78b6a0f85f50da832c2553284c56c83bd847832d328a311477ebf950596a2431

Analysis

max time kernel
150s
max time network
159s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/04/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EpicSetup.exe
Size

1.7MB
MD5

20b4abe9f1a234c3c5cf3e3653c73201
SHA1

acad58367ef24db763b12b6c25ddff951dbbde7b
SHA256

78b6a0f85f50da832c2553284c56c83bd847832d328a311477ebf950596a2431
SHA512

fa4847a5e0642ff4ca4b6abc28f4db8c02c4688e026bbe86b68511b61440dfb81134c645c7ae4e54e946c622dac8cc015fbdd6eb5181143483fb7d52eac72ec3
SSDEEP

24576:UxWdbqh6PI7HcPpexcuRTe1ceNWZtUVyJvRXMaffNIIW/SFvWBwVztcZrng8kny:daECKpWIyxppfBmIOBCCZjg83PGbWZ

Score

8^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Control Panel\International\Geo\Nation	epic.exe
Key value queried	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Control Panel\International\Geo\Nation	epic.exe
Key value queried	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Control Panel\International\Geo\Nation	epic.exe
Key value queried	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Control Panel\International\Geo\Nation	epic.exe
Key value queried	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Control Panel\International\Geo\Nation	epic.exe
Key value queried	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Control Panel\International\Geo\Nation	epic.exe

Executes dropped EXE 32 IoCs

pid	Process
2576	EpicUpdate.exe
620	EpicUpdate.exe
1424	EpicUpdate.exe
1808	EpicUpdate.exe
1984	EpicUpdate.exe
2904	EpicUpdate.exe
1944	EpicCrashHandler.exe
884	EpicUpdate.exe
2092	EpicUpdate.exe
2544	EpicUpdate.exe
852	mini_installer.exe
1736	setup.exe
2616	setup.exe
2612	setup.exe
2216	setup.exe
3044	epic.exe
1356	epic.exe
3012	epic.exe
2556	epic.exe
1964	epic.exe
2504	epic.exe
2632	epic.exe
2652	epic.exe
3056	epic.exe
1524	epic.exe
2684	epic.exe
1476	epic.exe
1720	epic.exe
2920	epic.exe
2436	epic.exe
1392	epic.exe
2644	EpicUpdate.exe

