78b6a0f85f50da832c2553284c56c83bd847832d328a311477ebf950596a2431

Analysis

max time kernel
52s
max time network
66s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EpicSetup.exe
Size

1.7MB
MD5

20b4abe9f1a234c3c5cf3e3653c73201
SHA1

acad58367ef24db763b12b6c25ddff951dbbde7b
SHA256

78b6a0f85f50da832c2553284c56c83bd847832d328a311477ebf950596a2431
SHA512

fa4847a5e0642ff4ca4b6abc28f4db8c02c4688e026bbe86b68511b61440dfb81134c645c7ae4e54e946c622dac8cc015fbdd6eb5181143483fb7d52eac72ec3
SSDEEP

24576:UxWdbqh6PI7HcPpexcuRTe1ceNWZtUVyJvRXMaffNIIW/SFvWBwVztcZrng8kny:daECKpWIyxppfBmIOBCCZjg83PGbWZ

Score

8^/10

discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation	EpicUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation	epic.exe

Executes dropped EXE 20 IoCs

pid	Process
3288	EpicUpdate.exe
1472	EpicUpdate.exe
1368	EpicUpdate.exe
2364	EpicUpdate.exe
1692	EpicCrashHandler.exe
3184	EpicUpdate.exe
1044	EpicUpdate.exe
3752	EpicUpdate.exe
4664	EpicUpdate.exe
3544	EpicUpdate.exe
5260	mini_installer.exe
5324	setup.exe
5344	setup.exe
5664	setup.exe
5680	setup.exe
5840	epic.exe
5876	epic.exe
1096	epic.exe
1472	epic.exe
1636	epic.exe

