Analysis

  • max time kernel
    150s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/04/2024, 14:38 UTC

General

  • Target

    EpicSetup.exe

  • Size

    1.7MB

  • MD5

    20b4abe9f1a234c3c5cf3e3653c73201

  • SHA1

    acad58367ef24db763b12b6c25ddff951dbbde7b

  • SHA256

    78b6a0f85f50da832c2553284c56c83bd847832d328a311477ebf950596a2431

  • SHA512

    fa4847a5e0642ff4ca4b6abc28f4db8c02c4688e026bbe86b68511b61440dfb81134c645c7ae4e54e946c622dac8cc015fbdd6eb5181143483fb7d52eac72ec3

  • SSDEEP

    24576:UxWdbqh6PI7HcPpexcuRTe1ceNWZtUVyJvRXMaffNIIW/SFvWBwVztcZrng8kny:daECKpWIyxppfBmIOBCCZjg83PGbWZ

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 32 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Registers COM server for autorun 1 TTPs 26 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 11 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 13 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EpicSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\EpicSetup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdate.exe
      C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdate.exe /installsource taggedmi /install "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Registers COM server for autorun
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2576
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /regserver
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Registers COM server for autorun
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:620
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1424
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /cr
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1808
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicCrashHandler.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicCrashHandler.exe" /crashhandler
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          PID:1944
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ua /installsource core
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Checks whether UAC is enabled
          • Suspicious use of WriteProcessMemory
          PID:884
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /uninstall
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Checks whether UAC is enabled
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2544
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjkuMTMiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NUNFMDdGQzctMUM5Ri00MkJFLTk3OTAtMzREOEVGQzE2QTc2fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0ie0FGMjlDRDY1LTRDRTUtNDlGOC1BODY1LUExQjk5QkJFRDFFQn0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0I4NTJFN0IxLTkwOEEtNDhFRi05NTc2LUNCRTIzNjU0RDkwN30iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuMy4yOS4xMyIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:1984
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /handoff "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en" /installsource taggedmi /sessionid "{5CE07FC7-1C9F-42BE-9790-34D8EFC16A76}"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2904
  • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" -Embedding
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\mini_installer.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\mini_installer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:852
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\CHROME.PACKED.7Z"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Registers COM server for autorun
        • Modifies registry class
        PID:1736
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x18c,0x190,0x194,0x160,0x198,0xeafc40,0xeafc50,0xeafc5c
          4⤵
          • Executes dropped EXE
          PID:2616
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2612
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\CR_3195F.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x18c,0x190,0x194,0x160,0x198,0xeafc40,0xeafc50,0xeafc5c
            5⤵
            • Executes dropped EXE
            PID:2216
        • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
          "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --from-installer
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Loads dropped DLL
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:3044
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0xd8,0xdc,0xe0,0xac,0xe4,0x7280dcd8,0x7280dce8,0x7280dcf4
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1356
            • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
              "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x11c,0x120,0x124,0xf0,0x128,0x1402658,0x1402668,0x1402674
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:3012
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:2
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2556
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=1444 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:1964
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=1560 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2504
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1976 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2632
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1984 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2652
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1992 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Loads dropped DLL
            PID:3056
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2000 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:1524
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2008 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:1
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            PID:2684
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=172 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:2
            5⤵
            • Executes dropped EXE
            PID:1476
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2812 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            PID:1720
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3280 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            PID:2920
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3292 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            PID:2436
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3328 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
            • Executes dropped EXE
            PID:1392
          • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
            "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3308 --field-trial-handle=1296,i,16120519827686749723,11367016401277976251,131072 /prefetch:8
            5⤵
              PID:2180
      • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjkuMTMiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NUNFMDdGQzctMUM5Ri00MkJFLTk3OTAtMzREOEVGQzE2QTc2fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezY1MTdFNDg4LTNBREQtNDM4Qi1BRjlCLUI3OEE4RUEzRUI1OX0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0ie0EzQUEyQUQ2LUMzNTctNEJCMy05NjI1LTY1NTA2NDdEOTU2RH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMC4wLjYwOTkuNzEiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iLTEiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRfdGltZV9tcz0iNDA4ODgiIGRvd25sb2FkZWQ9IjEyOTUwNjI1NiIgdG90YWw9IjEyOTUwNjI1NiIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
        2⤵
        • Executes dropped EXE
        • Checks whether UAC is enabled
        PID:2644