Loads dropped DLL 64 IoCs

pid	Process
2488	EpicSetup.exe
2576	EpicUpdate.exe
2576	EpicUpdate.exe
2576	EpicUpdate.exe
2576	EpicUpdate.exe
620	EpicUpdate.exe
620	EpicUpdate.exe
620	EpicUpdate.exe
620	EpicUpdate.exe
2576	EpicUpdate.exe
2576	EpicUpdate.exe
1424	EpicUpdate.exe
1424	EpicUpdate.exe
2576	EpicUpdate.exe
2576	EpicUpdate.exe
2576	EpicUpdate.exe
1424	EpicUpdate.exe
1424	EpicUpdate.exe
1808	EpicUpdate.exe
1944	EpicCrashHandler.exe
1984	EpicUpdate.exe
2904	EpicUpdate.exe
884	EpicUpdate.exe
2904	EpicUpdate.exe
2904	EpicUpdate.exe
884	EpicUpdate.exe
884	EpicUpdate.exe
884	EpicUpdate.exe
2544	EpicUpdate.exe
2092	EpicUpdate.exe
2092	EpicUpdate.exe
2092	EpicUpdate.exe
2092	EpicUpdate.exe
2904	EpicUpdate.exe
2092	EpicUpdate.exe
852	mini_installer.exe
1736	setup.exe
1736	setup.exe
2612	setup.exe
2612	setup.exe
2612	setup.exe
2612	setup.exe
1736	setup.exe
1736	setup.exe
3044	epic.exe
1356	epic.exe
3012	epic.exe
3044	epic.exe
1964	epic.exe
2556	epic.exe
1964	epic.exe
2556	epic.exe
2556	epic.exe
2556	epic.exe
2556	epic.exe
3044	epic.exe
2504	epic.exe
2504	epic.exe
2632	epic.exe
2632	epic.exe
2652	epic.exe
2652	epic.exe
3056	epic.exe
3056	epic.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\EpicUpdateOnDemand.exe\""	EpicUpdate.exe
Key deleted	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\LocalServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\psuser.dll"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Application\\120.0.6099.71\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\LocalServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\npEpicUpdate3.dll"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32\ThreadingModel = "Both"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}\InProcServer32\ThreadingModel = "Both"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\LocalServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\LocalServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\EpicUpdateOnDemand.exe\""	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\psuser.dll"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}\InProcServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}\LocalServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\EpicUpdateOnDemand.exe\""	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\EpicUpdateOnDemand.exe\""	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Application\\120.0.6099.71\\notification_helper.exe"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32\ThreadingModel = "Apartment"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\EpicUpdate.exe\""	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\InprocServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\npEpicUpdate3.dll"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\InprocServer32\ThreadingModel = "Apartment"	EpicUpdate.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Windows\CurrentVersion\Run\Epic Privacy Browser Installer = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\EpicUpdate.exe\" /c"	EpicUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 11 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicCrashHandler.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	epic.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	epic.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	epic.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	EpicUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\Policy = "3"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\AppName = "EpicUpdate.exe"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}	EpicUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\Policy = "3"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\AppName = "EpicUpdateOnDemand.exe"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\CLSID = "{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}	EpicUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\Policy = "3"	EpicUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}\InProcServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{FD6A90C1-650B-45A8-80E3-B2C794395614}\NumMethods	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy BrowserInstaller.Update3COMClassUser	EpicUpdate.exe
Key deleted	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{82610E6D-11CA-45A9-98B1-D03B9AEDBD13}\InprocHandler32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\ProgID	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy BrowserInstaller.CredentialDialogUser\ = "GoogleUpdate CredentialDialog"	EpicUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{B9A716C1-E2F5-48FC-85B7-418539E0C3D6}\ProxyStubClsid32\ = "{9BA04732-4369-45EF-9DA1-90561134DE6D}"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{FD6A90C1-650B-45A8-80E3-B2C794395614}\ProxyStubClsid32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{EFC888E6-F1CB-43C5-8406-2FAC360408A7}	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{B7529FF4-2219-47AA-A1BE-9009C5AC8B63}	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{5CC0B564-9DB6-4940-8AD7-06680313BA4A}\ProxyStubClsid32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy BrowserInstaller.CredentialDialogUser.1.0	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Browser.OneClickProcessLauncherUser\CLSID	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Browser.OneClickProcessLauncherUser\CurVer\ = "Epic Privacy Browser.OneClickProcessLauncherUser.1.0"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\MIME\Database\Content Type\application/x-vnd.updates.epicbrowser.update3webcontrol.3\CLSID = "{F86DEB4A-8D78-4C57-8872-D2730ED051EF}"	EpicUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{94DAC853-1643-42FF-9C88-65CBD0427A5B}\ = "IGoogleUpdate"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{C1DA8992-C0D8-4135-8A1F-982514E03014}	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\LocalServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy BrowserInstaller.OnDemandCOMClassUser	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\ = "Epic Privacy Browser.OneClickProcessLauncher"	EpicUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromiumHTM.JPNG6L7HLPG5UQPHNNJQSNKI2E\Application\ApplicationName = "Epic Privacy Browser"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.xht\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{13B99F94-3498-438D-B332-1177FB5EB980}\NumMethods\ = "4"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{01A85EDF-D90E-4476-9D69-A475552D40B9}	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy BrowserInstaller.Update3COMClassUser\CurVer	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Browser.OneClickProcessLauncherUser	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy Browser.OneClickCtrl.9\ = "Epic Privacy Browser Installer Plugin"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\MIME\Database	EpicUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.htm	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{844B7ECF-E784-4A6D-9333-C49E60B62FD4}\NumMethods\ = "10"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{01A85EDF-D90E-4476-9D69-A475552D40B9}\NumMethods	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy BrowserInstaller.Update3COMClassUser.1.0\CLSID	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\LocalServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\LocalServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\MIME	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{0DC85BF4-804A-4DC2-940C-8448ED984CFA}\ProxyStubClsid32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy BrowserInstaller.OnDemandCOMClassUser.1.0	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\ProgID	EpicUpdate.exe
Key created	\REGISTRY\MACHINE\Software\Classes\ChromiumHTM.JPNG6L7HLPG5UQPHNNJQSNKI2E\DefaultIcon	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.svg	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{CCAA4359-A0ED-41B4-96C3-C94FC82C6D5B}\NumMethods\ = "24"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{0DC85BF4-804A-4DC2-940C-8448ED984CFA}	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{B7529FF4-2219-47AA-A1BE-9009C5AC8B63}\NumMethods\ = "4"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy BrowserInstaller.Update3WebUser.1.0\CLSID	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy BrowserInstaller.OnDemandCOMClassUser\ = "Google Update Legacy On Demand"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\ProgID\ = "Epic Privacy BrowserInstaller.OnDemandCOMClassUser.1.0"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy BrowserInstaller.CredentialDialogUser\CurVer\ = "Epic Privacy BrowserInstaller.CredentialDialogUser.1.0"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Browser.OneClickProcessLauncherUser.1.0	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\ProgID\ = "Epic Privacy Browser.OneClickProcessLauncherUser.1.0"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Epic Privacy Browser.Update3WebControl.3\CLSID	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{B3349D22-980E-4A2A-B87B-90B5A71FC097}\NumMethods\ = "8"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{94DAC853-1643-42FF-9C88-65CBD0427A5B}\ProxyStubClsid32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{94DAC853-1643-42FF-9C88-65CBD0427A5B}\ProxyStubClsid32\ = "{9BA04732-4369-45EF-9DA1-90561134DE6D}"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{E8AD925A-5D20-4F63-95E7-B9D93497BEEC}\NumMethods\ = "10"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{C1DA8992-C0D8-4135-8A1F-982514E03014}\ProxyStubClsid32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{49E543C7-D318-4DEC-BE9C-78BD17720DA5}\NumMethods	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{01A85EDF-D90E-4476-9D69-A475552D40B9}\NumMethods\ = "8"	EpicUpdate.exe
Key deleted	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\ProgID\ = "Epic Privacy Browser.Update3WebControl.3"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000_CLASSES\Wow6432Node\Interface\{C1DA8992-C0D8-4135-8A1F-982514E03014}\ProxyStubClsid32\ = "{9BA04732-4369-45EF-9DA1-90561134DE6D}"	EpicUpdate.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2576	EpicUpdate.exe
2544	EpicUpdate.exe
2544	EpicUpdate.exe
2544	EpicUpdate.exe
3044	epic.exe
3044	epic.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2576	EpicUpdate.exe
Token: 33	1424	EpicUpdate.exe
Token: SeIncBasePriorityPrivilege	1424	EpicUpdate.exe
Token: SeDebugPrivilege	2544	EpicUpdate.exe
Token: 33	852	mini_installer.exe
Token: SeIncBasePriorityPrivilege	852	mini_installer.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe
Token: SeShutdownPrivilege	3044	epic.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3044	epic.exe
3044	epic.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2576	2488	EpicSetup.exe	28
PID 2488 wrote to memory of 2576	2488	EpicSetup.exe	28
PID 2488 wrote to memory of 2576	2488	EpicSetup.exe	28
PID 2488 wrote to memory of 2576	2488	EpicSetup.exe	28
PID 2488 wrote to memory of 2576	2488	EpicSetup.exe	28
PID 2488 wrote to memory of 2576	2488	EpicSetup.exe	28
PID 2488 wrote to memory of 2576	2488	EpicSetup.exe	28
PID 2576 wrote to memory of 620	2576	EpicUpdate.exe	29
PID 2576 wrote to memory of 620	2576	EpicUpdate.exe	29
PID 2576 wrote to memory of 620	2576	EpicUpdate.exe	29
PID 2576 wrote to memory of 620	2576	EpicUpdate.exe	29
PID 2576 wrote to memory of 620	2576	EpicUpdate.exe	29
PID 2576 wrote to memory of 620	2576	EpicUpdate.exe	29
PID 2576 wrote to memory of 620	2576	EpicUpdate.exe	29
PID 2576 wrote to memory of 1424	2576	EpicUpdate.exe	30
PID 2576 wrote to memory of 1424	2576	EpicUpdate.exe	30
PID 2576 wrote to memory of 1424	2576	EpicUpdate.exe	30
PID 2576 wrote to memory of 1424	2576	EpicUpdate.exe	30
PID 2576 wrote to memory of 1424	2576	EpicUpdate.exe	30
PID 2576 wrote to memory of 1424	2576	EpicUpdate.exe	30
PID 2576 wrote to memory of 1424	2576	EpicUpdate.exe	30
PID 1424 wrote to memory of 1808	1424	EpicUpdate.exe	31
PID 1424 wrote to memory of 1808	1424	EpicUpdate.exe	31
PID 1424 wrote to memory of 1808	1424	EpicUpdate.exe	31
PID 1424 wrote to memory of 1808	1424	EpicUpdate.exe	31
PID 1424 wrote to memory of 1808	1424	EpicUpdate.exe	31
PID 1424 wrote to memory of 1808	1424	EpicUpdate.exe	31
PID 1424 wrote to memory of 1808	1424	EpicUpdate.exe	31
PID 2576 wrote to memory of 1984	2576	EpicUpdate.exe	32
PID 2576 wrote to memory of 1984	2576	EpicUpdate.exe	32
PID 2576 wrote to memory of 1984	2576	EpicUpdate.exe	32
PID 2576 wrote to memory of 1984	2576	EpicUpdate.exe	32
PID 2576 wrote to memory of 1984	2576	EpicUpdate.exe	32
PID 2576 wrote to memory of 1984	2576	EpicUpdate.exe	32
PID 2576 wrote to memory of 1984	2576	EpicUpdate.exe	32
PID 2576 wrote to memory of 2904	2576	EpicUpdate.exe	33
PID 2576 wrote to memory of 2904	2576	EpicUpdate.exe	33
PID 2576 wrote to memory of 2904	2576	EpicUpdate.exe	33
PID 2576 wrote to memory of 2904	2576	EpicUpdate.exe	33
PID 2576 wrote to memory of 2904	2576	EpicUpdate.exe	33
PID 2576 wrote to memory of 2904	2576	EpicUpdate.exe	33
PID 2576 wrote to memory of 2904	2576	EpicUpdate.exe	33
PID 1424 wrote to memory of 1944	1424	EpicUpdate.exe	34
PID 1424 wrote to memory of 1944	1424	EpicUpdate.exe	34
PID 1424 wrote to memory of 1944	1424	EpicUpdate.exe	34
PID 1424 wrote to memory of 1944	1424	EpicUpdate.exe	34
PID 1424 wrote to memory of 1944	1424	EpicUpdate.exe	34
PID 1424 wrote to memory of 1944	1424	EpicUpdate.exe	34
PID 1424 wrote to memory of 1944	1424	EpicUpdate.exe	34
PID 1424 wrote to memory of 884	1424	EpicUpdate.exe	35
PID 1424 wrote to memory of 884	1424	EpicUpdate.exe	35
PID 1424 wrote to memory of 884	1424	EpicUpdate.exe	35
PID 1424 wrote to memory of 884	1424	EpicUpdate.exe	35
PID 1424 wrote to memory of 884	1424	EpicUpdate.exe	35
PID 1424 wrote to memory of 884	1424	EpicUpdate.exe	35
PID 1424 wrote to memory of 884	1424	EpicUpdate.exe	35
PID 884 wrote to memory of 2544	884	EpicUpdate.exe	37
PID 884 wrote to memory of 2544	884	EpicUpdate.exe	37
PID 884 wrote to memory of 2544	884	EpicUpdate.exe	37
PID 884 wrote to memory of 2544	884	EpicUpdate.exe	37
PID 884 wrote to memory of 2544	884	EpicUpdate.exe	37
PID 884 wrote to memory of 2544	884	EpicUpdate.exe	37
PID 884 wrote to memory of 2544	884	EpicUpdate.exe	37
PID 2092 wrote to memory of 852	2092	EpicUpdate.exe	40