Loads dropped DLL 25 IoCs

pid	Process
3288	EpicUpdate.exe
1472	EpicUpdate.exe
1472	EpicUpdate.exe
1472	EpicUpdate.exe
1472	EpicUpdate.exe
3288	EpicUpdate.exe
1368	EpicUpdate.exe
2364	EpicUpdate.exe
1692	EpicCrashHandler.exe
3184	EpicUpdate.exe
1044	EpicUpdate.exe
3752	EpicUpdate.exe
4664	EpicUpdate.exe
3544	EpicUpdate.exe
3544	EpicUpdate.exe
3752	EpicUpdate.exe
5840	epic.exe
5876	epic.exe
5840	epic.exe
1472	epic.exe
1472	epic.exe
1096	epic.exe
1096	epic.exe
1636	epic.exe
1636	epic.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 26 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}\LocalServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\EpicUpdate.exe\""	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\LocalServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}\InProcServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}\InProcServer32\ThreadingModel = "Both"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\LocalServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\EpicUpdateOnDemand.exe\""	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Application\\120.0.6099.71\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\psuser.dll"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\LocalServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\EpicUpdateOnDemand.exe\""	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\EpicUpdateOnDemand.exe\""	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\EpicUpdateOnDemand.exe\""	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\npEpicUpdate3.dll"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Application\\120.0.6099.71\\notification_helper.exe"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32\ThreadingModel = "Both"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\InprocServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\npEpicUpdate3.dll"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\InprocServer32\ThreadingModel = "Apartment"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\psuser.dll"	EpicUpdate.exe
Key deleted	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\LocalServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32\ThreadingModel = "Apartment"	EpicUpdate.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Epic Privacy Browser Installer = "\"C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\EpicUpdate.exe\" /c"	EpicUpdate.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 10 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicCrashHandler.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	EpicUpdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	epic.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	epic.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\AppName = "EpicUpdate.exe"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}	EpicUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\Policy = "3"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\AppName = "EpicUpdateOnDemand.exe"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13"	EpicUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\Policy = "3"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\CLSID = "{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}"	EpicUpdate.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\Policy = "3"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}	EpicUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy BrowserInstaller.CredentialDialogUser.1.0\CLSID	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{B9A716C1-E2F5-48FC-85B7-418539E0C3D6}\ = "IJobObserver"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\VersionIndependentProgID	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\ChromiumHTM.ZFHNG4QV7X4EJJIHVRSDT42LHA\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\.html\OpenWithProgids\ChromiumHTM.ZFHNG4QV7X4EJJIHVRSDT42LHA	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{0DC85BF4-804A-4DC2-940C-8448ED984CFA}\ProxyStubClsid32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9B8ABA14-0F6A-492C-AB9D-41FA1F7EC450}\ProgID	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\npEpicUpdate3.dll"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\ChromiumHTM.ZFHNG4QV7X4EJJIHVRSDT42LHA\AppUserModelId = "Epic Privacy Browser.ZFHNG4QV7X4EJJIHVRSDT42LHA"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\LocalServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy BrowserInstaller.OnDemandCOMClassUser.1.0	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{AB3B8CD0-9085-4F26-B16B-02571A12A789}\ = "Update3COMClass"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\MIME\Database\Content Type\application/x-vnd.updates.epicbrowser.update3webcontrol.3	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{CCAA4359-A0ED-41B4-96C3-C94FC82C6D5B}	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{49E543C7-D318-4DEC-BE9C-78BD17720DA5}\ProxyStubClsid32\ = "{9BA04732-4369-45EF-9DA1-90561134DE6D}"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{844B7ECF-E784-4A6D-9333-C49E60B62FD4}\ProxyStubClsid32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{01A85EDF-D90E-4476-9D69-A475552D40B9}\ProxyStubClsid32\ = "{9BA04732-4369-45EF-9DA1-90561134DE6D}"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{B7529FF4-2219-47AA-A1BE-9009C5AC8B63}\ = "IGoogleUpdate3WebSecurity"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Browser.OneClickProcessLauncherUser\ = "Epic Privacy Browser.OneClickProcessLauncher"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32\ThreadingModel = "Both"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{BB14760B-E6FA-4A12-80A8-0B4831229E82}\ = "ICurrentState"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\ChromiumHTM.ZFHNG4QV7X4EJJIHVRSDT42LHA\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Application\\epic.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy BrowserInstaller.Update3WebUser.1.0\ = "GoogleUpdate Update3Web"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32\ThreadingModel = "Apartment"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{844B7ECF-E784-4A6D-9333-C49E60B62FD4}\NumMethods\ = "10"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy BrowserInstaller.OnDemandCOMClassUser\ = "Google Update Legacy On Demand"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy Browser.Update3WebControl.3	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\ChromiumHTM.ZFHNG4QV7X4EJJIHVRSDT42LHA\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Application\\epic.exe,0"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}\InProcServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{52A10524-F4C9-4CFA-BA45-69AEA598B830}	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9C3B9AB7-2486-4403-B138-E9ED32DD063C}\VersionIndependentProgID\ = "Epic Privacy BrowserInstaller.Update3WebUser"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Browser.OneClickProcessLauncherUser\CLSID\ = "{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{559A6462-11A5-45EA-A65F-4E330242FB40}\ = "ICoCreateAsync"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{A2AC5671-B45B-4480-ADFB-80B0B006BAFB}\NumMethods\ = "10"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy BrowserInstaller.Update3COMClassUser.1.0\CLSID\ = "{AB3B8CD0-9085-4F26-B16B-02571A12A789}"	EpicUpdate.exe
Key deleted	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{84D964EE-0441-4A42-8146-0699AE05DDC3}\InprocServer32	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{085C3A71-18C5-4FB5-8F2B-62CF7474FFE5}\ = "Epic Privacy Browser.OneClickProcessLauncher"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy Browser.OneClickCtrl.9\CLSID\ = "{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\ChromiumHTM.ZFHNG4QV7X4EJJIHVRSDT42LHA\Application\AppUserModelId = "Epic Privacy Browser.ZFHNG4QV7X4EJJIHVRSDT42LHA"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{82610E6D-11CA-45A9-98B1-D03B9AEDBD13}	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{EFC888E6-F1CB-43C5-8406-2FAC360408A7}\ = "IProgressWndEvents"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\.xht\OpenWithProgids\ChromiumHTM.ZFHNG4QV7X4EJJIHVRSDT42LHA	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{C1DA8992-C0D8-4135-8A1F-982514E03014}\ProxyStubClsid32\ = "{9BA04732-4369-45EF-9DA1-90561134DE6D}"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{0DC85BF4-804A-4DC2-940C-8448ED984CFA}	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy BrowserInstaller.Update3WebUser.1.0\CLSID\ = "{9C3B9AB7-2486-4403-B138-E9ED32DD063C}"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy BrowserInstaller.CredentialDialogUser.1.0\CLSID\ = "{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy BrowserInstaller.CredentialDialogUser\CLSID\ = "{D9A13C52-6B85-4E00-B98A-DF25F77CBBEA}"	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy BrowserInstaller.CredentialDialogUser\CurVer\ = "Epic Privacy BrowserInstaller.CredentialDialogUser.1.0"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\ChromiumHTM.ZFHNG4QV7X4EJJIHVRSDT42LHA\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\.htm\OpenWithProgids\ChromiumHTM.ZFHNG4QV7X4EJJIHVRSDT42LHA	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{82610E6D-11CA-45A9-98B1-D03B9AEDBD13}\InprocHandler32\ = "C:\\Users\\Admin\\AppData\\Local\\Epic Privacy Browser\\Installer\\1.3.29.13\\psuser.dll"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{BB14760B-E6FA-4A12-80A8-0B4831229E82}	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\.xhtml	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{9BA04732-4369-45EF-9DA1-90561134DE6D}\InProcServer32\ThreadingModel = "Both"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy Browser.OneClickCtrl.9	EpicUpdate.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{C5135FC3-396E-4AFB-974F-D7A91D15CCCA}\ProgID\ = "Epic Privacy Browser.OneClickCtrl.9"	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{F86DEB4A-8D78-4C57-8872-D2730ED051EF}\InprocServer32	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\.shtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\Interface\{B7529FF4-2219-47AA-A1BE-9009C5AC8B63}	EpicUpdate.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Epic Privacy BrowserInstaller.OnDemandCOMClassUser\CLSID	EpicUpdate.exe
Key deleted	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\WOW6432Node\CLSID\{82610E6D-11CA-45A9-98B1-D03B9AEDBD13}	EpicUpdate.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3288	EpicUpdate.exe
3288	EpicUpdate.exe
4664	EpicUpdate.exe
4664	EpicUpdate.exe
4664	EpicUpdate.exe
4664	EpicUpdate.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3288	EpicUpdate.exe
Token: 33	1368	EpicUpdate.exe
Token: SeIncBasePriorityPrivilege	1368	EpicUpdate.exe
Token: SeDebugPrivilege	4664	EpicUpdate.exe
Token: 33	5260	mini_installer.exe
Token: SeIncBasePriorityPrivilege	5260	mini_installer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5840	epic.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 3288	1644	EpicSetup.exe	95
PID 1644 wrote to memory of 3288	1644	EpicSetup.exe	95
PID 1644 wrote to memory of 3288	1644	EpicSetup.exe	95
PID 3288 wrote to memory of 1472	3288	EpicUpdate.exe	98
PID 3288 wrote to memory of 1472	3288	EpicUpdate.exe	98
PID 3288 wrote to memory of 1472	3288	EpicUpdate.exe	98
PID 3288 wrote to memory of 1368	3288	EpicUpdate.exe	100
PID 3288 wrote to memory of 1368	3288	EpicUpdate.exe	100
PID 3288 wrote to memory of 1368	3288	EpicUpdate.exe	100
PID 1368 wrote to memory of 2364	1368	EpicUpdate.exe	101
PID 1368 wrote to memory of 2364	1368	EpicUpdate.exe	101
PID 1368 wrote to memory of 2364	1368	EpicUpdate.exe	101
PID 1368 wrote to memory of 1692	1368	EpicUpdate.exe	102
PID 1368 wrote to memory of 1692	1368	EpicUpdate.exe	102
PID 1368 wrote to memory of 1692	1368	EpicUpdate.exe	102
PID 1368 wrote to memory of 3184	1368	EpicUpdate.exe	103
PID 1368 wrote to memory of 3184	1368	EpicUpdate.exe	103
PID 1368 wrote to memory of 3184	1368	EpicUpdate.exe	103
PID 3288 wrote to memory of 1044	3288	EpicUpdate.exe	105
PID 3288 wrote to memory of 1044	3288	EpicUpdate.exe	105
PID 3288 wrote to memory of 1044	3288	EpicUpdate.exe	105
PID 3288 wrote to memory of 3752	3288	EpicUpdate.exe	106
PID 3288 wrote to memory of 3752	3288	EpicUpdate.exe	106
PID 3288 wrote to memory of 3752	3288	EpicUpdate.exe	106
PID 3184 wrote to memory of 4664	3184	EpicUpdate.exe	107
PID 3184 wrote to memory of 4664	3184	EpicUpdate.exe	107
PID 3184 wrote to memory of 4664	3184	EpicUpdate.exe	107
PID 3544 wrote to memory of 5260	3544	EpicUpdate.exe	119
PID 3544 wrote to memory of 5260	3544	EpicUpdate.exe	119
PID 3544 wrote to memory of 5260	3544	EpicUpdate.exe	119
PID 5260 wrote to memory of 5324	5260	mini_installer.exe	120
PID 5260 wrote to memory of 5324	5260	mini_installer.exe	120
PID 5260 wrote to memory of 5324	5260	mini_installer.exe	120
PID 5324 wrote to memory of 5344	5324	setup.exe	121
PID 5324 wrote to memory of 5344	5324	setup.exe	121
PID 5324 wrote to memory of 5344	5324	setup.exe	121
PID 5324 wrote to memory of 5664	5324	setup.exe	124
PID 5324 wrote to memory of 5664	5324	setup.exe	124
PID 5324 wrote to memory of 5664	5324	setup.exe	124
PID 5664 wrote to memory of 5680	5664	setup.exe	125
PID 5664 wrote to memory of 5680	5664	setup.exe	125
PID 5664 wrote to memory of 5680	5664	setup.exe	125
PID 5324 wrote to memory of 5840	5324	setup.exe	128
PID 5324 wrote to memory of 5840	5324	setup.exe	128
PID 5324 wrote to memory of 5840	5324	setup.exe	128
PID 5840 wrote to memory of 5876	5840	epic.exe	129
PID 5840 wrote to memory of 5876	5840	epic.exe	129
PID 5840 wrote to memory of 5876	5840	epic.exe	129
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130
PID 5840 wrote to memory of 1096	5840	epic.exe	130