    Network

    • flag-us
      DNS
      updates.epicbrowser.com
      EpicUpdate.exe
      Remote address:
      8.8.8.8:53
      Request
      updates.epicbrowser.com
      IN A
      Response
      updates.epicbrowser.com
      IN A
      178.128.252.188
      updates.epicbrowser.com
      IN A
      128.199.39.15
      updates.epicbrowser.com
      IN A
      167.172.35.137
      updates.epicbrowser.com
      IN A
      206.189.4.63
    • flag-us
      DNS
      updates.epicbrowser.com
      EpicUpdate.exe
      Remote address:
      8.8.8.8:53
      Request
      updates.epicbrowser.com
      IN A
      Response
      updates.epicbrowser.com
      IN A
      167.172.35.137
      updates.epicbrowser.com
      IN A
      128.199.39.15
      updates.epicbrowser.com
      IN A
      178.128.252.188
      updates.epicbrowser.com
      IN A
      206.189.4.63
    • flag-nl
      POST
      http://updates.epicbrowser.com/service/update2
      EpicUpdate.exe
      Remote address:
      178.128.252.188:80
      Request
      POST /service/update2 HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Google Update/1.3.29.13;winhttp
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Content-Length: 505
      Host: updates.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:32:02 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Vary: Accept-Encoding
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Transfer-Encoding: chunked
      Content-Type: text/html; charset=utf-8
    • flag-nl
      GET
      http://updates.epicbrowser.com/service/check2?appid=%7BB852E7B1-908A-48EF-9576-CBE23654D907%7D&appversion=1.3.29.13&applang=&machine=0&version=0.0.0.0&osversion=6.1&servicepack=Service%20Pack%201
      EpicUpdate.exe
      Remote address:
      167.172.35.137:80
      Request
      GET /service/check2?appid=%7BB852E7B1-908A-48EF-9576-CBE23654D907%7D&appversion=1.3.29.13&applang=&machine=0&version=0.0.0.0&osversion=6.1&servicepack=Service%20Pack%201 HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Google Update/1.3.29.13;winhttp
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Host: updates.epicbrowser.com
      Response
      HTTP/1.1 404 NOT FOUND
      Date: Mon, 08 Apr 2024 14:35:02 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Transfer-Encoding: chunked
      Content-Type: text/html
    • flag-nl
      POST
      http://updates.epicbrowser.com/service/update2?w=3:OpMuexCJVOfG9vF4ji09ri_mfcYgVfgD5mIyhp7NDCLgsyi553h8mvN52byZHIso5EGNZp6QdwJuRZ-FMI2mYX4cfc30sGq1Puh1Zsg_oA1Ti6Ggx_WA-JHpqGthLQqwjBfDlVdq_P8yCaCPjKpxCSOqM9UDrf6Yqiuu1C1Q50g
      EpicUpdate.exe
      Remote address:
      167.172.35.137:80
      Request
      POST /service/update2?w=3:OpMuexCJVOfG9vF4ji09ri_mfcYgVfgD5mIyhp7NDCLgsyi553h8mvN52byZHIso5EGNZp6QdwJuRZ-FMI2mYX4cfc30sGq1Puh1Zsg_oA1Ti6Ggx_WA-JHpqGthLQqwjBfDlVdq_P8yCaCPjKpxCSOqM9UDrf6Yqiuu1C1Q50g HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      If-Match: "NT5PWl6NztSFeHZ8BOLrADoGSLo"
      User-Agent: Google Update/1.3.29.13;winhttp;cup
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Content-Length: 459
      Host: updates.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:35:02 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Vary: Accept-Encoding
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Transfer-Encoding: chunked
      Content-Type: text/html; charset=utf-8
    • flag-nl
      POST
      https://updates.epicbrowser.com/service/update2
      EpicUpdate.exe
      Remote address:
      167.172.35.137:443
      Request
      POST /service/update2 HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Google Update/1.3.29.13;winhttp
      X-Last-HR: 0x80040880
      X-Last-HTTP-Status-Code: 200
      X-Retry-Count: 0
      Content-Length: 459
      Host: updates.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:35:07 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Vary: Accept-Encoding
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Transfer-Encoding: chunked
      Content-Type: text/html; charset=utf-8
    • flag-us
      DNS
      cdn.epicbrowser.com
      Remote address:
      8.8.8.8:53
      Request
      cdn.epicbrowser.com
      IN A
      Response
      cdn.epicbrowser.com
      IN A
      104.21.71.132
      cdn.epicbrowser.com
      IN A
      172.67.170.148
    • flag-us
      HEAD
      https://cdn.epicbrowser.com/v120/mini_installer.exe
      Remote address:
      104.21.71.132:443
      Request
      HEAD /v120/mini_installer.exe HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      User-Agent: Microsoft BITS/7.5
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Host: cdn.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:39:02 GMT
      Content-Type: application/octet-stream
      Content-Length: 129506256
      Connection: keep-alive
      cdn-pullzone: 55901
      cdn-uid: af8b949e-8a48-4a3d-aa8b-cac423f0b8b6
      cdn-requestcountrycode: GB
      Cache-Control: public, max-age=2592000
      last-modified: Mon, 11 Dec 2023 09:21:47 GMT
      cdn-storageserver: DE-599
      cdn-fileserver: 570
      cdn-proxyver: 1.04
      cdn-requestpullsuccess: True
      cdn-requestpullcode: 206
      cdn-cachedat: 12/11/2023 19:58:06
      cdn-edgestorageid: 958
      cdn-status: 200
      cdn-requestid: 2c154d49c6e6039546d13bf05ef97fe6
      cdn-cache: HIT
      CF-Cache-Status: HIT
      Age: 1045
      Accept-Ranges: bytes
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y8kIKRzl0qXNsC53S5YN9YsBeyooGISs33nHO9umqQD66g8v2dxWj9tEqXkXa9s9Fsen71moo5uP5k7iVRpjSDHzh8zJUFQr27YJpz4PNK1F85tdJEh6rNwJnsnr7s%2FE4i5%2ButZw"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      Server: cloudflare
      CF-RAY: 87130126ffa663f5-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      GET
      https://cdn.epicbrowser.com/v120/mini_installer.exe
      Remote address:
      104.21.71.132:443
      Request
      GET /v120/mini_installer.exe HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      Accept-Encoding: identity
      If-Unmodified-Since: Mon, 11 Dec 2023 09:21:47 GMT
      User-Agent: Microsoft BITS/7.5
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Host: cdn.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:39:02 GMT
      Content-Type: application/octet-stream
      Content-Length: 129506256
      Connection: keep-alive
      cdn-pullzone: 55901
      cdn-uid: af8b949e-8a48-4a3d-aa8b-cac423f0b8b6
      cdn-requestcountrycode: GB
      Cache-Control: public, max-age=2592000
      last-modified: Mon, 11 Dec 2023 09:21:47 GMT
      cdn-storageserver: DE-599
      cdn-fileserver: 570
      cdn-proxyver: 1.04
      cdn-requestpullsuccess: True
      cdn-requestpullcode: 206
      cdn-cachedat: 12/11/2023 19:58:06
      cdn-edgestorageid: 958
      cdn-status: 200
      cdn-requestid: 2c154d49c6e6039546d13bf05ef97fe6
      cdn-cache: HIT
      CF-Cache-Status: HIT
      Age: 1045
      Accept-Ranges: bytes
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qQH%2FzyWHj4RwhQXojNf3dUuk5mxD%2BkVwAMfPxFjz8JSX1BSNEDU%2FE9thTiK7HeCPOE9KvQHmRcGPmzaVc3vBkqMih5o2Gm3Dw6%2Bd39iCBowIvBVjs4a1p%2BBdVBTUWm5LVwFyZHqI"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Vary: Accept-Encoding
      Server: cloudflare
      CF-RAY: 87130127482b63f5-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      apps.identrust.com
      Remote address:
      8.8.8.8:53
      Request
      apps.identrust.com
      IN A
      Response
      apps.identrust.com
      IN CNAME
      identrust.edgesuite.net
      identrust.edgesuite.net
      IN CNAME
      a1952.dscq.akamai.net
      a1952.dscq.akamai.net
      IN A
      23.14.90.73
      a1952.dscq.akamai.net
      IN A
      23.14.90.91
    • flag-be
      GET
      http://apps.identrust.com/roots/dstrootcax3.p7c
      Remote address:
      23.14.90.73:80
      Request
      GET /roots/dstrootcax3.p7c HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/6.1
      Host: apps.identrust.com
      Response
      HTTP/1.1 200 OK
      X-XSS-Protection: 1; mode=block
      X-Frame-Options: SAMEORIGIN
      X-Content-Type-Options: nosniff
      X-Robots-Tag: noindex
      Referrer-Policy: same-origin
      Last-Modified: Fri, 13 Oct 2023 16:28:31 GMT
      ETag: "37d-6079b8c0929c0"
      Accept-Ranges: bytes
      Content-Length: 893
      X-Content-Type-Options: nosniff
      X-Frame-Options: sameorigin
      Content-Type: application/pkcs7-mime
      Cache-Control: max-age=3600
      Expires: Mon, 08 Apr 2024 15:39:01 GMT
      Date: Mon, 08 Apr 2024 14:39:01 GMT
      Connection: keep-alive
    • flag-us
      DNS
      clients2.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      clients2.google.com
      IN A
      Response
      clients2.google.com
      IN CNAME
      clients.l.google.com
      clients.l.google.com
      IN A
      216.58.206.46
    • flag-us
      DNS
      clients2.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      clients2.google.com
      IN Unknown
      Response
      clients2.google.com
      IN CNAME
      clients.l.google.com
    • flag-us
      DNS
      redirector.gvt1.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      redirector.gvt1.com
      IN A
      Response
      redirector.gvt1.com
      IN A
      216.58.201.110
    • flag-us
      DNS
      redirector.gvt1.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      redirector.gvt1.com
      IN Unknown
      Response
    • flag-us
      DNS
      epicbrowser.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      epicbrowser.com
      IN A
      Response
      epicbrowser.com
      IN A
      185.199.110.153
    • flag-us
      DNS
      epicbrowser.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      epicbrowser.com
      IN Unknown
      Response
    • flag-us
      DNS
      accounts.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      accounts.google.com
      IN A
      Response
      accounts.google.com
      IN A
      142.251.173.84
    • flag-us
      DNS
      accounts.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      accounts.google.com
      IN Unknown
      Response
    • flag-us
      DNS
      www.epicbrowser.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      www.epicbrowser.com
      IN A
      Response
      www.epicbrowser.com
      IN CNAME
      theprop.github.io
      theprop.github.io
      IN A
      185.199.108.153
      theprop.github.io
      IN A
      185.199.109.153
      theprop.github.io
      IN A
      185.199.110.153
      theprop.github.io
      IN A
      185.199.111.153
    • flag-us
      DNS
      www.epicbrowser.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      www.epicbrowser.com
      IN Unknown
      Response
      www.epicbrowser.com
      IN CNAME
      theprop.github.io
    • flag-de
      GET
      http://clients2.google.com/time/1/current?cup2key=6:YGht8QXLIDFedWc40o6N__mvXK6mOPKb3gUTnaXQDgo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      epic.exe
      Remote address:
      216.58.206.46:80
      Request
      GET /time/1/current?cup2key=6:YGht8QXLIDFedWc40o6N__mvXK6mOPKb3gUTnaXQDgo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
      Host: clients2.google.com
      Connection: keep-alive
      Pragma: no-cache
      Cache-Control: no-cache
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
      Accept-Encoding: gzip, deflate
      Response
      HTTP/1.1 200 OK
      Content-Type: application/json; charset=utf-8
      Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
      X-Content-Type-Options: nosniff
      x-cup-server-proof: 3044022017a95d23ae6a31f01f7a5b19c2dd1ee0dab7997be6901e211794aaf2944b4e9a02204f89ee7f1567e8fab5ddfbdafba1397236f8655c9c1dce4312bc6fd28b08a503:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      ETag: W/"3044022017a95d23ae6a31f01f7a5b19c2dd1ee0dab7997be6901e211794aaf2944b4e9a02204f89ee7f1567e8fab5ddfbdafba1397236f8655c9c1dce4312bc6fd28b08a503:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 08 Apr 2024 14:39:56 GMT
      Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
      Cross-Origin-Opener-Policy: same-origin
      Cross-Origin-Resource-Policy: same-site
      Content-Encoding: gzip
      Transfer-Encoding: chunked
      Server: ESF
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
    • flag-de
      GET
      http://clients2.google.com/time/1/current?cup2key=6:DTknufPwwPSH2FQ9RxpKgViFilorDPGg9UZ83gf4DeA&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      epic.exe
      Remote address:
      216.58.206.46:80
      Request
      GET /time/1/current?cup2key=6:DTknufPwwPSH2FQ9RxpKgViFilorDPGg9UZ83gf4DeA&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
      Host: clients2.google.com
      Connection: keep-alive
      Pragma: no-cache
      Cache-Control: no-cache
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
      Accept-Encoding: gzip, deflate
      Response
      HTTP/1.1 200 OK
      Content-Type: application/json; charset=utf-8
      Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
      X-Content-Type-Options: nosniff
      x-cup-server-proof: 304302204cdee718c5b7bfa1f977fb1fc667b8a4e1df3b1983012d49db9cd6e754a54f72021f2b35ed4f38b74ee5144ea739180d209a50ec26ad097c6fb3a308da63f51f71:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      ETag: W/"304302204cdee718c5b7bfa1f977fb1fc667b8a4e1df3b1983012d49db9cd6e754a54f72021f2b35ed4f38b74ee5144ea739180d209a50ec26ad097c6fb3a308da63f51f71:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 08 Apr 2024 14:39:58 GMT
      Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
      Cross-Origin-Resource-Policy: same-site
      Cross-Origin-Opener-Policy: same-origin
      Content-Encoding: gzip
      Transfer-Encoding: chunked
      Server: ESF
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
    • flag-de
      GET
      http://clients2.google.com/time/1/current?cup2key=6:yBJMJTmDwL1LRBFQfXJk9b4QVq5UgI0d6BQb2sHhwco&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      epic.exe
      Remote address:
      216.58.206.46:80
      Request
      GET /time/1/current?cup2key=6:yBJMJTmDwL1LRBFQfXJk9b4QVq5UgI0d6BQb2sHhwco&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
      Host: clients2.google.com
      Connection: keep-alive
      Pragma: no-cache
      Cache-Control: no-cache
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
      Accept-Encoding: gzip, deflate
      Response
      HTTP/1.1 200 OK
      Content-Type: application/json; charset=utf-8
      Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
      X-Content-Type-Options: nosniff
      x-cup-server-proof: 3045022100a5625ee805e46093832ea2255c8487a3ee156b9499fb243b75dcbd555b8e92660220563d0b0a37d79cc5272226c2ebedf34560b00130074d5d047277fffad26fc09c:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      ETag: W/"3045022100a5625ee805e46093832ea2255c8487a3ee156b9499fb243b75dcbd555b8e92660220563d0b0a37d79cc5272226c2ebedf34560b00130074d5d047277fffad26fc09c:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 08 Apr 2024 14:40:00 GMT
      Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
      Cross-Origin-Resource-Policy: same-site
      Cross-Origin-Opener-Policy: same-origin
      Content-Encoding: gzip
      Transfer-Encoding: chunked
      Server: ESF
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
    • flag-de
      GET
      http://clients2.google.com/time/1/current?cup2key=6:v3h72OY9kSvNCqTo1IFdr8UVrn4uDWyo96F_n2nMedY&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      epic.exe
      Remote address:
      216.58.206.46:80
      Request
      GET /time/1/current?cup2key=6:v3h72OY9kSvNCqTo1IFdr8UVrn4uDWyo96F_n2nMedY&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1
      Host: clients2.google.com
      Connection: keep-alive
      Pragma: no-cache
      Cache-Control: no-cache
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
      Accept-Encoding: gzip, deflate
      Response
      HTTP/1.1 200 OK
      Content-Type: application/json; charset=utf-8
      Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
      X-Content-Type-Options: nosniff
      x-cup-server-proof: 3044022057bdff9959c28e3dd5f8677af9c5fefa9225dd3ddf1eaf4ef4dea2ff93eaca6702202ef12ebde9692ba8be97eabbdb37d3767a793fbf58542c2c6c4fc64b91240b85:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      ETag: W/"3044022057bdff9959c28e3dd5f8677af9c5fefa9225dd3ddf1eaf4ef4dea2ff93eaca6702202ef12ebde9692ba8be97eabbdb37d3767a793fbf58542c2c6c4fc64b91240b85:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
      Pragma: no-cache
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Date: Mon, 08 Apr 2024 14:40:02 GMT
      Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
      Cross-Origin-Resource-Policy: same-site
      Cross-Origin-Opener-Policy: same-origin
      Content-Encoding: gzip
      Transfer-Encoding: chunked
      Server: ESF
      X-XSS-Protection: 0
      X-Frame-Options: SAMEORIGIN
    • flag-us
      DNS
      r1---sn-aigl6nsr.gvt1.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      r1---sn-aigl6nsr.gvt1.com
      IN A
      Response
      r1---sn-aigl6nsr.gvt1.com
      IN CNAME
      r1.sn-aigl6nsr.gvt1.com
      r1.sn-aigl6nsr.gvt1.com
      IN A
      74.125.105.134
    • flag-us
      DNS
      r1---sn-aigl6nsr.gvt1.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      r1---sn-aigl6nsr.gvt1.com
      IN Unknown
      Response
      r1---sn-aigl6nsr.gvt1.com
      IN CNAME
      r1.sn-aigl6nsr.gvt1.com
    • flag-us
      DNS
      clients2.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      clients2.google.com
      IN A
      Response
      clients2.google.com
      IN CNAME
      clients.l.google.com
      clients.l.google.com
      IN A
      172.217.16.238
    • flag-us
      DNS
      clients2.google.com
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      clients2.google.com
      IN Unknown
      Response
      clients2.google.com
      IN CNAME
      clients.l.google.com
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN A
      Response
      dns.google
      IN A
      8.8.8.8
      dns.google
      IN A
      8.8.4.4
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN Unknown
      Response
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN A
      Response
      dns.google
      IN A
      8.8.8.8
      dns.google
      IN A
      8.8.4.4
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN Unknown
      Response
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN A
      Response
      dns.google
      IN A
      8.8.4.4
      dns.google
      IN A
      8.8.8.8
    • flag-us
      DNS
      dns.google
      epic.exe
      Remote address:
      8.8.8.8:53
      Request
      dns.google
      IN Unknown
      Response
    • flag-nl
      GET
      http://updates.epicbrowser.com/extensions/newtab/useragent.xml
      epic.exe
      Remote address:
      128.199.39.15:80
      Request
      GET /extensions/newtab/useragent.xml HTTP/1.1
      Host: updates.epicbrowser.com
      Connection: keep-alive
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
      DNT: 1
      Accept: */*
      Accept-Encoding: gzip, deflate
      Accept-Language: en-US,en;q=0.9
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:35:28 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Last-Modified: Mon, 03 Aug 2020 08:59:43 GMT
      ETag: "2c-5abf55c1045e2"
      Accept-Ranges: bytes
      Content-Length: 44
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Content-Type: application/xml
    • flag-nl
      POST
      http://updates.epicbrowser.com/service/update2
      EpicUpdate.exe
      Remote address:
      167.172.35.137:80
      Request
      POST /service/update2 HTTP/1.1
      Cache-Control: no-cache
      Connection: Keep-Alive
      Pragma: no-cache
      User-Agent: Google Update/1.3.29.13;winhttp
      X-Last-HR: 0x0
      X-Last-HTTP-Status-Code: 0
      X-Retry-Count: 0
      Content-Length: 859
      Host: updates.epicbrowser.com
      Response
      HTTP/1.1 200 OK
      Date: Mon, 08 Apr 2024 14:36:36 GMT
      Server: Apache/2.4.7 (Ubuntu)
      Vary: Accept-Encoding
      Keep-Alive: timeout=5, max=100
      Connection: Keep-Alive
      Transfer-Encoding: chunked
      Content-Type: text/html; charset=utf-8
    • 178.128.252.188:80
      http://updates.epicbrowser.com/service/update2
      http
      EpicUpdate.exe
      1.0kB
      810 B
      6
      5