C:\Users\Admin\AppData\Local\Temp\EpicSetup.exe
"C:\Users\Admin\AppData\Local\Temp\EpicSetup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdate.exe
  C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdate.exe /installsource taggedmi /install "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Registers COM server for autorun
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Registers COM server for autorun
    - Checks whether UAC is enabled
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:620
- - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1424
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /cr
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      PID:1808
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicCrashHandler.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicCrashHandler.exe" /crashhandler
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      PID:1944
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ua /installsource core
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Suspicious use of WriteProcessMemory
      PID:884
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /uninstall
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2544
- - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjkuMTMiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NUNFMDdGQzctMUM5Ri00MkJFLTk3OTAtMzREOEVGQzE2QTc2fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0FGMjlDRDY1LTRDRTUtNDlGOC1BODY1LUExQjk5QkJFRDFFQn0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0I4NTJFN0IxLTkwOEEtNDhFRi05NTc2LUNCRTIzNjU0RDkwN30iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yOS4xMyIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    PID:1984
- - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /handoff "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en" /installsource taggedmi /sessionid "{5CE07FC7-1C9F-42BE-9790-34D8EFC16A76}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    PID:2904

C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
"C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\mini_installer.exe
  "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\mini_installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:852
- - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\CHROME.PACKED.7Z"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Registers COM server for autorun
    - Modifies registry class
    PID:1736
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x18c,0x190,0x194,0x160,0x198,0xeafc40,0xeafc50,0xeafc5c
      4⤵
      Executes dropped EXE
      PID:2616
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2612
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x18c,0x190,0x194,0x160,0x198,0xeafc40,0xeafc50,0xeafc5c
        5⤵
        Executes dropped EXE
        
        PID:2216
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --from-installer
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:3044
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0xd8,0xdc,0xe0,0xac,0xe4,0x7280dcd8,0x7280dce8,0x7280dcf4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x11c,0x120,0x124,0xf0,0x128,0x1402658,0x1402668,0x1402674
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=1444 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=1560 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1976 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1984 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1992 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2000 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2008 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=172 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:2
        5⤵
        Executes dropped EXE
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2812 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3280 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3292 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3328 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3308 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
        5⤵
        
        PID:2180
- C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
  "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjkuMTMiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NUNFMDdGQzctMUM5Ri00MkJFLTk3OTAtMzREOEVGQzE2QTc2fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezY1MTdFNDg4LTNBREQtNDM4Qi1BRjlCLUI3OEE4RUEzRUI1OX0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0EzQUEyQUQ2LUMzNTctNEJCMy05NjI1LTY1NTA2NDdEOTU2RH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMC4wLjYwOTkuNzEiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRfdGltZV9tcz0iNDA4ODgiIGRvd25sb2FkZWQ9IjEyOTUwNjI1NiIgdG90YWw9IjEyOTUwNjI1NiIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Epic Privacy Browser\Installer\Log\EpicUpdate.log

Filesize
128KB

MD5
f9f7891dc4f54af0a5c77d7fb6969af1

SHA1
6ba5ff670df24adfdba12bf8678407c0670c9b2d

SHA256
5880da35c95bf0656d7fba35862383cd1f8e73c2a1a314bca2a79eafcce90252

SHA512
e48cac6a7add9e938cc5bc4c7dbf908ca10ea5a44ceada9c4419bb77636aa028ca66b5900c346145812ea1b810c5e8ad55ba2d8ec378918482d952f6185fa780

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\120.0.6099.71\Installer\setup.exe

Filesize
2.5MB

MD5
e6b35b8a8020960b8c1f19d6dcd3d4da

SHA1
7c86589f76cb835d34ec0a705a28becda2b18154

SHA256
c2f72a462b58e38804130d8a3be427bda639f759cf3c622bb1353e89ada5ec80

SHA512
a58538d79a56dc09fb6768bb01b3fc68b6fa839244eb93666de771153e5a2c7786c8165de363cd4c3faa6f7002e841786727923510c39423652a478824930787

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\mini_installer.exe

Filesize
123.5MB

MD5
40bdb0d644d15cdf3fd5a7b66fc3b666

SHA1
8cf0a0211d73cb591039e269df686deccb071111

SHA256
19b23e793e11c4fdb9952712a032592055082b1f02792665a93a961ad292732e

SHA512
9a3b778ad99c48ef2423aec60ac01ee1b98d4905e83f8df5bf8722ee8c98886fb028ff64c80286cc798a724e027e929706390f8d94accc46c815b775c6fff537