C:\Users\Admin\AppData\Local\Temp\EpicSetup.exe
"C:\Users\Admin\AppData\Local\Temp\EpicSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\EpicUpdate.exe
  C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\EpicUpdate.exe /installsource taggedmi /install "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Registers COM server for autorun
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3288
- - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /regserver
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Registers COM server for autorun
    - Checks whether UAC is enabled
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:1472
- - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1368
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /cr
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      PID:2364
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicCrashHandler.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\1.3.29.13\EpicCrashHandler.exe" /crashhandler
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      PID:1692
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ua /installsource core
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Suspicious use of WriteProcessMemory
      PID:3184
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /uninstall
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4664
- - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMjkuMTMiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7Q0ExNEZDNTctQ0M2My00NkJCLTlCMjEtNzBBRkMyODY4MzZBfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHRlc3Rzb3VyY2U9ImF1dG8iIHJlcXVlc3RpZD0iezA1RjAyQTI3LThFREItNDgxNS04ODE1LTZEMThFNTNBRTA2QX0iPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjIiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9IntCODUyRTdCMS05MDhBLTQ4RUYtOTU3Ni1DQkUyMzY1NEQ5MDd9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMjkuMTMiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjwvYXBwPjwvcmVxdWVzdD4
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    PID:1044
- - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /handoff "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en" /installsource taggedmi /sessionid "{CA14FC57-CC63-46BB-9B21-70AFC286836A}"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    PID:3752

