      SHA1

      0c7d4eede806596e27641837d0611ab2fd2b5fbb

      SHA256

      17e7d40e572a7f01224c4a3247eb1d99183283697d5c4d67354d4094fb8755fc

      SHA512

      f1ab61783a250cd2943f699caf976a634428add0636d79935f8f40d6bd02c4c1db6c909758696ca2f73b1bd0185e00a8051cd78c2e5e55a1f9b9360d1946420b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_uk.dll
      Filesize

      26KB

      MD5

      c58c698a63e66bdbab2a7979140c6378

      SHA1

      8cd380ce107a0087f8c59bb90e7c62c411f8e176

      SHA256

      b769a2dfb2c35084b16229d328106760a41a024019dbff30e5240f269f3d5b09

      SHA512

      2ebb85b4261f4e5ba778ecb1ebe6cde0f14c0f1cab03b84e01f73dcf9ef1ff3f9e8c6f1734df6de4dd136efcd4e642232df5ec1ac6b2e3ff50af2054f95d94fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ur.dll
      Filesize

      26KB

      MD5

      2daa38d2ce922e96a3ef41088f6887ff

      SHA1

      cf1072a9ca0a79c153cbfb9f32aa32a97aecefe6

      SHA256

      8ff5254e6afc0b06766cda5f459487f88da167803458126c60b20d16c2fa2e50

      SHA512

      694e626daeed3a25b7b77d84158ba176d8dba4fefe9a4641904da9c66ac101c55f08a1775090448510db7ce9a64e5edffb4bf5fcc9bb86923d11e7b69db60cd3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_vi.dll
      Filesize

      26KB

      MD5

      c58a0d34e22c4a1012b05350dd14e01c

      SHA1

      484ab20a0d50d17e19cb39c49d826114ac7b8628

      SHA256

      ac94f3b0d075144a19631f388ccfeef04fd0ea48e3370ee9181463e0b5192e2b

      SHA512

      cee194b448d6e384965786e99320e5ae0c403ed786f5f660a3580655c43e7419034741bf0f22e7bfb9bf2146bb2717832017aace9a810eb273282ab265c5ba46

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_zh-CN.dll
      Filesize

      20KB

      MD5

      00c57145de73df06fbac1e8217381f4e

      SHA1

      bea33bf66f9021ac636d874b6d67c1c24e531209

      SHA256

      10a847131bf465f49aabe81917bcb704bb2a99194ca256e64fb9809f799e6a80

      SHA512

      7ae578e59792d618aa3d08bb5981bb03d05204df170bcf83b580e56bd601a46468c476e3d0bf0b9be8147ce5cf63af0894e93b600d6407c8e8567c522a4bbf55

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_zh-TW.dll
      Filesize

      20KB

      MD5

      6b96e2406ae0cb4c12f62c415576b108

      SHA1

      c7a0a065cf671d6d337540cc7b69e1aa559d6dc4

      SHA256

      ce164b96ff50b2c2ed0df8f8deb1d4152b596428885860f8ae497f537f73288f

      SHA512

      f37d68e8111005f63ec552e8d1663f76a716f846d98c38e3fec31787f064d9814b76d8678db70a971c87f5afc3b402c97aa209f2d7f8c1ead708ff5e914c0ae1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar6ECB.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar8D0C.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser.lnk
      Filesize

      2KB

      MD5

      86be1f49d361b8efc549dbd14f7ebad8

      SHA1

      4900fb36a42f810eebb7ee31ccb2f7e9a2154e57

      SHA256

      d71ced395c91d7e215a9e03a8ad1161b13890c63c26d6d5ae130bbd3ca7d9195

      SHA512

      3a13ea53a113ad0cba1d78371d46c3add7f2e15185a6ae499204cfd45307944de5db3df943eaf1117b1e9254c9f76b3cf3ecc0176a4f31ecbfd0250c1b5593d2

      Download Submit

    • \Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdate.exe
      Filesize

      497KB

      MD5

      97dc047b7ed9c22fc6cc04e015ad26f3

      SHA1

      bd1af01548fb5608a7ce494cb7ed4f030b872337

      SHA256

      b04266ca05e8125a1544e68c8852f7d44dde9c7e4f3b08a0383c0bf4ab6cfd2d

      SHA512

      ba7b7223e8930415373bafe5b8f6bb30ac904bbbb8f9a145b41ac7bb741ad06cf28d57328ed8e89fc9bde3975dcf47f956af8df7b65e7be8359e5957ffff52c8

      Download Submit

    • \Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_en.dll
      Filesize

      25KB

      MD5

      2e874d98fcb41d049bf76f74e5f693ce

      SHA1

      cdcd777c6183ddce332b69a0bdb18eecc4e8cbd5

      SHA256

      24b5bc550660b94986621d3f841838d9b832a1019039de4d568ea7d8a8445eb2

      SHA512

      87a2a5c39cf2cf1bd8951032074434ca922077151822ef3f4267781b42c50ffb278ae2793cb1049d56bc351cd4a7fda05e1c5f7c830e73222d8495b1053f6a69

      Download Submit

    • memory/1424-295-0x00000000002D0000-0x00000000002D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2556-462-0x0000000000100000-0x0000000000101000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2576-80-0x00000000007F0000-0x00000000007F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2904-348-0x0000000000600000-0x0000000000601000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2904-391-0x0000000000600000-0x0000000000601000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3044-504-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3044-1259-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.