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
905c9f348f489f245fe140fe5bbcf466

SHA1
fa70c09e3030ed2a9b44e5165fc2e78a98377179

SHA256
843496b6503dde63c0555bfff9dbd557b079759981ea58c3a1ed6dad633e11c1

SHA512
9dcb23dfd996b81bdc2e814a09521ae831f07ad934985750857dbddf7a1a1755b82f2772973e8434bd5f54179d26e93ded6b7421b2a546f77f2160b35bf59237

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\49f46ad9-eccc-4555-9ed6-525e8df8c922.tmp

Filesize
211KB

MD5
847881642c356fe9b957f529d031bbd7

SHA1
cde3f2af0cc9ecb436aa51f73b22e2eb68e1582e

SHA256
a081a765af53ea089bb7dfe5f46ff07e93b4f0cec94bd5bd1ba5f2f22f56634a

SHA512
7ba6fd4da828f73ba64e626f6f98074ef90b6676b970770e18a18a4932ae47f97e9dec816daf2b66182f40dded5631e158a75ba169eb0551ba76ab2b34e90c25

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
05ab28702c0e75b37cef8fe9e59a0345

SHA1
a46f7084ce3dffab3d4c6bdb4d8b5cee124b0c15

SHA256
b6970ba1db0ecc62c0019fda2bd500d2bf1ca9484b39aa1ce8ede102657a74dd

SHA512
b8405c9925fbd78c002947123b1078bf16563be1a34ec964531c7788ebc2586a6f8e337ef458580af0380ded44be4f7545f32229f07aa651db52da6d1f2a8bfe

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Preferences

Filesize
4KB

MD5
d1a939c087b771fd2a71c034e9128138

SHA1
144ecc3f737c0544737d1a0175d175c5da835f12

SHA256
05b50a410dc85a15d62949a1e8f71ec3d273c00cfb518491de2a90f9e6cde2c2

SHA512
21384c5db92abcbf3ed55a8c020f47e8d95dc6230151901758c10e4d5f5ce03e503f0c3cd51f37c696bb40be3c14b40da921941b7128e9da0c31342c07ce90a4

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Site Characteristics Database\CURRENT~RFf778363.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Sync Data\LevelDB\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\d75cb106-d60a-40c3-b5e4-06fb6152cdd7.tmp

Filesize
4KB

MD5
36d3572078543e84a709cb2dfaee443c

SHA1
52f1067b86cca52f14074c7b98dbbfa23d0abb68

SHA256
a237ad12bbc17c8578a6630f7d94517202308b011beccabe8d74e9f03adfa00c

SHA512
a2f1bf594b66f1504bb030476fca00ff083ce56f48a6099d225b0e27384e7103534d1fa3f897903ddad68bfe06f438553677d67c7f28abd6f12591f845834f4a

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Local State

Filesize
2KB

MD5
69a19cd732fc5d6b1f1184fe1820f989

SHA1
f1701cf272c712c7f399bc01233d5e7c1aa4b059

SHA256
7c68b0cbbe1334bafd4fa0938255d327415cde7f4c9426570acc8b6b101bdf6a

SHA512
ffae1837683cf69dadb9e6c86a3fc1663e11b0b2229b364997ba678faea5ff1d1845f170e8ac498959f29d75d7ae9f4d851786fb98aa94129c37143a89a8482d

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\ShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\155fadea-20ab-49a7-a01c-ff00c5332daf.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6CF6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdateHelper.msi

Filesize
40KB

MD5
c8f6a0a4a113c0b698a6ba6a4d82d7bc

SHA1
08c823d01961320f8429b338f835d6f8ff5db023

SHA256
e908d7d23aa40f74068f97c90b9acc1e103706425a7ffc2046fcba5e45b1d910

SHA512
ffcd47711a795a6e379fbf1e49441b26659fcd4ad79610e127edf1fb2f76c361406f483142e21311b16f3d3127109884fcde77a54cd3fce6f549ba81a7781aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdate.dll

Filesize
4.5MB

MD5
be1251e33e310931312839e7e92d5428

SHA1
ae5fa300f2346379390e86c1bc9dd5241e6096b5

SHA256
df801078e2512a40b32bdd801e771ad94ed9620b7be9e8146dbfbf08e6043281

SHA512
6dcc6c1df52c91ffb7a1a2eb340f58b9c6c617e43e6046d0aac13571f9854edc3f06cb5472e89447174fe7ba455c7552ba354ddc4d1e7d2c518b94de41b1dac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_am.dll

Filesize
23KB

MD5
d88c63b686242cc71ffe7527e6bfc387

SHA1
d684c14aea47bd05bdf6b97ad2d83661bfd12da5

SHA256
1cc7bb6883bcbd0bfe08faba1bbae512fb5f9d8aacce1a80ee55955760e9f0c7

SHA512
f708e7c0e3fe655367306a0c3b91d6ee9ff5e80bc30c069c1d1969b7f46d00b46bac964a3b01b7f03b8a6c110521764e1e78f158b1c8d754520712f7188f9e45

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ar.dll

Filesize
24KB

MD5
de553ee3dac04b2a52e5b8317dbe3922

SHA1
2e98677a966e260738bc5a29c5019a1efc055c92

SHA256
65e2f79b249b2944a8f81980486574b15deff2db43ed61e5cf8edbb32959d242

SHA512
7f96853ee6cefb46c6ef58b9ca3bf0d4e94ec1e32b8a58a7f7aad52f1f16f4216946b045c191316779c170d72e28b7c8714d41cb90200b6dc5f8655ebcc939cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_bg.dll

Filesize
28KB

MD5
81b8726d6f13c61d76f61f408f6387ad

SHA1
216791ae4cd983a22852f4056305ed60ae99591d

SHA256
fac78816992737c04db4c0ff5e2e872b36cbba33a5e881fec4e917595b624919

SHA512
70d1b2fa2580e43db78ab5040712b8e1f1bd0d72026546101d04689e2521b127280211b95dac4c4fd365ce9de17e1fc0710f2a3c1829319ad24aeeef79c5df11

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_bn.dll

Filesize
27KB

MD5
d57a370b804835a938258ed7859742bc

SHA1
dc75eb12bff887f43df461b04a4b2aae8a30c5a9

SHA256
ab965667ac81a9f405f9088c6a34e05c9f75fbb086dd721208983d543c48ddf9

SHA512
daa7df808c1282c7d199e1d15ee55168cf353465ae2d4f0122a70f988408d390d24ae1dc7f66e71ba9eda48c35761e852e349f806a15ed32486e16f034126afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ca.dll

Filesize
27KB

MD5
96a28b5d2f3bfb0787959491688e530c

SHA1
e02aa14bcb527802e025c0eb3a577950fd5900ab

SHA256
d56a28be1253366645a16345175a09a63094785e3a88cb9d0b3fd2380bfbcd6c

SHA512
8fcf08f65ed0141a9b4344e1382bd3aeb8894a0984539165318c701c9f2e5958721d99d7b63c309c9c996d3574f82a2ecf001e19e5c2c4cc681044b1257446bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_cs.dll