C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
"C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" -Embedding
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\mini_installer.exe
  "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\mini_installer.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:5260
- - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\CR_50D4C.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\CR_50D4C.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\CR_50D4C.tmp\CHROME.PACKED.7Z"
    3⤵
    - Executes dropped EXE
    - Registers COM server for autorun
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:5324
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\CR_50D4C.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\CR_50D4C.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x310,0x314,0x318,0x2ec,0x31c,0xecfc40,0xecfc50,0xecfc5c
      4⤵
      Executes dropped EXE
      PID:5344
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\CR_50D4C.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\CR_50D4C.tmp\setup.exe" --verbose-logging --create-shortcuts=0 --install-level=0
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:5664
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\CR_50D4C.tmp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\CR_50D4C.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x310,0x314,0x318,0x2ec,0x31c,0xecfc40,0xecfc50,0xecfc5c
        5⤵
        Executes dropped EXE
        
        PID:5680
  - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
      "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --from-installer
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Enumerates system info in registry
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:5840
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=Epic --annotation=ver=120.0.6099.71 --initial-client-data=0x13c,0x140,0x144,0x118,0x148,0x71c8dcd8,0x71c8dce8,0x71c8dcf4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:2
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=2056 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=2356 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3356 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:1
        5⤵
        
        PID:32
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3376 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:1
        5⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3704 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:1
        5⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3684 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:1
        5⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --event-path-policy=0 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3728 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:1
        5⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5456 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5452 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5712 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:5440
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5884 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5932 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5916 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6128 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6112 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=5956 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6120 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6832 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6852 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6872 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe
        
        "C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --mojo-platform-channel-handle=6884 --field-trial-handle=1860,i,8875724202400924473,5373085596728853265,131072 /prefetch:8
        5⤵
        
        PID:6664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3992 --field-trial-handle=2228,i,17475224967547320003,13667387715861799238,262144 --variations-seed-version /prefetch:8
1⤵
PID:5728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Epic Privacy Browser\Installer\Log\EpicUpdate.log

Filesize
127KB

MD5
c14342c0c44d870bcfd8d3250c1c2fc5

SHA1
722443ee74953faebd49990110cdd8efdd1d45ed

SHA256
c07a6d72cd31a2008d571493cec60268f3a20b2edd952ab259988c6b78450538

SHA512
7e39905e7d0447cd754b88f574e0c7508ecf2d9f57cbc96cfa32a53bca4ff542080a7d3d58588af5dd6ae8a10b18deffa929493d136d12a403fb528a548f34ff

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\Application\SetupMetrics\20240408143923.pma

Filesize
2KB

MD5
4490c9a8917fee42f98202ca434bac10

SHA1
bd946aecb3118db1b6944dfc7a277fbee8975452

SHA256
d9ef101ea781f9a9de5390c975aa40fb490fadf43747c241b98034ee645964f9

SHA512
590f07c61d15f8da8aa9040683803451ae61e783337054417ce9361e2091e0364b15f5ed7385c46403dea01231642f2ae04ba2370a7b8b5798b53e40e20664f3

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\Installer\Install\{6D1C08FB-27A9-4A4D-98DE-291F89DAF619}\mini_installer.exe