      HTTP Request

      POST http://updates.epicbrowser.com/service/update2

      HTTP Response

      200
    • 167.172.35.137:80
      http://updates.epicbrowser.com/service/check2?appid=%7BB852E7B1-908A-48EF-9576-CBE23654D907%7D&appversion=1.3.29.13&applang=&machine=0&version=0.0.0.0&osversion=6.1&servicepack=Service%20Pack%201
      http
      EpicUpdate.exe
      709 B
      3.3kB
      7
      7

      HTTP Request

      GET http://updates.epicbrowser.com/service/check2?appid=%7BB852E7B1-908A-48EF-9576-CBE23654D907%7D&appversion=1.3.29.13&applang=&machine=0&version=0.0.0.0&osversion=6.1&servicepack=Service%20Pack%201

      HTTP Response

      404
    • 167.172.35.137:80
      http://updates.epicbrowser.com/service/update2?w=3:OpMuexCJVOfG9vF4ji09ri_mfcYgVfgD5mIyhp7NDCLgsyi553h8mvN52byZHIso5EGNZp6QdwJuRZ-FMI2mYX4cfc30sGq1Puh1Zsg_oA1Ti6Ggx_WA-JHpqGthLQqwjBfDlVdq_P8yCaCPjKpxCSOqM9UDrf6Yqiuu1C1Q50g
      http
      EpicUpdate.exe
      1.3kB
      1.5kB
      9
      8

      HTTP Request

      POST http://updates.epicbrowser.com/service/update2?w=3:OpMuexCJVOfG9vF4ji09ri_mfcYgVfgD5mIyhp7NDCLgsyi553h8mvN52byZHIso5EGNZp6QdwJuRZ-FMI2mYX4cfc30sGq1Puh1Zsg_oA1Ti6Ggx_WA-JHpqGthLQqwjBfDlVdq_P8yCaCPjKpxCSOqM9UDrf6Yqiuu1C1Q50g

      HTTP Response

      200
    • 167.172.35.137:443
      https://updates.epicbrowser.com/service/update2
      tls, http
      EpicUpdate.exe
      2.1kB
      8.4kB
      17
      16

      HTTP Request

      POST https://updates.epicbrowser.com/service/update2

      HTTP Response

      200
    • 104.21.71.132:443
      https://cdn.epicbrowser.com/v120/mini_installer.exe
      tls, http
      3.1MB
      133.9MB
      59488
      95941

      HTTP Request

      HEAD https://cdn.epicbrowser.com/v120/mini_installer.exe

      HTTP Response

      200

      HTTP Request

      GET https://cdn.epicbrowser.com/v120/mini_installer.exe

      HTTP Response

      200
    • 23.14.90.73:80
      http://apps.identrust.com/roots/dstrootcax3.p7c
      http
      421 B
      1.6kB
      6
      4

      HTTP Request

      GET http://apps.identrust.com/roots/dstrootcax3.p7c

      HTTP Response

      200
    • 216.58.206.46:80
      http://clients2.google.com/time/1/current?cup2key=6:v3h72OY9kSvNCqTo1IFdr8UVrn4uDWyo96F_n2nMedY&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
      http
      epic.exe
      2.1kB
      5.2kB
      11
      13

      HTTP Request

      GET http://clients2.google.com/time/1/current?cup2key=6:YGht8QXLIDFedWc40o6N__mvXK6mOPKb3gUTnaXQDgo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      HTTP Response

      200

      HTTP Request

      GET http://clients2.google.com/time/1/current?cup2key=6:DTknufPwwPSH2FQ9RxpKgViFilorDPGg9UZ83gf4DeA&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      HTTP Response

      200

      HTTP Request

      GET http://clients2.google.com/time/1/current?cup2key=6:yBJMJTmDwL1LRBFQfXJk9b4QVq5UgI0d6BQb2sHhwco&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      HTTP Response

      200

      HTTP Request

      GET http://clients2.google.com/time/1/current?cup2key=6:v3h72OY9kSvNCqTo1IFdr8UVrn4uDWyo96F_n2nMedY&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      HTTP Response