Filesize
26KB

MD5
e18d69356cf35dfd4e8351c730eab4ee

SHA1
f3b0227bf77776012d3d06c17d1a9a1bba4ddf85

SHA256
08a1833bcf351a9a8e830c606dd11abd765c33b424a77da1a24678f7b3366975

SHA512
54505db74d1e106e67d8b165421e91f8d29c563e9b8decc97a870532305c5a380b0b2e5d3810d11f58ba272e7c7d7a0733846d7b662a83ae504d7675da36b67c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_da.dll

Filesize
27KB

MD5
04d97fd41c84c1a976d1e53720bc2202

SHA1
526a06cb86d4cdd1b41e53a0d1f0a7b5d08d4332

SHA256
025b963e649bb16927b05161af59dbfed383ed5e6b70a9ca10a010d50760b2c4

SHA512
b437730b7303ef285c12d83f6a5d3c2b30c56455c4e26c8d32a4e9d8a42d5221736473ed7442c657dc7f6e021407f835e5b225c9b89823cbebec010b1503dfed

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_de.dll

Filesize
29KB

MD5
a9417a072b34c3f41ca98e5ef43ef1b7

SHA1
9669568a3f3e9082d0a95f3b6cecfb1fc55d378e

SHA256
8fe982e9c8fc1b4ed1795f47de27fbfa7ea2c4c18295077027954309e164bf37

SHA512
c496774c0de81cf2c50d111d8c9efda6cfc631643895182891598723bf84427c6b97d4836feb82ff6d9644c70d4c7dbbcd5479568ba5e1dbbc3a34833ba01a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_el.dll

Filesize
29KB

MD5
665a16ab999fe7b97286ae2f988e3eab

SHA1
c6962cc98464d0dd64f92065af4e0818d5b38616

SHA256
d0811d10ca70a3f1aefbe224e89b3094a66c77d675c7b227b05eb61a9d0b9312

SHA512
bc3528fb599a237c7dbcf3857f72a77786dc31c5ec1766e955cd1ed3b52c1831e420e19aa33cdb461fdc5370d3910081ae454f29adf915e1c57c68b9fae6403c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_en-GB.dll

Filesize
26KB

MD5
0326479ee247f6c643833ed7858da929

SHA1
e3973d7fb630ed958739f2afc1099ced7acaa890

SHA256
6fd1413a1eee2e8181df176388c0fede5c58f473e4637c6e845b45348d2377f0

SHA512
aedcac771168ffba3a46d88a75c067a727001e34cabc311b31fb5c3eb51be56d1aa09b6f791cf052033f0793825538c9271283b276634c2ce1a518b11143b83f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_es-419.dll

Filesize
27KB

MD5
737467326da390e801c46afa27bdf222

SHA1
e26a20456b5989761f4b007bf7f69fe38cd4c13e

SHA256
7e9041bc445a7bc64e7842c827e8206bec5d2de30b48382c808d1045521a2efb

SHA512
009fa89d01dbd498ef4f5026119f4d36110d2f88fe3ffa96d5326e2236fd363fd5e4ea6f0c54a0e869e055429fb5729737d938058173c8a3d285d79d890a89e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_es.dll

Filesize
29KB

MD5
218bead93fe588064ce4ae59bb394f50

SHA1
d2d2f1450178725d6c6d78c81031f91a1987f48c

SHA256
4ccb12c38399b3d31484de4ac046cbe7216b46ef8b0d102a6d488a62ba827f7f

SHA512
227cc018faeebb1abf7426bf306f9d2ca48c11d349d01111af315eb1a02b27298bf52736848855ef90e4ec3b4c148894eb53e9663912ae37fa30d9eaba3b1125

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_et.dll

Filesize
26KB

MD5
6c943af4ebf403d95e7a6542a49d6dbc

SHA1
7acfc23ed5207b3a3910baeeb68af7d9efc89579

SHA256
c2463a6eee0caf3a9ce4aa91d234bc3633d8be4229ddea7fcdf41d1c515d376b

SHA512
e6a3dc76f45b5c541e9ae74a6562a2addc85146c3dbad0ef5bde2e0ad6338867586bdf4dea79488fad3ec1b53e934a0354a8a7a0ce767e783af21ca372f508d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fa.dll

Filesize
25KB

MD5
a047b4703e5e72411fa453bd05f76311

SHA1
61a3e70dff8628ba5ce206ffef431d6376c85287

SHA256
d043d936ea3805d5111ec803e12b2c8ce50c551526028713b4445c3584c997f0

SHA512
985ed14af7c032a164dfe0e3542538756983eface5ce767be371c193366c209ae1f1fd3c529a886638a34bfc4281bf6b02ed4c9f1fd05339cbcdce0a09dd8b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fi.dll

Filesize
27KB

MD5
86c1e08adbfb154f51415789005f6123

SHA1
4bc5cafc6295a34524d32a23cfc27a0e0f81fd11

SHA256
7f5a0c886ccc6b9decbb77c99a146cb355754337eec837b7fda051c873da3d68

SHA512
619b1ce34fda5c67a874bd0be7e5cd34f4a3361335cc90c765ee7bf09ccf47a15448497d1c83728fe7949e8e40a53c0361c84877a3ffeb0a130e3891a445ce2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fil.dll

Filesize
28KB

MD5
ddd37d2387261378a213b3ef2c21314e

SHA1
f4d85efcc2720bb7b65b0d50b1e8d20e5c28bf00

SHA256
a464f40505d2ef5fb558050e225ae8de6a7355d677a29dc3eb941c3fb66e18ca

SHA512
b97fdf1abb3c16ec86e51b33b24faf267cce84cdc3c53a38b668e83382114e947ed6e2806c7717e41e92c8a1763b58960c58c0d3a5fd644aeb5941eff89acee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fr.dll

Filesize
28KB

MD5
bb6dcbee3a39fd54c3f357fe022fbc4d

SHA1
1604459acb7fd71542d1138828c7e2d1016a1ab6

SHA256
32208618047b53eee1b235de2c82abdaf006ffa59e91c238cb75eaac30cbd166

SHA512
c192ef041bae2369dc249a98791782176f81d0d174dcf82632594f939d1ab01bdb0e0681277d2fd315d8743abff59464ad9f6e092a5f2803832a0bd5197fe9c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_gu.dll

Filesize
27KB

MD5
704dfd5af3aa897887feb87aa48e8318

SHA1
c125e771d60ac73ea6fa0f6959112f3cf131a2fc

SHA256
7fd17ba7a0c0baadfa2a0ca96b4d2f31dedc6b347dff41582b1e6637408fd4c3

SHA512
92417dcb1ca9c5054e8d820ddcf541658006fd2214ae834ffaeb7a82112810ebfac2afa8324d0b5767d1e14e8e3216ef2d5c049c9a8c659ebdc9e05b8155d2b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_hi.dll