Filesize
123.5MB

MD5
40bdb0d644d15cdf3fd5a7b66fc3b666

SHA1
8cf0a0211d73cb591039e269df686deccb071111

SHA256
19b23e793e11c4fdb9952712a032592055082b1f02792665a93a961ad292732e

SHA512
9a3b778ad99c48ef2423aec60ac01ee1b98d4905e83f8df5bf8722ee8c98886fb028ff64c80286cc798a724e027e929706390f8d94accc46c815b775c6fff537

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Crashpad\settings.dat

Filesize
40B

MD5
17c27c1df64449b2505c69aad3f96f8c

SHA1
fdb24b6c09737b1b4d804ca12eca5adbbf2aa88c

SHA256
f866199915034a9a4ef58fa44fbcd62d8f32c43502e82f665c8199ce30859d06

SHA512
29d73e1c3acb10a4bb31ab7c979aec8f21be03ca979b75f62db5606b6f3441525f461a02e634cc098540e23f597f088d0b17aa47599c3013da148dd78d421e4f

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
c2e13a782ab30e1efbbf7151174d43d4

SHA1
aed3ab79616cb0302b8d29f6fc5b2401629d7ad0

SHA256
ef783cf1e5f1bda915d8dd8991a97d0876f7f211388895130f3d9738b3dfec2e

SHA512
2a71af45b993c3cce4b24c504d47381b2c41813093ceb5d2bb946750796c81619d1aae3c91fddebfd7d66a415f62863fc27daf2e4b172f73b663d8d970734013

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
df2c421446dd139c48acfe156a7c3cfa

SHA1
ed338316bc6d99d955c3a262c01e0240e02c3b87

SHA256
f39bac605fe60d8e72c163073612ed2cf4837c19dc17bed931181ce026e7e16f

SHA512
5aa07acc52409c7c09a86e606c4a165db0ac5609fb2e973f8c1c3e9266b9143c8bc780d8d05940da4c92f09315c0c179776910613fddaed7b4c8297bb4fad3e1

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Code Cache\wasm\index-dir\temp-index

Filesize
48B

MD5
388dc528dcf40f55a979045669eac992

SHA1
a92a0f28b46f246348a82f1917f4eb3697f25313

SHA256
8ff7668b4c7e7d0bbe4ff89441bd8382376608f4243cc99906e84cd68c675092

SHA512
8a0390acdddcba5df09736cf6c1b35e442eac536da30b39ccb9773623a9eba9c754f980b8d45f16e60a0684281e7e6edbd556d9d9bc02818a0fb93cbb6eff64c

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Epic Privacy Browser\User Data\Default\fb011a37-3409-43ce-a979-48de324a0790.tmp

Filesize
211KB

MD5
847881642c356fe9b957f529d031bbd7

SHA1
cde3f2af0cc9ecb436aa51f73b22e2eb68e1582e

SHA256
a081a765af53ea089bb7dfe5f46ff07e93b4f0cec94bd5bd1ba5f2f22f56634a

SHA512
7ba6fd4da828f73ba64e626f6f98074ef90b6676b970770e18a18a4932ae47f97e9dec816daf2b66182f40dded5631e158a75ba169eb0551ba76ab2b34e90c25

Download Submit
C:\Users\Admin\AppData\Local\Temp\4013f7bc-5b75-4edb-8635-9644a1ecd442.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\EpicUpdate.exe

Filesize
497KB

MD5
97dc047b7ed9c22fc6cc04e015ad26f3

SHA1
bd1af01548fb5608a7ce494cb7ed4f030b872337

SHA256
b04266ca05e8125a1544e68c8852f7d44dde9c7e4f3b08a0383c0bf4ab6cfd2d

SHA512
ba7b7223e8930415373bafe5b8f6bb30ac904bbbb8f9a145b41ac7bb741ad06cf28d57328ed8e89fc9bde3975dcf47f956af8df7b65e7be8359e5957ffff52c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\EpicUpdateHelper.msi

Filesize
40KB

MD5
c8f6a0a4a113c0b698a6ba6a4d82d7bc

SHA1
08c823d01961320f8429b338f835d6f8ff5db023

SHA256
e908d7d23aa40f74068f97c90b9acc1e103706425a7ffc2046fcba5e45b1d910

SHA512
ffcd47711a795a6e379fbf1e49441b26659fcd4ad79610e127edf1fb2f76c361406f483142e21311b16f3d3127109884fcde77a54cd3fce6f549ba81a7781aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdate.dll

Filesize
4.5MB

MD5
be1251e33e310931312839e7e92d5428

SHA1
ae5fa300f2346379390e86c1bc9dd5241e6096b5

SHA256
df801078e2512a40b32bdd801e771ad94ed9620b7be9e8146dbfbf08e6043281

SHA512
6dcc6c1df52c91ffb7a1a2eb340f58b9c6c617e43e6046d0aac13571f9854edc3f06cb5472e89447174fe7ba455c7552ba354ddc4d1e7d2c518b94de41b1dac2