      200
    • 185.199.110.153:443
      epicbrowser.com
      tls
      epic.exe
      43.4kB
      2.0MB
      833
      1492
    • 185.199.110.153:443
      epicbrowser.com
      tls
      epic.exe
      943 B
      4.3kB
      8
      9
    • 216.58.201.110:443
      redirector.gvt1.com
      tls
      epic.exe
      1.7kB
      9.8kB
      15
      18
    • 142.251.173.84:443
      accounts.google.com
      tls
      epic.exe
      1.7kB
      8.0kB
      14
      16
    • 185.199.108.153:443
      www.epicbrowser.com
      tls
      epic.exe
      1.6kB
      5.5kB
      10
      13
    • 74.125.105.134:443
      r1---sn-aigl6nsr.gvt1.com
      tls
      epic.exe
      943 B
      5.6kB
      8
      9
    • 172.217.16.238:443
      clients2.google.com
      tls
      epic.exe
      2.6kB
      9.8kB
      15
      17
    • 8.8.8.8:443
      dns.google
      tls
      epic.exe
      2.9kB
      8.7kB
      24
      24
    • 8.8.8.8:443
      dns.google
      tls
      epic.exe
      1.6kB
      7.0kB
      14
      13
    • 8.8.4.4:443
      dns.google
      tls
      epic.exe
      1.6kB
      7.0kB
      14
      14
    • 104.21.71.132:443
      cdn.epicbrowser.com
      tls
      epic.exe
      6.3kB
      145.7kB
      100
      123
    • 104.21.71.132:443
      cdn.epicbrowser.com
      tls
      epic.exe
      943 B
      4.5kB
      8
      7
    • 104.21.71.132:443
      cdn.epicbrowser.com
      tls
      epic.exe
      943 B
      4.5kB
      8
      7
    • 128.199.39.15:80
      http://updates.epicbrowser.com/extensions/newtab/useragent.xml
      http
      epic.exe
      597 B
      916 B
      6
      6

      HTTP Request

      GET http://updates.epicbrowser.com/extensions/newtab/useragent.xml

      HTTP Response

      200
    • 64.227.42.236:443
      nt.epicbrowser.com
      tls
      epic.exe
      1.6kB
      5.8kB
      10
      11
    • 167.172.35.137:80
      http://updates.epicbrowser.com/service/update2
      http
      EpicUpdate.exe
      1.4kB
      1.5kB
      7
      6

      HTTP Request

      POST http://updates.epicbrowser.com/service/update2

      HTTP Response

      200
    • 142.250.178.3:443
      update.googleapis.com
      tls
      epic.exe
      6.1kB
      11.9kB
      18
      20
    • 8.8.8.8:53
      updates.epicbrowser.com
      dns
      EpicUpdate.exe
      69 B
      133 B
      1
      1

      DNS Request

      updates.epicbrowser.com

      DNS Response

      178.128.252.188
      128.199.39.15
      167.172.35.137
      206.189.4.63

    • 8.8.8.8:53
      updates.epicbrowser.com
      dns
      EpicUpdate.exe
      69 B
      133 B
      1
      1

      DNS Request

      updates.epicbrowser.com

      DNS Response

      167.172.35.137
      128.199.39.15
      178.128.252.188
      206.189.4.63

    • 8.8.8.8:53
      cdn.epicbrowser.com
      dns
      65 B
      97 B
      1
      1

      DNS Request

      cdn.epicbrowser.com

      DNS Response

      104.21.71.132
      172.67.170.148

    • 8.8.8.8:53
      apps.identrust.com
      dns
      64 B
      165 B
      1
      1

      DNS Request

      apps.identrust.com

      DNS Response

      23.14.90.73
      23.14.90.91

    • 8.8.8.8:53
      clients2.google.com
      dns
      epic.exe
      65 B
      105 B
      1
      1

      DNS Request

      clients2.google.com

      DNS Response

      216.58.206.46

    • 8.8.8.8:53
      clients2.google.com
      dns
      epic.exe
      65 B
      139 B
      1
      1

      DNS Request

      clients2.google.com

    • 8.8.8.8:53
      redirector.gvt1.com
      dns
      epic.exe
      65 B
      81 B
      1
      1

      DNS Request

      redirector.gvt1.com

      DNS Response

      216.58.201.110

    • 8.8.8.8:53
      redirector.gvt1.com
      dns
      epic.exe
      65 B
      122 B
      1
      1

      DNS Request

      redirector.gvt1.com

    • 8.8.8.8:53
      epicbrowser.com
      dns
      epic.exe
      61 B
      77 B
      1
      1

      DNS Request

      epicbrowser.com

      DNS Response

      185.199.110.153

    • 8.8.8.8:53
      epicbrowser.com
      dns
      epic.exe
      61 B
      119 B
      1
      1

      DNS Request

      epicbrowser.com

    • 8.8.8.8:53
      accounts.google.com
      dns
      epic.exe
      65 B
      81 B
      1
      1

      DNS Request

      accounts.google.com

      DNS Response

      142.251.173.84

    • 8.8.8.8:53
      accounts.google.com
      dns
      epic.exe
      65 B
      115 B
      1
      1

      DNS Request

      accounts.google.com

    • 8.8.8.8:53
      www.epicbrowser.com
      dns
      epic.exe
      65 B
      160 B
      1
      1

      DNS Request

      www.epicbrowser.com

      DNS Response

      185.199.108.153
      185.199.109.153
      185.199.110.153
      185.199.111.153

    • 8.8.8.8:53
      www.epicbrowser.com
      dns
      epic.exe
      65 B
      180 B
      1
      1

      DNS Request

      www.epicbrowser.com

    • 8.8.8.8:53
      r1---sn-aigl6nsr.gvt1.com
      dns
      epic.exe
      71 B
      116 B
      1
      1

      DNS Request

      r1---sn-aigl6nsr.gvt1.com

      DNS Response

      74.125.105.134

    • 8.8.8.8:53
      r1---sn-aigl6nsr.gvt1.com
      dns
      epic.exe
      71 B
      157 B
      1
      1

      DNS Request

      r1---sn-aigl6nsr.gvt1.com

    • 74.125.105.134:443
      r1---sn-aigl6nsr.gvt1.com
      https
      epic.exe
      6.9kB
      478.4kB
      85
      379
    • 8.8.8.8:53
      clients2.google.com
      dns
      epic.exe
      65 B
      105 B
      1
      1

      DNS Request

      clients2.google.com

      DNS Response

      172.217.16.238

    • 8.8.8.8:53
      clients2.google.com
      dns
      epic.exe
      65 B
      139 B
      1
      1

      DNS Request

      clients2.google.com

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
      88 B
      1
      1

      DNS Request

      dns.google

      DNS Response

      8.8.8.8
      8.8.4.4

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
      132 B
      1
      1

      DNS Request

      dns.google

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
      88 B
      1
      1

      DNS Request

      dns.google

      DNS Response

      8.8.8.8
      8.8.4.4

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
      132 B
      1
      1

      DNS Request

      dns.google

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
      88 B
      1
      1

      DNS Request

      dns.google

      DNS Response

      8.8.4.4
      8.8.8.8

    • 8.8.8.8:53
      dns.google
      dns
      epic.exe
      56 B
      132 B
      1
      1

      DNS Request

      dns.google

    • 224.0.0.251:5353
      epic.exe
      204 B
      3
    • 8.8.4.4:443
      dns.google
      https
      epic.exe
      3.8kB
      10.6kB
      23
      29
    • 104.21.71.132:443
      cdn.epicbrowser.com
      https
      epic.exe
      14.6kB
      779.2kB
      141
      660
    • 8.8.8.8:443
      dns.google
      https
      epic.exe
      4.5kB
      6.5kB
      10
      10

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Epic Privacy Browser\Installer\Log\EpicUpdate.log

      Filesize

      128KB

      MD5

      f9f7891dc4f54af0a5c77d7fb6969af1

      SHA1

      6ba5ff670df24adfdba12bf8678407c0670c9b2d

      SHA256

      5880da35c95bf0656d7fba35862383cd1f8e73c2a1a314bca2a79eafcce90252

      SHA512

      e48cac6a7add9e938cc5bc4c7dbf908ca10ea5a44ceada9c4419bb77636aa028ca66b5900c346145812ea1b810c5e8ad55ba2d8ec378918482d952f6185fa780

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\120.0.6099.71\Installer\setup.exe

      Filesize

      2.5MB

      MD5

      e6b35b8a8020960b8c1f19d6dcd3d4da

      SHA1

      7c86589f76cb835d34ec0a705a28becda2b18154

      SHA256

      c2f72a462b58e38804130d8a3be427bda639f759cf3c622bb1353e89ada5ec80

      SHA512

      a58538d79a56dc09fb6768bb01b3fc68b6fa839244eb93666de771153e5a2c7786c8165de363cd4c3faa6f7002e841786727923510c39423652a478824930787

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{CB1A38FC-E758-44E9-BADB-BD163CDDF54C}\mini_installer.exe

      Filesize

      123.5MB

      MD5

      40bdb0d644d15cdf3fd5a7b66fc3b666

      SHA1

      8cf0a0211d73cb591039e269df686deccb071111

      SHA256

      19b23e793e11c4fdb9952712a032592055082b1f02792665a93a961ad292732e

      SHA512

      9a3b778ad99c48ef2423aec60ac01ee1b98d4905e83f8df5bf8722ee8c98886fb028ff64c80286cc798a724e027e929706390f8d94accc46c815b775c6fff537

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad\settings.dat

      Filesize

      40B

      MD5

      905c9f348f489f245fe140fe5bbcf466

      SHA1

      fa70c09e3030ed2a9b44e5165fc2e78a98377179

      SHA256

      843496b6503dde63c0555bfff9dbd557b079759981ea58c3a1ed6dad633e11c1

      SHA512

      9dcb23dfd996b81bdc2e814a09521ae831f07ad934985750857dbddf7a1a1755b82f2772973e8434bd5f54179d26e93ded6b7421b2a546f77f2160b35bf59237