Filesize
27KB

MD5
0a47b1ef806c7880c645bd20b416055c

SHA1
f954be7b1f33af37ff3de4e1ea2483b71908bced

SHA256
757dd37980010c2e7da78b6f69e9a087ede1ad87a3c4d918e58d33932d525ef2

SHA512
8a6ff6b943d2730a0dac4ee873a5b0d3355b82ae5f85470d0d8130519f1efc2a2de19401096bc7d545938d9c32cd2253ef6bfa24a2aa54408a093ad21adeffd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_hr.dll

Filesize
27KB

MD5
7dc48e2f1281d500eb74af4717389681

SHA1
bad753522a3dc76e4fbc8050b8d871b4bf8bd0d5

SHA256
d101854d9671ca7871f5b35ccbd672c2d0a754d566ed0540cec493d6b38f22d1

SHA512
ea4ef260922a1b71f895623b830f7952906136b41887b325a8b590f6d75a6d8edafcb1da85b28c0dcbc2981e68d47deae17e0f478debda9e174427fe582130e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_hu.dll

Filesize
27KB

MD5
d61c4882cdceff3da989c403fb43d89f

SHA1
db2339b8f0c5db84e59f139bfbf1fcd4687a4cb3

SHA256
b3d70dc9d90317e413f4d9e3bdfe3dbabb59ac4d49a671726d770aad70f7e255

SHA512
3aea1526fdcf621aac38db213f776a28c0f82b8e0c2795901ca17a86cf8d3796cec937821e8ddd2eaae3ebbe251fab032cab4b466f1431d54097a6b7a80389f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_id.dll

Filesize
26KB

MD5
d33c46a32430646966013db736a54a54

SHA1
9564b827d3b5a426499641d844ac611d19f85a91

SHA256
9fc4ddc3a79d558111b6c6786572d6d1456905743d23811a713b676f2adc6aa9

SHA512
19b5946f15da8bae96f499df8f14cf7f4a0e69717b97f21393b7e3cb00d40256e583e506d154109888a193fe215310f09c7a4e0eb0795e1f4bc3b8880d3872bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_is.dll

Filesize
26KB

MD5
c2881f5e67dd3978567fbda4a007eef7

SHA1
32281d03b79449b0fc96b6191ed23749c71fc10a

SHA256
e536892e77d123bd31fcfed7e387b3f03bb0aa7a4c5a20676414efe467d4e8e4

SHA512
8dbad99967fe4d309a37d3b259c7ce6ce3d36618d3673cd86c0efae5e4e84b5d82cd477e3f7843810d3c034799412455755adc09f617f4dd84e238bf16858f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_it.dll

Filesize
28KB

MD5
7c8e9dec722a5c374193772d1030cca7

SHA1
901f5cfcf275ceb3c7ef6d4dbc6d959cb05548a6

SHA256
4004b81177aa7c1421f14acbe76683d72b9f2df2cbe54f59bdae2ff263ecf2ba

SHA512
fc570b941823618272c843f43f365a2c386130874798e420bbb61578387e7d3979ca6b536cbce42c24042e90655bc711b087757bcc7d6aafaff014376f472dfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_iw.dll

Filesize
24KB

MD5
0a3a248253c7a9f8532e25b5c4736a52

SHA1
26ff1accd9f5bad304717b90f986da666e9eef75

SHA256
6ab18120723bd8fbb204962026bcea1b23c2bf488a24180b5839243375709fb0

SHA512
39b3ce881b8ea81e512ed963c249e241237085d36d3b9c230ac08ea61c1e8e1365d534983c88a7673fa3d188006b0ad788579c844b800aacf50f5947291f9e36

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ja.dll

Filesize
22KB

MD5
5a2e260a1dada2211820fc10eb1823dc

SHA1
2506a78c30aa296681a170704b258d3ddff52d2d

SHA256
f4d2f3f5cfad7e15ce51a1a597672fc959562decd1d4cac91d4cbdaf40b74b60

SHA512
43c7126cd6e436346fac37b4e7ca2fc8b8be8d1c4b01f5df0720b849af2cfe5721f5d1a5c1aad9232b51ab41542b1c9d1fec04fa768a7aed6dd115205497cecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_kn.dll

Filesize
27KB

MD5
45f3ce2166d548f70336ec57471f5a7a

SHA1
f1168a4a8c33d134e62edc829a127b23e67e288c

SHA256
71bf3a4647d5e194c12af1c34b997373d3730c7dc75a9f540cfaa398a9c88d33

SHA512
75afe201bce2f3242ccd90597e5c874c3880b3dd67d4183d3b0e6f71fc7d1b8cf72912a87d056555fb3f9d6ecd7196db3dd9a93062999788081ac305797b70c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ko.dll

Filesize
22KB

MD5
92fab51f986d8240771fd9fa66b6c71f

SHA1
38a0eea63cd18847cd7fb27601e4306411b3389b

SHA256
1fb69e9e1b6ea7ced41701057e9eefe25f80fb4c1b71828fcd6868b82a4615f7

SHA512
44a415d88d5c9f2c11abfccaaf7fcdf4965b959e6f0856834e8535a0158b8735249548b550037a5bdd836526dcab556192218ffd0d0872fbe884cb168fe9756b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_lt.dll

Filesize
26KB

MD5
b20685f9d9c766c4a64cccad1ddb4c3b

SHA1
08dd00860753e2a7ae8e9a0d86ad7c3293088d40

SHA256
af7d1ac7df40689b4b7e4084ab7cc0c75d11e37aa4b070dca8c3744930a7286a

SHA512
c0e74ecf4174e4eee9953110fcefbee3a78d8863a890db005466ffd81a1bb00c9b1a1bb8a2936b58f9f3e69264bb6080f262623e543625513cee306d1067d4ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_lv.dll

Filesize
28KB

MD5
42f15afedfbcad904a8e99681a2edc27

SHA1
879a350fbec08c3df97f59cac24033f38bb4fbc6

SHA256
5e7e3e37a1338454ca3fb7d1957a7c4336584eebbe41eb0d09776dd6da2884c1

SHA512
fd60dba6642842a70d1dd250452175ea4412749387f7df90a8d4af1707c1980820e40599f0888be181ee92a4a809a783e106e629bd9844198d7d1946c6d5f9a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ml.dll

Filesize
29KB

MD5
6de81e001d5e656946eb33298d671c45

SHA1
81590e474e6f814f86883482be46d3890a7c6a95

SHA256
56e27538bdf50437d7f1effe50453921db0c07f73411aa458ff34200dbe5080f

SHA512
62752549f199c04332f7204ebe3c9b87428b9fd0af0ba1082afc71d6e38cb44a76863095df5d7095eefee64863c451475167c0e97afcab053cb06482973f1021