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_am.dll

Filesize
23KB

MD5
d88c63b686242cc71ffe7527e6bfc387

SHA1
d684c14aea47bd05bdf6b97ad2d83661bfd12da5

SHA256
1cc7bb6883bcbd0bfe08faba1bbae512fb5f9d8aacce1a80ee55955760e9f0c7

SHA512
f708e7c0e3fe655367306a0c3b91d6ee9ff5e80bc30c069c1d1969b7f46d00b46bac964a3b01b7f03b8a6c110521764e1e78f158b1c8d754520712f7188f9e45

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_ar.dll

Filesize
24KB

MD5
de553ee3dac04b2a52e5b8317dbe3922

SHA1
2e98677a966e260738bc5a29c5019a1efc055c92

SHA256
65e2f79b249b2944a8f81980486574b15deff2db43ed61e5cf8edbb32959d242

SHA512
7f96853ee6cefb46c6ef58b9ca3bf0d4e94ec1e32b8a58a7f7aad52f1f16f4216946b045c191316779c170d72e28b7c8714d41cb90200b6dc5f8655ebcc939cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_bg.dll

Filesize
28KB

MD5
81b8726d6f13c61d76f61f408f6387ad

SHA1
216791ae4cd983a22852f4056305ed60ae99591d

SHA256
fac78816992737c04db4c0ff5e2e872b36cbba33a5e881fec4e917595b624919

SHA512
70d1b2fa2580e43db78ab5040712b8e1f1bd0d72026546101d04689e2521b127280211b95dac4c4fd365ce9de17e1fc0710f2a3c1829319ad24aeeef79c5df11

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_bn.dll

Filesize
27KB

MD5
d57a370b804835a938258ed7859742bc

SHA1
dc75eb12bff887f43df461b04a4b2aae8a30c5a9

SHA256
ab965667ac81a9f405f9088c6a34e05c9f75fbb086dd721208983d543c48ddf9

SHA512
daa7df808c1282c7d199e1d15ee55168cf353465ae2d4f0122a70f988408d390d24ae1dc7f66e71ba9eda48c35761e852e349f806a15ed32486e16f034126afd

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_ca.dll

Filesize
27KB

MD5
96a28b5d2f3bfb0787959491688e530c

SHA1
e02aa14bcb527802e025c0eb3a577950fd5900ab

SHA256
d56a28be1253366645a16345175a09a63094785e3a88cb9d0b3fd2380bfbcd6c

SHA512
8fcf08f65ed0141a9b4344e1382bd3aeb8894a0984539165318c701c9f2e5958721d99d7b63c309c9c996d3574f82a2ecf001e19e5c2c4cc681044b1257446bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_cs.dll

Filesize
26KB

MD5
e18d69356cf35dfd4e8351c730eab4ee

SHA1
f3b0227bf77776012d3d06c17d1a9a1bba4ddf85

SHA256
08a1833bcf351a9a8e830c606dd11abd765c33b424a77da1a24678f7b3366975

SHA512
54505db74d1e106e67d8b165421e91f8d29c563e9b8decc97a870532305c5a380b0b2e5d3810d11f58ba272e7c7d7a0733846d7b662a83ae504d7675da36b67c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_da.dll

Filesize
27KB

MD5
04d97fd41c84c1a976d1e53720bc2202

SHA1
526a06cb86d4cdd1b41e53a0d1f0a7b5d08d4332

SHA256
025b963e649bb16927b05161af59dbfed383ed5e6b70a9ca10a010d50760b2c4

SHA512
b437730b7303ef285c12d83f6a5d3c2b30c56455c4e26c8d32a4e9d8a42d5221736473ed7442c657dc7f6e021407f835e5b225c9b89823cbebec010b1503dfed

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_de.dll

Filesize
29KB

MD5
a9417a072b34c3f41ca98e5ef43ef1b7

SHA1
9669568a3f3e9082d0a95f3b6cecfb1fc55d378e

SHA256
8fe982e9c8fc1b4ed1795f47de27fbfa7ea2c4c18295077027954309e164bf37

SHA512
c496774c0de81cf2c50d111d8c9efda6cfc631643895182891598723bf84427c6b97d4836feb82ff6d9644c70d4c7dbbcd5479568ba5e1dbbc3a34833ba01a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_el.dll

Filesize
29KB

MD5
665a16ab999fe7b97286ae2f988e3eab

SHA1
c6962cc98464d0dd64f92065af4e0818d5b38616

SHA256
d0811d10ca70a3f1aefbe224e89b3094a66c77d675c7b227b05eb61a9d0b9312

SHA512
bc3528fb599a237c7dbcf3857f72a77786dc31c5ec1766e955cd1ed3b52c1831e420e19aa33cdb461fdc5370d3910081ae454f29adf915e1c57c68b9fae6403c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_en-GB.dll