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\49f46ad9-eccc-4555-9ed6-525e8df8c922.tmp

      Filesize

      211KB

      MD5

      847881642c356fe9b957f529d031bbd7

      SHA1

      cde3f2af0cc9ecb436aa51f73b22e2eb68e1582e

      SHA256

      a081a765af53ea089bb7dfe5f46ff07e93b4f0cec94bd5bd1ba5f2f22f56634a

      SHA512

      7ba6fd4da828f73ba64e626f6f98074ef90b6676b970770e18a18a4932ae47f97e9dec816daf2b66182f40dded5631e158a75ba169eb0551ba76ab2b34e90c25

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Code Cache\js\index-dir\the-real-index

      Filesize

      48B

      MD5

      05ab28702c0e75b37cef8fe9e59a0345

      SHA1

      a46f7084ce3dffab3d4c6bdb4d8b5cee124b0c15

      SHA256

      b6970ba1db0ecc62c0019fda2bd500d2bf1ca9484b39aa1ce8ede102657a74dd

      SHA512

      b8405c9925fbd78c002947123b1078bf16563be1a34ec964531c7788ebc2586a6f8e337ef458580af0380ded44be4f7545f32229f07aa651db52da6d1f2a8bfe

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\DawnCache\data_1

      Filesize

      264KB

      MD5

      f50f89a0a91564d0b8a211f8921aa7de

      SHA1

      112403a17dd69d5b9018b8cede023cb3b54eab7d

      SHA256

      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

      SHA512

      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Network\SCT Auditing Pending Reports

      Filesize

      2B

      MD5

      d751713988987e9331980363e24189ce

      SHA1

      97d170e1550eee4afc0af065b78cda302a97674c

      SHA256

      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

      SHA512

      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Preferences

      Filesize

      4KB

      MD5

      d1a939c087b771fd2a71c034e9128138

      SHA1

      144ecc3f737c0544737d1a0175d175c5da835f12

      SHA256

      05b50a410dc85a15d62949a1e8f71ec3d273c00cfb518491de2a90f9e6cde2c2

      SHA512

      21384c5db92abcbf3ed55a8c020f47e8d95dc6230151901758c10e4d5f5ce03e503f0c3cd51f37c696bb40be3c14b40da921941b7128e9da0c31342c07ce90a4

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Site Characteristics Database\CURRENT~RFf778363.TMP

      Filesize

      16B

      MD5

      46295cac801e5d4857d09837238a6394

      SHA1

      44e0fa1b517dbf802b18faf0785eeea6ac51594b

      SHA256

      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

      SHA512

      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Sync Data\LevelDB\000002.dbtmp

      Filesize

      16B

      MD5

      206702161f94c5cd39fadd03f4014d98

      SHA1

      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

      SHA256

      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

      SHA512

      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\d75cb106-d60a-40c3-b5e4-06fb6152cdd7.tmp

      Filesize

      4KB

      MD5

      36d3572078543e84a709cb2dfaee443c

      SHA1

      52f1067b86cca52f14074c7b98dbbfa23d0abb68

      SHA256

      a237ad12bbc17c8578a6630f7d94517202308b011beccabe8d74e9f03adfa00c

      SHA512

      a2f1bf594b66f1504bb030476fca00ff083ce56f48a6099d225b0e27384e7103534d1fa3f897903ddad68bfe06f438553677d67c7f28abd6f12591f845834f4a

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

      Filesize

      41B

      MD5

      5af87dfd673ba2115e2fcf5cfdb727ab

      SHA1

      d5b5bbf396dc291274584ef71f444f420b6056f1

      SHA256

      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

      SHA512

      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Local State

      Filesize

      2KB

      MD5

      69a19cd732fc5d6b1f1184fe1820f989

      SHA1

      f1701cf272c712c7f399bc01233d5e7c1aa4b059

      SHA256

      7c68b0cbbe1334bafd4fa0938255d327415cde7f4c9426570acc8b6b101bdf6a

      SHA512

      ffae1837683cf69dadb9e6c86a3fc1663e11b0b2229b364997ba678faea5ff1d1845f170e8ac498959f29d75d7ae9f4d851786fb98aa94129c37143a89a8482d

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\ShaderCache\data_0

      Filesize

      8KB

      MD5

      cf89d16bb9107c631daabf0c0ee58efb

      SHA1

      3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

      SHA256

      d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

      SHA512

      8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\ShaderCache\data_2

      Filesize

      8KB

      MD5

      0962291d6d367570bee5454721c17e11

      SHA1

      59d10a893ef321a706a9255176761366115bedcb

      SHA256

      ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

      SHA512

      f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

    • C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\ShaderCache\data_3

      Filesize

      8KB

      MD5

      41876349cb12d6db992f1309f22df3f0

      SHA1

      5cf26b3420fc0302cd0a71e8d029739b8765be27

      SHA256

      e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

      SHA512

      e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

    • C:\Users\Admin\AppData\Local\Temp\155fadea-20ab-49a7-a01c-ff00c5332daf.tmp

      Filesize

      1B

      MD5

      5058f1af8388633f609cadb75a75dc9d

      SHA1

      3a52ce780950d4d969792a2559cd519d7ee8c727

      SHA256

      cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

      SHA512

      0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

    • C:\Users\Admin\AppData\Local\Temp\Cab6CF6.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdateHelper.msi

      Filesize

      40KB

      MD5

      c8f6a0a4a113c0b698a6ba6a4d82d7bc

      SHA1

      08c823d01961320f8429b338f835d6f8ff5db023

      SHA256

      e908d7d23aa40f74068f97c90b9acc1e103706425a7ffc2046fcba5e45b1d910

      SHA512

      ffcd47711a795a6e379fbf1e49441b26659fcd4ad79610e127edf1fb2f76c361406f483142e21311b16f3d3127109884fcde77a54cd3fce6f549ba81a7781aa2

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdate.dll

      Filesize

      4.5MB

      MD5

      be1251e33e310931312839e7e92d5428

      SHA1

      ae5fa300f2346379390e86c1bc9dd5241e6096b5

      SHA256

      df801078e2512a40b32bdd801e771ad94ed9620b7be9e8146dbfbf08e6043281

      SHA512

      6dcc6c1df52c91ffb7a1a2eb340f58b9c6c617e43e6046d0aac13571f9854edc3f06cb5472e89447174fe7ba455c7552ba354ddc4d1e7d2c518b94de41b1dac2

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_am.dll

      Filesize

      23KB

      MD5

      d88c63b686242cc71ffe7527e6bfc387

      SHA1

      d684c14aea47bd05bdf6b97ad2d83661bfd12da5

      SHA256

      1cc7bb6883bcbd0bfe08faba1bbae512fb5f9d8aacce1a80ee55955760e9f0c7

      SHA512

      f708e7c0e3fe655367306a0c3b91d6ee9ff5e80bc30c069c1d1969b7f46d00b46bac964a3b01b7f03b8a6c110521764e1e78f158b1c8d754520712f7188f9e45

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ar.dll

      Filesize

      24KB

      MD5

      de553ee3dac04b2a52e5b8317dbe3922

      SHA1

      2e98677a966e260738bc5a29c5019a1efc055c92

      SHA256

      65e2f79b249b2944a8f81980486574b15deff2db43ed61e5cf8edbb32959d242

      SHA512

      7f96853ee6cefb46c6ef58b9ca3bf0d4e94ec1e32b8a58a7f7aad52f1f16f4216946b045c191316779c170d72e28b7c8714d41cb90200b6dc5f8655ebcc939cd

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_bg.dll

      Filesize

      28KB

      MD5

      81b8726d6f13c61d76f61f408f6387ad

      SHA1

      216791ae4cd983a22852f4056305ed60ae99591d

      SHA256

      fac78816992737c04db4c0ff5e2e872b36cbba33a5e881fec4e917595b624919

      SHA512

      70d1b2fa2580e43db78ab5040712b8e1f1bd0d72026546101d04689e2521b127280211b95dac4c4fd365ce9de17e1fc0710f2a3c1829319ad24aeeef79c5df11

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_bn.dll

      Filesize

      27KB

      MD5

      d57a370b804835a938258ed7859742bc

      SHA1

      dc75eb12bff887f43df461b04a4b2aae8a30c5a9

      SHA256

      ab965667ac81a9f405f9088c6a34e05c9f75fbb086dd721208983d543c48ddf9

      SHA512

      daa7df808c1282c7d199e1d15ee55168cf353465ae2d4f0122a70f988408d390d24ae1dc7f66e71ba9eda48c35761e852e349f806a15ed32486e16f034126afd

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ca.dll

      Filesize

      27KB

      MD5

      96a28b5d2f3bfb0787959491688e530c

      SHA1

      e02aa14bcb527802e025c0eb3a577950fd5900ab

      SHA256

      d56a28be1253366645a16345175a09a63094785e3a88cb9d0b3fd2380bfbcd6c

      SHA512

      8fcf08f65ed0141a9b4344e1382bd3aeb8894a0984539165318c701c9f2e5958721d99d7b63c309c9c996d3574f82a2ecf001e19e5c2c4cc681044b1257446bd

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_cs.dll

      Filesize

      26KB

      MD5

      e18d69356cf35dfd4e8351c730eab4ee

      SHA1

      f3b0227bf77776012d3d06c17d1a9a1bba4ddf85

      SHA256

      08a1833bcf351a9a8e830c606dd11abd765c33b424a77da1a24678f7b3366975

      SHA512

      54505db74d1e106e67d8b165421e91f8d29c563e9b8decc97a870532305c5a380b0b2e5d3810d11f58ba272e7c7d7a0733846d7b662a83ae504d7675da36b67c