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_mr.dll

Filesize
27KB

MD5
eee8a71d42faec3a3c94dc9118b91680

SHA1
0a69231ef3f0bf86e7ff4c918bb427d22ffd24a0

SHA256
7afa7bff28befd7fd40ef9f76dacc19013913b11256378fdad8742aea46b37a9

SHA512
20555bc2ba3094d87c2ce231e28728b011dbbae636deaa7229d0cbafdc6531bb5df1f9f52b30fda2f2213ddf19148017330c7559779c77b3a62c8f4f48d5bcbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ms.dll

Filesize
26KB

MD5
2ca2228a1f9aa239a0d4ddad8252996f

SHA1
7917c8bbbd07ef4d244676669a88762749b54673

SHA256
e45f0700048e3255f4056bb09033e187ce2ca69e64f5bbc1f50c8ad3c8b07adb

SHA512
79692e3cc5a765d6e92a111717b2b07bdab9fc25f975b97b00434fb7d801a1bce0876b170d9fab92943ccc6e1cfce984b4d850dfd5dfdf9902ee6d3107ad820c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_nl.dll

Filesize
28KB

MD5
f45b90c6489b3f3cc1202fae9620893b

SHA1
5dda75a13dc6f24d914cb741c9d48e8e60128021

SHA256
ee784713a2dff6f4fefc930746e7b61e05f60630de55b86560df8ce72b5f6b8d

SHA512
65dc4da4a306f8092fd3e6e20fdde202bcd614d12208b26f6e53a9ad7304f8c3cc616de791b8da95c29799ded312d13cb6d82f836a8abab21532939fb6c6055d

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_no.dll

Filesize
27KB

MD5
2584b43fcb8e6bef536e370e81d304c5

SHA1
4e2c43ee3c5a63313b481b2d57d2185aed42717c

SHA256
f39f172221fc8aa910bb359c3bb0a3a62f9f0feee1cff5245bafa21d10c1303f

SHA512
fffe2d48d7498ac53bedb293b3040b3b1bce7b26573d341b06764dee3e5607f58f8fe58df72ab9d3e3a5e726b93844548dbe6cbef49820e99287516cababfcef

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_pl.dll

Filesize
28KB

MD5
dce7239d44a7d5656a38eae49bedbedd

SHA1
9730ab9a4b5d734020e0d06ed07daf595454f32b

SHA256
e42937c5fb812227104a27d4c08fd9f8966dff2a72db2abb3a4907e0945f8e60

SHA512
9430857b50db9b321593dbbfa493f67151f244d229259601c5da6f4975b655a557eb492fddf80ce35f9d82405354f42759768ab94c7de84c4bf1162efdf5207f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_pt-BR.dll

Filesize
27KB

MD5
3936da5d7f6576d551e817024fa54c5b

SHA1
cb26558ef379bffb2626ad52c6ac4be1a878730a

SHA256
d2b2720458884071adee98c7027925f0eeaa512239da212283d75d2f608b2b3b

SHA512
28cd341229f52ce0b37fbced7fde25e308da9adce4cebef8ebcef7a76109a2b93adaf0eaf47df25f733010dc7beb8f049c70bf8fe508f3611854490d34661805

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_pt-PT.dll

Filesize
27KB

MD5
41615489699e6550fa0df0bbf4ec1866

SHA1
a22f878abe1a534e5bc6eee230e78d7a9457c7d2

SHA256
0bd431834964ae5e85b005b4b77e98167bc74af3edcf10d4a31ff60fa4504a3c

SHA512
0e65203c5bf31170197c7414a7ff9f05ef4a1b53a37199fba7b08b1268ff77c76226be39864617d408ceda7bab173d29e4464417d6cc06ca458a17279baa0035

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ro.dll

Filesize
28KB

MD5
ca36229ecda98c7c306444b6828008f5

SHA1
8d08861b2b8970177238db0f463cace059cf81dc

SHA256
9956c1624c66bf371f3d56dcd41589b078803adfb561c5461c8cac3e4cc50f1b

SHA512
1221a1b4b89fc8d697ed6e1d6babc56186f908838ef244c1a28352a85bf8b735c49265dea4029d12022e31d74123768e53fa54f8d09707c87ac4bd2cf53f8bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ru.dll

Filesize
26KB

MD5
01145b5ad8590e8375edb0cf966c6e1c

SHA1
b1a550774ea0f20b60c20f2289c8497d42135500

SHA256
a447182c8c48212ef844efe205049fb619908de6d36739f12f4633e50b33def8

SHA512
d099dfbd72d512b611163cb1776601fc23b85c9441d9621cf56e72f8476c0b873ccec6daee62505180d4f41eabe786e8ed270b032d18056548f7ecae7fa9c566

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sk.dll

Filesize
27KB

MD5
099bf80f276225c4bd61979b6fb53f61

SHA1
4c5506aa213184c4b90eb5d9c5a2700a645c0d2d

SHA256
8e530aa8f8921b7720a683cb0d55ac282e7ffac1e62af8bc0cbb6d52054a0da3

SHA512
46b8bd7952ad37687927fb8174a2e787f678b7b37f80a5135abab32027b7242a129dbace9136de5d1bbb45ee1ff89f9de48837136fa3eb9b39544a4b6f24d2a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sl.dll

Filesize
27KB

MD5
4bb0ec0ac8757fff5163458a68765319

SHA1
da09de35fe17412d83f4947b063635a589095ace

SHA256
90854b840570e5c809679283f7d9fa1cbcefec645ad5c1f3e61a4df8018c4902

SHA512
7b427158b6223fdf368993a71d89571112b4d3e38ca98e45f2b0c99ae68521d41cfccf0898818057d78fb0082d029f9b4804e4ee44927340b04be78ff9bf8b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sr.dll

Filesize
27KB

MD5
be3a5f14fcf91c43abd0a20e838aebd0

SHA1
c513f3a2ceeaab2874768471db8692aa8c4cc7b6

SHA256
51f58cb454a5c78341aaa4f0466e450c82f22a0000d32233263752f40f20b876

SHA512
21a4deea039d884bf0ae3e032182bda91671226e9946704472ebf6d19a92e2d506d4720075a8110a0d81f8f3e15d30f4a9535b690643f62611f5fd91cb18aa55

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sv.dll

Filesize
27KB

MD5
4f09141c88a23dab8fd840fabf06e191

SHA1
8590fd88fd5e7aca276a50c09f90f0125e935c01

SHA256
f90964febd0305f8052bf605a6ad8a8f9c6f33a1e89497fececcd912bfa76416

SHA512
e69c8b0d7a45bb389bc1de639a51ef1c8bb8ceb04593f0faf991ade220795427e3a9ae3afcf7ce8ebb173963d9773e44f2b235c8a284bfe91a921dd956e29462