Filesize
26KB

MD5
0326479ee247f6c643833ed7858da929

SHA1
e3973d7fb630ed958739f2afc1099ced7acaa890

SHA256
6fd1413a1eee2e8181df176388c0fede5c58f473e4637c6e845b45348d2377f0

SHA512
aedcac771168ffba3a46d88a75c067a727001e34cabc311b31fb5c3eb51be56d1aa09b6f791cf052033f0793825538c9271283b276634c2ce1a518b11143b83f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_en.dll

Filesize
25KB

MD5
2e874d98fcb41d049bf76f74e5f693ce

SHA1
cdcd777c6183ddce332b69a0bdb18eecc4e8cbd5

SHA256
24b5bc550660b94986621d3f841838d9b832a1019039de4d568ea7d8a8445eb2

SHA512
87a2a5c39cf2cf1bd8951032074434ca922077151822ef3f4267781b42c50ffb278ae2793cb1049d56bc351cd4a7fda05e1c5f7c830e73222d8495b1053f6a69

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_es-419.dll

Filesize
27KB

MD5
737467326da390e801c46afa27bdf222

SHA1
e26a20456b5989761f4b007bf7f69fe38cd4c13e

SHA256
7e9041bc445a7bc64e7842c827e8206bec5d2de30b48382c808d1045521a2efb

SHA512
009fa89d01dbd498ef4f5026119f4d36110d2f88fe3ffa96d5326e2236fd363fd5e4ea6f0c54a0e869e055429fb5729737d938058173c8a3d285d79d890a89e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_es.dll

Filesize
29KB

MD5
218bead93fe588064ce4ae59bb394f50

SHA1
d2d2f1450178725d6c6d78c81031f91a1987f48c

SHA256
4ccb12c38399b3d31484de4ac046cbe7216b46ef8b0d102a6d488a62ba827f7f

SHA512
227cc018faeebb1abf7426bf306f9d2ca48c11d349d01111af315eb1a02b27298bf52736848855ef90e4ec3b4c148894eb53e9663912ae37fa30d9eaba3b1125

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_et.dll

Filesize
26KB

MD5
6c943af4ebf403d95e7a6542a49d6dbc

SHA1
7acfc23ed5207b3a3910baeeb68af7d9efc89579

SHA256
c2463a6eee0caf3a9ce4aa91d234bc3633d8be4229ddea7fcdf41d1c515d376b

SHA512
e6a3dc76f45b5c541e9ae74a6562a2addc85146c3dbad0ef5bde2e0ad6338867586bdf4dea79488fad3ec1b53e934a0354a8a7a0ce767e783af21ca372f508d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_fa.dll

Filesize
25KB

MD5
a047b4703e5e72411fa453bd05f76311

SHA1
61a3e70dff8628ba5ce206ffef431d6376c85287

SHA256
d043d936ea3805d5111ec803e12b2c8ce50c551526028713b4445c3584c997f0

SHA512
985ed14af7c032a164dfe0e3542538756983eface5ce767be371c193366c209ae1f1fd3c529a886638a34bfc4281bf6b02ed4c9f1fd05339cbcdce0a09dd8b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_fi.dll

Filesize
27KB

MD5
86c1e08adbfb154f51415789005f6123

SHA1
4bc5cafc6295a34524d32a23cfc27a0e0f81fd11

SHA256
7f5a0c886ccc6b9decbb77c99a146cb355754337eec837b7fda051c873da3d68

SHA512
619b1ce34fda5c67a874bd0be7e5cd34f4a3361335cc90c765ee7bf09ccf47a15448497d1c83728fe7949e8e40a53c0361c84877a3ffeb0a130e3891a445ce2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_fil.dll

Filesize
28KB

MD5
ddd37d2387261378a213b3ef2c21314e

SHA1
f4d85efcc2720bb7b65b0d50b1e8d20e5c28bf00

SHA256
a464f40505d2ef5fb558050e225ae8de6a7355d677a29dc3eb941c3fb66e18ca

SHA512
b97fdf1abb3c16ec86e51b33b24faf267cce84cdc3c53a38b668e83382114e947ed6e2806c7717e41e92c8a1763b58960c58c0d3a5fd644aeb5941eff89acee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_fr.dll

Filesize
28KB

MD5
bb6dcbee3a39fd54c3f357fe022fbc4d

SHA1
1604459acb7fd71542d1138828c7e2d1016a1ab6

SHA256
32208618047b53eee1b235de2c82abdaf006ffa59e91c238cb75eaac30cbd166

SHA512
c192ef041bae2369dc249a98791782176f81d0d174dcf82632594f939d1ab01bdb0e0681277d2fd315d8743abff59464ad9f6e092a5f2803832a0bd5197fe9c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_gu.dll