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_da.dll

      Filesize

      27KB

      MD5

      04d97fd41c84c1a976d1e53720bc2202

      SHA1

      526a06cb86d4cdd1b41e53a0d1f0a7b5d08d4332

      SHA256

      025b963e649bb16927b05161af59dbfed383ed5e6b70a9ca10a010d50760b2c4

      SHA512

      b437730b7303ef285c12d83f6a5d3c2b30c56455c4e26c8d32a4e9d8a42d5221736473ed7442c657dc7f6e021407f835e5b225c9b89823cbebec010b1503dfed

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_de.dll

      Filesize

      29KB

      MD5

      a9417a072b34c3f41ca98e5ef43ef1b7

      SHA1

      9669568a3f3e9082d0a95f3b6cecfb1fc55d378e

      SHA256

      8fe982e9c8fc1b4ed1795f47de27fbfa7ea2c4c18295077027954309e164bf37

      SHA512

      c496774c0de81cf2c50d111d8c9efda6cfc631643895182891598723bf84427c6b97d4836feb82ff6d9644c70d4c7dbbcd5479568ba5e1dbbc3a34833ba01a64

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_el.dll

      Filesize

      29KB

      MD5

      665a16ab999fe7b97286ae2f988e3eab

      SHA1

      c6962cc98464d0dd64f92065af4e0818d5b38616

      SHA256

      d0811d10ca70a3f1aefbe224e89b3094a66c77d675c7b227b05eb61a9d0b9312

      SHA512

      bc3528fb599a237c7dbcf3857f72a77786dc31c5ec1766e955cd1ed3b52c1831e420e19aa33cdb461fdc5370d3910081ae454f29adf915e1c57c68b9fae6403c

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_en-GB.dll

      Filesize

      26KB

      MD5

      0326479ee247f6c643833ed7858da929

      SHA1

      e3973d7fb630ed958739f2afc1099ced7acaa890

      SHA256

      6fd1413a1eee2e8181df176388c0fede5c58f473e4637c6e845b45348d2377f0

      SHA512

      aedcac771168ffba3a46d88a75c067a727001e34cabc311b31fb5c3eb51be56d1aa09b6f791cf052033f0793825538c9271283b276634c2ce1a518b11143b83f

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_es-419.dll

      Filesize

      27KB

      MD5

      737467326da390e801c46afa27bdf222

      SHA1

      e26a20456b5989761f4b007bf7f69fe38cd4c13e

      SHA256

      7e9041bc445a7bc64e7842c827e8206bec5d2de30b48382c808d1045521a2efb

      SHA512

      009fa89d01dbd498ef4f5026119f4d36110d2f88fe3ffa96d5326e2236fd363fd5e4ea6f0c54a0e869e055429fb5729737d938058173c8a3d285d79d890a89e5

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_es.dll

      Filesize

      29KB

      MD5

      218bead93fe588064ce4ae59bb394f50

      SHA1

      d2d2f1450178725d6c6d78c81031f91a1987f48c

      SHA256

      4ccb12c38399b3d31484de4ac046cbe7216b46ef8b0d102a6d488a62ba827f7f

      SHA512

      227cc018faeebb1abf7426bf306f9d2ca48c11d349d01111af315eb1a02b27298bf52736848855ef90e4ec3b4c148894eb53e9663912ae37fa30d9eaba3b1125

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_et.dll

      Filesize

      26KB

      MD5

      6c943af4ebf403d95e7a6542a49d6dbc

      SHA1

      7acfc23ed5207b3a3910baeeb68af7d9efc89579

      SHA256

      c2463a6eee0caf3a9ce4aa91d234bc3633d8be4229ddea7fcdf41d1c515d376b

      SHA512

      e6a3dc76f45b5c541e9ae74a6562a2addc85146c3dbad0ef5bde2e0ad6338867586bdf4dea79488fad3ec1b53e934a0354a8a7a0ce767e783af21ca372f508d4

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fa.dll

      Filesize

      25KB

      MD5

      a047b4703e5e72411fa453bd05f76311

      SHA1

      61a3e70dff8628ba5ce206ffef431d6376c85287

      SHA256

      d043d936ea3805d5111ec803e12b2c8ce50c551526028713b4445c3584c997f0

      SHA512

      985ed14af7c032a164dfe0e3542538756983eface5ce767be371c193366c209ae1f1fd3c529a886638a34bfc4281bf6b02ed4c9f1fd05339cbcdce0a09dd8b20

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fi.dll

      Filesize

      27KB

      MD5

      86c1e08adbfb154f51415789005f6123

      SHA1

      4bc5cafc6295a34524d32a23cfc27a0e0f81fd11

      SHA256

      7f5a0c886ccc6b9decbb77c99a146cb355754337eec837b7fda051c873da3d68

      SHA512

      619b1ce34fda5c67a874bd0be7e5cd34f4a3361335cc90c765ee7bf09ccf47a15448497d1c83728fe7949e8e40a53c0361c84877a3ffeb0a130e3891a445ce2d

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fil.dll

      Filesize

      28KB

      MD5

      ddd37d2387261378a213b3ef2c21314e

      SHA1

      f4d85efcc2720bb7b65b0d50b1e8d20e5c28bf00

      SHA256

      a464f40505d2ef5fb558050e225ae8de6a7355d677a29dc3eb941c3fb66e18ca

      SHA512

      b97fdf1abb3c16ec86e51b33b24faf267cce84cdc3c53a38b668e83382114e947ed6e2806c7717e41e92c8a1763b58960c58c0d3a5fd644aeb5941eff89acee9

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_fr.dll

      Filesize

      28KB

      MD5

      bb6dcbee3a39fd54c3f357fe022fbc4d

      SHA1

      1604459acb7fd71542d1138828c7e2d1016a1ab6

      SHA256

      32208618047b53eee1b235de2c82abdaf006ffa59e91c238cb75eaac30cbd166

      SHA512

      c192ef041bae2369dc249a98791782176f81d0d174dcf82632594f939d1ab01bdb0e0681277d2fd315d8743abff59464ad9f6e092a5f2803832a0bd5197fe9c4

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_gu.dll

      Filesize

      27KB

      MD5

      704dfd5af3aa897887feb87aa48e8318

      SHA1

      c125e771d60ac73ea6fa0f6959112f3cf131a2fc

      SHA256

      7fd17ba7a0c0baadfa2a0ca96b4d2f31dedc6b347dff41582b1e6637408fd4c3

      SHA512

      92417dcb1ca9c5054e8d820ddcf541658006fd2214ae834ffaeb7a82112810ebfac2afa8324d0b5767d1e14e8e3216ef2d5c049c9a8c659ebdc9e05b8155d2b4

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_hi.dll

      Filesize

      27KB

      MD5

      0a47b1ef806c7880c645bd20b416055c

      SHA1

      f954be7b1f33af37ff3de4e1ea2483b71908bced

      SHA256

      757dd37980010c2e7da78b6f69e9a087ede1ad87a3c4d918e58d33932d525ef2

      SHA512

      8a6ff6b943d2730a0dac4ee873a5b0d3355b82ae5f85470d0d8130519f1efc2a2de19401096bc7d545938d9c32cd2253ef6bfa24a2aa54408a093ad21adeffd1

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_hr.dll

      Filesize

      27KB

      MD5

      7dc48e2f1281d500eb74af4717389681

      SHA1

      bad753522a3dc76e4fbc8050b8d871b4bf8bd0d5

      SHA256

      d101854d9671ca7871f5b35ccbd672c2d0a754d566ed0540cec493d6b38f22d1

      SHA512

      ea4ef260922a1b71f895623b830f7952906136b41887b325a8b590f6d75a6d8edafcb1da85b28c0dcbc2981e68d47deae17e0f478debda9e174427fe582130e1

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_hu.dll

      Filesize

      27KB

      MD5

      d61c4882cdceff3da989c403fb43d89f

      SHA1

      db2339b8f0c5db84e59f139bfbf1fcd4687a4cb3

      SHA256

      b3d70dc9d90317e413f4d9e3bdfe3dbabb59ac4d49a671726d770aad70f7e255

      SHA512

      3aea1526fdcf621aac38db213f776a28c0f82b8e0c2795901ca17a86cf8d3796cec937821e8ddd2eaae3ebbe251fab032cab4b466f1431d54097a6b7a80389f3

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_id.dll

      Filesize

      26KB

      MD5

      d33c46a32430646966013db736a54a54

      SHA1

      9564b827d3b5a426499641d844ac611d19f85a91

      SHA256

      9fc4ddc3a79d558111b6c6786572d6d1456905743d23811a713b676f2adc6aa9

      SHA512

      19b5946f15da8bae96f499df8f14cf7f4a0e69717b97f21393b7e3cb00d40256e583e506d154109888a193fe215310f09c7a4e0eb0795e1f4bc3b8880d3872bd

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_is.dll

      Filesize

      26KB

      MD5

      c2881f5e67dd3978567fbda4a007eef7

      SHA1

      32281d03b79449b0fc96b6191ed23749c71fc10a

      SHA256

      e536892e77d123bd31fcfed7e387b3f03bb0aa7a4c5a20676414efe467d4e8e4

      SHA512

      8dbad99967fe4d309a37d3b259c7ce6ce3d36618d3673cd86c0efae5e4e84b5d82cd477e3f7843810d3c034799412455755adc09f617f4dd84e238bf16858f0e

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_it.dll

      Filesize

      28KB

      MD5

      7c8e9dec722a5c374193772d1030cca7

      SHA1

      901f5cfcf275ceb3c7ef6d4dbc6d959cb05548a6

      SHA256

      4004b81177aa7c1421f14acbe76683d72b9f2df2cbe54f59bdae2ff263ecf2ba

      SHA512

      fc570b941823618272c843f43f365a2c386130874798e420bbb61578387e7d3979ca6b536cbce42c24042e90655bc711b087757bcc7d6aafaff014376f472dfe