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sw.dll

Filesize
27KB

MD5
86b5c41c84a38c404649c8c0b087153c

SHA1
1b149e4e16005a28d4e2bb4fdcad8f4988167f69

SHA256
c262185e4b3be7e3d21fd4c2d2090ccb819a28f232a982600fb0209af28bb209

SHA512
f296d187c82076a4ac01172810a36ec3b6f7dd12bdd19d7b5fb84044a7b2a45654e0379e152afdf00667454235dc86f75e8116ea56520a3fc79839a6a87c163b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ta.dll

Filesize
28KB

MD5
cf28ae6f6aac4bfad5c9ef174e32a3d6

SHA1
83b116479afe6fcf94a841554d86cc7f943ae33c

SHA256
a0058db5a994e1b7bd8fc01540b477e3804b29544c1c407b3470da64c7bcf922

SHA512
6dd0db3aa75117a46b064b803b87d7ce67a19016ff4513e41e4a34cbfec26f2ea1d6996178e4a16dfaabf568cc301ed9c129fe2708a530299b266e86fc2d77ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_te.dll

Filesize
27KB

MD5
2c2e4164927dc5bebcb7b5d21f576ec2

SHA1
1b7fb51903c30b6d4f5f80113c299046e8e2a503

SHA256
2c0ed75dc10fe1befb8cda11b0c43b3c7a0a80f599178b63cf504b5382821f26

SHA512
589e4d584159d5fc65c86a32779ac418479e78abdf79d39d0f1c947d66af2c60a03add725d4a97fd07db11dca158e813c3b1b5dc048a6552fba36ad91e15e2fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_th.dll

Filesize
25KB

MD5
4a09e4adebd70eca03292fe40e372bb8

SHA1
c3205bd203e7c289f2e5e9f9e78b522aea1a6dc8

SHA256
aaefe7deeced4374cb13f963b852920458240422546f0d3bb815f74a281559b8

SHA512
7bb2e360d1082cacb559cbddca538ef1260cd378b8b4cdd4a011429df9f96a720e3924619ebc1f237e25edd89f83448cb86bc74ab7984b47b4729972ae0c263c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_tr.dll

Filesize
27KB

MD5
5379bd0e00d1c6720d62d6232cbf2b79

SHA1
0c7d4eede806596e27641837d0611ab2fd2b5fbb

SHA256
17e7d40e572a7f01224c4a3247eb1d99183283697d5c4d67354d4094fb8755fc

SHA512
f1ab61783a250cd2943f699caf976a634428add0636d79935f8f40d6bd02c4c1db6c909758696ca2f73b1bd0185e00a8051cd78c2e5e55a1f9b9360d1946420b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_uk.dll

Filesize
26KB

MD5
c58c698a63e66bdbab2a7979140c6378

SHA1
8cd380ce107a0087f8c59bb90e7c62c411f8e176

SHA256
b769a2dfb2c35084b16229d328106760a41a024019dbff30e5240f269f3d5b09

SHA512
2ebb85b4261f4e5ba778ecb1ebe6cde0f14c0f1cab03b84e01f73dcf9ef1ff3f9e8c6f1734df6de4dd136efcd4e642232df5ec1ac6b2e3ff50af2054f95d94fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ur.dll

Filesize
26KB

MD5
2daa38d2ce922e96a3ef41088f6887ff

SHA1
cf1072a9ca0a79c153cbfb9f32aa32a97aecefe6

SHA256
8ff5254e6afc0b06766cda5f459487f88da167803458126c60b20d16c2fa2e50

SHA512
694e626daeed3a25b7b77d84158ba176d8dba4fefe9a4641904da9c66ac101c55f08a1775090448510db7ce9a64e5edffb4bf5fcc9bb86923d11e7b69db60cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_vi.dll

Filesize
26KB

MD5
c58a0d34e22c4a1012b05350dd14e01c

SHA1
484ab20a0d50d17e19cb39c49d826114ac7b8628

SHA256
ac94f3b0d075144a19631f388ccfeef04fd0ea48e3370ee9181463e0b5192e2b

SHA512
cee194b448d6e384965786e99320e5ae0c403ed786f5f660a3580655c43e7419034741bf0f22e7bfb9bf2146bb2717832017aace9a810eb273282ab265c5ba46

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_zh-CN.dll

Filesize
20KB

MD5
00c57145de73df06fbac1e8217381f4e

SHA1
bea33bf66f9021ac636d874b6d67c1c24e531209

SHA256
10a847131bf465f49aabe81917bcb704bb2a99194ca256e64fb9809f799e6a80

SHA512
7ae578e59792d618aa3d08bb5981bb03d05204df170bcf83b580e56bd601a46468c476e3d0bf0b9be8147ce5cf63af0894e93b600d6407c8e8567c522a4bbf55

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_zh-TW.dll

Filesize
20KB

MD5
6b96e2406ae0cb4c12f62c415576b108

SHA1
c7a0a065cf671d6d337540cc7b69e1aa559d6dc4

SHA256
ce164b96ff50b2c2ed0df8f8deb1d4152b596428885860f8ae497f537f73288f

SHA512
f37d68e8111005f63ec552e8d1663f76a716f846d98c38e3fec31787f064d9814b76d8678db70a971c87f5afc3b402c97aa209f2d7f8c1ead708ff5e914c0ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6ECB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8D0C.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser.lnk

Filesize
2KB

MD5
86be1f49d361b8efc549dbd14f7ebad8

SHA1
4900fb36a42f810eebb7ee31ccb2f7e9a2154e57

SHA256
d71ced395c91d7e215a9e03a8ad1161b13890c63c26d6d5ae130bbd3ca7d9195

SHA512
3a13ea53a113ad0cba1d78371d46c3add7f2e15185a6ae499204cfd45307944de5db3df943eaf1117b1e9254c9f76b3cf3ecc0176a4f31ecbfd0250c1b5593d2

Download Submit
\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdate.exe

Filesize
497KB

MD5
97dc047b7ed9c22fc6cc04e015ad26f3

SHA1
bd1af01548fb5608a7ce494cb7ed4f030b872337

SHA256
b04266ca05e8125a1544e68c8852f7d44dde9c7e4f3b08a0383c0bf4ab6cfd2d

SHA512
ba7b7223e8930415373bafe5b8f6bb30ac904bbbb8f9a145b41ac7bb741ad06cf28d57328ed8e89fc9bde3975dcf47f956af8df7b65e7be8359e5957ffff52c8

Download Submit
\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_en.dll

Filesize
25KB

MD5
2e874d98fcb41d049bf76f74e5f693ce

SHA1
cdcd777c6183ddce332b69a0bdb18eecc4e8cbd5

SHA256
24b5bc550660b94986621d3f841838d9b832a1019039de4d568ea7d8a8445eb2

SHA512
87a2a5c39cf2cf1bd8951032074434ca922077151822ef3f4267781b42c50ffb278ae2793cb1049d56bc351cd4a7fda05e1c5f7c830e73222d8495b1053f6a69

Download Submit
memory/1424-295-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2556-462-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2576-80-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/2904-348-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2904-391-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/3044-504-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/3044-1259-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download