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_iw.dll

      Filesize

      24KB

      MD5

      0a3a248253c7a9f8532e25b5c4736a52

      SHA1

      26ff1accd9f5bad304717b90f986da666e9eef75

      SHA256

      6ab18120723bd8fbb204962026bcea1b23c2bf488a24180b5839243375709fb0

      SHA512

      39b3ce881b8ea81e512ed963c249e241237085d36d3b9c230ac08ea61c1e8e1365d534983c88a7673fa3d188006b0ad788579c844b800aacf50f5947291f9e36

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ja.dll

      Filesize

      22KB

      MD5

      5a2e260a1dada2211820fc10eb1823dc

      SHA1

      2506a78c30aa296681a170704b258d3ddff52d2d

      SHA256

      f4d2f3f5cfad7e15ce51a1a597672fc959562decd1d4cac91d4cbdaf40b74b60

      SHA512

      43c7126cd6e436346fac37b4e7ca2fc8b8be8d1c4b01f5df0720b849af2cfe5721f5d1a5c1aad9232b51ab41542b1c9d1fec04fa768a7aed6dd115205497cecc

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_kn.dll

      Filesize

      27KB

      MD5

      45f3ce2166d548f70336ec57471f5a7a

      SHA1

      f1168a4a8c33d134e62edc829a127b23e67e288c

      SHA256

      71bf3a4647d5e194c12af1c34b997373d3730c7dc75a9f540cfaa398a9c88d33

      SHA512

      75afe201bce2f3242ccd90597e5c874c3880b3dd67d4183d3b0e6f71fc7d1b8cf72912a87d056555fb3f9d6ecd7196db3dd9a93062999788081ac305797b70c8

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ko.dll

      Filesize

      22KB

      MD5

      92fab51f986d8240771fd9fa66b6c71f

      SHA1

      38a0eea63cd18847cd7fb27601e4306411b3389b

      SHA256

      1fb69e9e1b6ea7ced41701057e9eefe25f80fb4c1b71828fcd6868b82a4615f7

      SHA512

      44a415d88d5c9f2c11abfccaaf7fcdf4965b959e6f0856834e8535a0158b8735249548b550037a5bdd836526dcab556192218ffd0d0872fbe884cb168fe9756b

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_lt.dll

      Filesize

      26KB

      MD5

      b20685f9d9c766c4a64cccad1ddb4c3b

      SHA1

      08dd00860753e2a7ae8e9a0d86ad7c3293088d40

      SHA256

      af7d1ac7df40689b4b7e4084ab7cc0c75d11e37aa4b070dca8c3744930a7286a

      SHA512

      c0e74ecf4174e4eee9953110fcefbee3a78d8863a890db005466ffd81a1bb00c9b1a1bb8a2936b58f9f3e69264bb6080f262623e543625513cee306d1067d4ea

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_lv.dll

      Filesize

      28KB

      MD5

      42f15afedfbcad904a8e99681a2edc27

      SHA1

      879a350fbec08c3df97f59cac24033f38bb4fbc6

      SHA256

      5e7e3e37a1338454ca3fb7d1957a7c4336584eebbe41eb0d09776dd6da2884c1

      SHA512

      fd60dba6642842a70d1dd250452175ea4412749387f7df90a8d4af1707c1980820e40599f0888be181ee92a4a809a783e106e629bd9844198d7d1946c6d5f9a8

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ml.dll

      Filesize

      29KB

      MD5

      6de81e001d5e656946eb33298d671c45

      SHA1

      81590e474e6f814f86883482be46d3890a7c6a95

      SHA256

      56e27538bdf50437d7f1effe50453921db0c07f73411aa458ff34200dbe5080f

      SHA512

      62752549f199c04332f7204ebe3c9b87428b9fd0af0ba1082afc71d6e38cb44a76863095df5d7095eefee64863c451475167c0e97afcab053cb06482973f1021

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_mr.dll

      Filesize

      27KB

      MD5

      eee8a71d42faec3a3c94dc9118b91680

      SHA1

      0a69231ef3f0bf86e7ff4c918bb427d22ffd24a0

      SHA256

      7afa7bff28befd7fd40ef9f76dacc19013913b11256378fdad8742aea46b37a9

      SHA512

      20555bc2ba3094d87c2ce231e28728b011dbbae636deaa7229d0cbafdc6531bb5df1f9f52b30fda2f2213ddf19148017330c7559779c77b3a62c8f4f48d5bcbf

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ms.dll

      Filesize

      26KB

      MD5

      2ca2228a1f9aa239a0d4ddad8252996f

      SHA1

      7917c8bbbd07ef4d244676669a88762749b54673

      SHA256

      e45f0700048e3255f4056bb09033e187ce2ca69e64f5bbc1f50c8ad3c8b07adb

      SHA512

      79692e3cc5a765d6e92a111717b2b07bdab9fc25f975b97b00434fb7d801a1bce0876b170d9fab92943ccc6e1cfce984b4d850dfd5dfdf9902ee6d3107ad820c

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_nl.dll

      Filesize

      28KB

      MD5

      f45b90c6489b3f3cc1202fae9620893b

      SHA1

      5dda75a13dc6f24d914cb741c9d48e8e60128021

      SHA256

      ee784713a2dff6f4fefc930746e7b61e05f60630de55b86560df8ce72b5f6b8d

      SHA512

      65dc4da4a306f8092fd3e6e20fdde202bcd614d12208b26f6e53a9ad7304f8c3cc616de791b8da95c29799ded312d13cb6d82f836a8abab21532939fb6c6055d

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_no.dll

      Filesize

      27KB

      MD5

      2584b43fcb8e6bef536e370e81d304c5

      SHA1

      4e2c43ee3c5a63313b481b2d57d2185aed42717c

      SHA256

      f39f172221fc8aa910bb359c3bb0a3a62f9f0feee1cff5245bafa21d10c1303f

      SHA512

      fffe2d48d7498ac53bedb293b3040b3b1bce7b26573d341b06764dee3e5607f58f8fe58df72ab9d3e3a5e726b93844548dbe6cbef49820e99287516cababfcef

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_pl.dll

      Filesize

      28KB

      MD5

      dce7239d44a7d5656a38eae49bedbedd

      SHA1

      9730ab9a4b5d734020e0d06ed07daf595454f32b

      SHA256

      e42937c5fb812227104a27d4c08fd9f8966dff2a72db2abb3a4907e0945f8e60

      SHA512

      9430857b50db9b321593dbbfa493f67151f244d229259601c5da6f4975b655a557eb492fddf80ce35f9d82405354f42759768ab94c7de84c4bf1162efdf5207f

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_pt-BR.dll

      Filesize

      27KB

      MD5

      3936da5d7f6576d551e817024fa54c5b

      SHA1

      cb26558ef379bffb2626ad52c6ac4be1a878730a

      SHA256

      d2b2720458884071adee98c7027925f0eeaa512239da212283d75d2f608b2b3b

      SHA512

      28cd341229f52ce0b37fbced7fde25e308da9adce4cebef8ebcef7a76109a2b93adaf0eaf47df25f733010dc7beb8f049c70bf8fe508f3611854490d34661805

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_pt-PT.dll

      Filesize

      27KB

      MD5

      41615489699e6550fa0df0bbf4ec1866

      SHA1

      a22f878abe1a534e5bc6eee230e78d7a9457c7d2

      SHA256

      0bd431834964ae5e85b005b4b77e98167bc74af3edcf10d4a31ff60fa4504a3c

      SHA512

      0e65203c5bf31170197c7414a7ff9f05ef4a1b53a37199fba7b08b1268ff77c76226be39864617d408ceda7bab173d29e4464417d6cc06ca458a17279baa0035

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ro.dll

      Filesize

      28KB

      MD5

      ca36229ecda98c7c306444b6828008f5

      SHA1

      8d08861b2b8970177238db0f463cace059cf81dc

      SHA256

      9956c1624c66bf371f3d56dcd41589b078803adfb561c5461c8cac3e4cc50f1b

      SHA512

      1221a1b4b89fc8d697ed6e1d6babc56186f908838ef244c1a28352a85bf8b735c49265dea4029d12022e31d74123768e53fa54f8d09707c87ac4bd2cf53f8bd9

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ru.dll

      Filesize

      26KB

      MD5

      01145b5ad8590e8375edb0cf966c6e1c

      SHA1

      b1a550774ea0f20b60c20f2289c8497d42135500

      SHA256

      a447182c8c48212ef844efe205049fb619908de6d36739f12f4633e50b33def8

      SHA512

      d099dfbd72d512b611163cb1776601fc23b85c9441d9621cf56e72f8476c0b873ccec6daee62505180d4f41eabe786e8ed270b032d18056548f7ecae7fa9c566

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sk.dll

      Filesize

      27KB

      MD5

      099bf80f276225c4bd61979b6fb53f61

      SHA1

      4c5506aa213184c4b90eb5d9c5a2700a645c0d2d

      SHA256

      8e530aa8f8921b7720a683cb0d55ac282e7ffac1e62af8bc0cbb6d52054a0da3

      SHA512

      46b8bd7952ad37687927fb8174a2e787f678b7b37f80a5135abab32027b7242a129dbace9136de5d1bbb45ee1ff89f9de48837136fa3eb9b39544a4b6f24d2a2

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sl.dll

      Filesize

      27KB

      MD5

      4bb0ec0ac8757fff5163458a68765319

      SHA1

      da09de35fe17412d83f4947b063635a589095ace

      SHA256

      90854b840570e5c809679283f7d9fa1cbcefec645ad5c1f3e61a4df8018c4902

      SHA512

      7b427158b6223fdf368993a71d89571112b4d3e38ca98e45f2b0c99ae68521d41cfccf0898818057d78fb0082d029f9b4804e4ee44927340b04be78ff9bf8b8f

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sr.dll

      Filesize

      27KB

      MD5

      be3a5f14fcf91c43abd0a20e838aebd0

      SHA1

      c513f3a2ceeaab2874768471db8692aa8c4cc7b6

      SHA256

      51f58cb454a5c78341aaa4f0466e450c82f22a0000d32233263752f40f20b876

      SHA512

      21a4deea039d884bf0ae3e032182bda91671226e9946704472ebf6d19a92e2d506d4720075a8110a0d81f8f3e15d30f4a9535b690643f62611f5fd91cb18aa55

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sv.dll

      Filesize

      27KB

      MD5

      4f09141c88a23dab8fd840fabf06e191

      SHA1

      8590fd88fd5e7aca276a50c09f90f0125e935c01

      SHA256

      f90964febd0305f8052bf605a6ad8a8f9c6f33a1e89497fececcd912bfa76416

      SHA512

      e69c8b0d7a45bb389bc1de639a51ef1c8bb8ceb04593f0faf991ade220795427e3a9ae3afcf7ce8ebb173963d9773e44f2b235c8a284bfe91a921dd956e29462

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_sw.dll

      Filesize

      27KB

      MD5

      86b5c41c84a38c404649c8c0b087153c

      SHA1

      1b149e4e16005a28d4e2bb4fdcad8f4988167f69

      SHA256

      c262185e4b3be7e3d21fd4c2d2090ccb819a28f232a982600fb0209af28bb209

      SHA512

      f296d187c82076a4ac01172810a36ec3b6f7dd12bdd19d7b5fb84044a7b2a45654e0379e152afdf00667454235dc86f75e8116ea56520a3fc79839a6a87c163b

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ta.dll

      Filesize

      28KB

      MD5

      cf28ae6f6aac4bfad5c9ef174e32a3d6

      SHA1

      83b116479afe6fcf94a841554d86cc7f943ae33c

      SHA256

      a0058db5a994e1b7bd8fc01540b477e3804b29544c1c407b3470da64c7bcf922

      SHA512

      6dd0db3aa75117a46b064b803b87d7ce67a19016ff4513e41e4a34cbfec26f2ea1d6996178e4a16dfaabf568cc301ed9c129fe2708a530299b266e86fc2d77ba

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_te.dll

      Filesize

      27KB

      MD5

      2c2e4164927dc5bebcb7b5d21f576ec2

      SHA1

      1b7fb51903c30b6d4f5f80113c299046e8e2a503

      SHA256

      2c0ed75dc10fe1befb8cda11b0c43b3c7a0a80f599178b63cf504b5382821f26

      SHA512

      589e4d584159d5fc65c86a32779ac418479e78abdf79d39d0f1c947d66af2c60a03add725d4a97fd07db11dca158e813c3b1b5dc048a6552fba36ad91e15e2fb

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_th.dll

      Filesize

      25KB

      MD5

      4a09e4adebd70eca03292fe40e372bb8

      SHA1

      c3205bd203e7c289f2e5e9f9e78b522aea1a6dc8

      SHA256

      aaefe7deeced4374cb13f963b852920458240422546f0d3bb815f74a281559b8

      SHA512

      7bb2e360d1082cacb559cbddca538ef1260cd378b8b4cdd4a011429df9f96a720e3924619ebc1f237e25edd89f83448cb86bc74ab7984b47b4729972ae0c263c

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_tr.dll

      Filesize

      27KB

      MD5

      5379bd0e00d1c6720d62d6232cbf2b79

      SHA1

      0c7d4eede806596e27641837d0611ab2fd2b5fbb

      SHA256

      17e7d40e572a7f01224c4a3247eb1d99183283697d5c4d67354d4094fb8755fc

      SHA512

      f1ab61783a250cd2943f699caf976a634428add0636d79935f8f40d6bd02c4c1db6c909758696ca2f73b1bd0185e00a8051cd78c2e5e55a1f9b9360d1946420b

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_uk.dll

      Filesize

      26KB

      MD5

      c58c698a63e66bdbab2a7979140c6378

      SHA1

      8cd380ce107a0087f8c59bb90e7c62c411f8e176

      SHA256

      b769a2dfb2c35084b16229d328106760a41a024019dbff30e5240f269f3d5b09

      SHA512

      2ebb85b4261f4e5ba778ecb1ebe6cde0f14c0f1cab03b84e01f73dcf9ef1ff3f9e8c6f1734df6de4dd136efcd4e642232df5ec1ac6b2e3ff50af2054f95d94fa

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_ur.dll

      Filesize

      26KB

      MD5

      2daa38d2ce922e96a3ef41088f6887ff

      SHA1

      cf1072a9ca0a79c153cbfb9f32aa32a97aecefe6

      SHA256

      8ff5254e6afc0b06766cda5f459487f88da167803458126c60b20d16c2fa2e50

      SHA512

      694e626daeed3a25b7b77d84158ba176d8dba4fefe9a4641904da9c66ac101c55f08a1775090448510db7ce9a64e5edffb4bf5fcc9bb86923d11e7b69db60cd3

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_vi.dll

      Filesize

      26KB

      MD5

      c58a0d34e22c4a1012b05350dd14e01c

      SHA1

      484ab20a0d50d17e19cb39c49d826114ac7b8628

      SHA256

      ac94f3b0d075144a19631f388ccfeef04fd0ea48e3370ee9181463e0b5192e2b

      SHA512

      cee194b448d6e384965786e99320e5ae0c403ed786f5f660a3580655c43e7419034741bf0f22e7bfb9bf2146bb2717832017aace9a810eb273282ab265c5ba46

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_zh-CN.dll

      Filesize

      20KB

      MD5

      00c57145de73df06fbac1e8217381f4e

      SHA1

      bea33bf66f9021ac636d874b6d67c1c24e531209

      SHA256

      10a847131bf465f49aabe81917bcb704bb2a99194ca256e64fb9809f799e6a80

      SHA512

      7ae578e59792d618aa3d08bb5981bb03d05204df170bcf83b580e56bd601a46468c476e3d0bf0b9be8147ce5cf63af0894e93b600d6407c8e8567c522a4bbf55

    • C:\Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_zh-TW.dll

      Filesize

      20KB

      MD5

      6b96e2406ae0cb4c12f62c415576b108

      SHA1

      c7a0a065cf671d6d337540cc7b69e1aa559d6dc4

      SHA256

      ce164b96ff50b2c2ed0df8f8deb1d4152b596428885860f8ae497f537f73288f

      SHA512

      f37d68e8111005f63ec552e8d1663f76a716f846d98c38e3fec31787f064d9814b76d8678db70a971c87f5afc3b402c97aa209f2d7f8c1ead708ff5e914c0ae1

    • C:\Users\Admin\AppData\Local\Temp\Tar6ECB.tmp

      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    • C:\Users\Admin\AppData\Local\Temp\Tar8D0C.tmp

      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser.lnk

      Filesize

      2KB

      MD5

      86be1f49d361b8efc549dbd14f7ebad8

      SHA1

      4900fb36a42f810eebb7ee31ccb2f7e9a2154e57

      SHA256

      d71ced395c91d7e215a9e03a8ad1161b13890c63c26d6d5ae130bbd3ca7d9195

      SHA512

      3a13ea53a113ad0cba1d78371d46c3add7f2e15185a6ae499204cfd45307944de5db3df943eaf1117b1e9254c9f76b3cf3ecc0176a4f31ecbfd0250c1b5593d2

    • \Users\Admin\AppData\Local\Temp\GUM62D8.tmp\EpicUpdate.exe

      Filesize

      497KB

      MD5

      97dc047b7ed9c22fc6cc04e015ad26f3

      SHA1

      bd1af01548fb5608a7ce494cb7ed4f030b872337

      SHA256

      b04266ca05e8125a1544e68c8852f7d44dde9c7e4f3b08a0383c0bf4ab6cfd2d

      SHA512

      ba7b7223e8930415373bafe5b8f6bb30ac904bbbb8f9a145b41ac7bb741ad06cf28d57328ed8e89fc9bde3975dcf47f956af8df7b65e7be8359e5957ffff52c8

    • \Users\Admin\AppData\Local\Temp\GUM62D8.tmp\goopdateres_en.dll

      Filesize

      25KB

      MD5

      2e874d98fcb41d049bf76f74e5f693ce

      SHA1

      cdcd777c6183ddce332b69a0bdb18eecc4e8cbd5

      SHA256

      24b5bc550660b94986621d3f841838d9b832a1019039de4d568ea7d8a8445eb2

      SHA512

      87a2a5c39cf2cf1bd8951032074434ca922077151822ef3f4267781b42c50ffb278ae2793cb1049d56bc351cd4a7fda05e1c5f7c830e73222d8495b1053f6a69

    • memory/1424-295-0x00000000002D0000-0x00000000002D1000-memory.dmp

      Filesize

      4KB

    • memory/2556-462-0x0000000000100000-0x0000000000101000-memory.dmp

      Filesize

      4KB

    • memory/2576-80-0x00000000007F0000-0x00000000007F1000-memory.dmp

      Filesize

      4KB

    • memory/2904-348-0x0000000000600000-0x0000000000601000-memory.dmp

      Filesize

      4KB

    • memory/2904-391-0x0000000000600000-0x0000000000601000-memory.dmp

      Filesize

      4KB

    • memory/3044-504-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

    • memory/3044-1259-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.