Filesize
27KB

MD5
704dfd5af3aa897887feb87aa48e8318

SHA1
c125e771d60ac73ea6fa0f6959112f3cf131a2fc

SHA256
7fd17ba7a0c0baadfa2a0ca96b4d2f31dedc6b347dff41582b1e6637408fd4c3

SHA512
92417dcb1ca9c5054e8d820ddcf541658006fd2214ae834ffaeb7a82112810ebfac2afa8324d0b5767d1e14e8e3216ef2d5c049c9a8c659ebdc9e05b8155d2b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_hi.dll

Filesize
27KB

MD5
0a47b1ef806c7880c645bd20b416055c

SHA1
f954be7b1f33af37ff3de4e1ea2483b71908bced

SHA256
757dd37980010c2e7da78b6f69e9a087ede1ad87a3c4d918e58d33932d525ef2

SHA512
8a6ff6b943d2730a0dac4ee873a5b0d3355b82ae5f85470d0d8130519f1efc2a2de19401096bc7d545938d9c32cd2253ef6bfa24a2aa54408a093ad21adeffd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_hr.dll

Filesize
27KB

MD5
7dc48e2f1281d500eb74af4717389681

SHA1
bad753522a3dc76e4fbc8050b8d871b4bf8bd0d5

SHA256
d101854d9671ca7871f5b35ccbd672c2d0a754d566ed0540cec493d6b38f22d1

SHA512
ea4ef260922a1b71f895623b830f7952906136b41887b325a8b590f6d75a6d8edafcb1da85b28c0dcbc2981e68d47deae17e0f478debda9e174427fe582130e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_hu.dll

Filesize
27KB

MD5
d61c4882cdceff3da989c403fb43d89f

SHA1
db2339b8f0c5db84e59f139bfbf1fcd4687a4cb3

SHA256
b3d70dc9d90317e413f4d9e3bdfe3dbabb59ac4d49a671726d770aad70f7e255

SHA512
3aea1526fdcf621aac38db213f776a28c0f82b8e0c2795901ca17a86cf8d3796cec937821e8ddd2eaae3ebbe251fab032cab4b466f1431d54097a6b7a80389f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_id.dll

Filesize
26KB

MD5
d33c46a32430646966013db736a54a54

SHA1
9564b827d3b5a426499641d844ac611d19f85a91

SHA256
9fc4ddc3a79d558111b6c6786572d6d1456905743d23811a713b676f2adc6aa9

SHA512
19b5946f15da8bae96f499df8f14cf7f4a0e69717b97f21393b7e3cb00d40256e583e506d154109888a193fe215310f09c7a4e0eb0795e1f4bc3b8880d3872bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_is.dll

Filesize
26KB

MD5
c2881f5e67dd3978567fbda4a007eef7

SHA1
32281d03b79449b0fc96b6191ed23749c71fc10a

SHA256
e536892e77d123bd31fcfed7e387b3f03bb0aa7a4c5a20676414efe467d4e8e4

SHA512
8dbad99967fe4d309a37d3b259c7ce6ce3d36618d3673cd86c0efae5e4e84b5d82cd477e3f7843810d3c034799412455755adc09f617f4dd84e238bf16858f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_it.dll

Filesize
28KB

MD5
7c8e9dec722a5c374193772d1030cca7

SHA1
901f5cfcf275ceb3c7ef6d4dbc6d959cb05548a6

SHA256
4004b81177aa7c1421f14acbe76683d72b9f2df2cbe54f59bdae2ff263ecf2ba

SHA512
fc570b941823618272c843f43f365a2c386130874798e420bbb61578387e7d3979ca6b536cbce42c24042e90655bc711b087757bcc7d6aafaff014376f472dfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_iw.dll

Filesize
24KB

MD5
0a3a248253c7a9f8532e25b5c4736a52

SHA1
26ff1accd9f5bad304717b90f986da666e9eef75

SHA256
6ab18120723bd8fbb204962026bcea1b23c2bf488a24180b5839243375709fb0

SHA512
39b3ce881b8ea81e512ed963c249e241237085d36d3b9c230ac08ea61c1e8e1365d534983c88a7673fa3d188006b0ad788579c844b800aacf50f5947291f9e36

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_ja.dll

Filesize
22KB

MD5
5a2e260a1dada2211820fc10eb1823dc

SHA1
2506a78c30aa296681a170704b258d3ddff52d2d

SHA256
f4d2f3f5cfad7e15ce51a1a597672fc959562decd1d4cac91d4cbdaf40b74b60

SHA512
43c7126cd6e436346fac37b4e7ca2fc8b8be8d1c4b01f5df0720b849af2cfe5721f5d1a5c1aad9232b51ab41542b1c9d1fec04fa768a7aed6dd115205497cecc

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_kn.dll

Filesize
27KB

MD5
45f3ce2166d548f70336ec57471f5a7a

SHA1
f1168a4a8c33d134e62edc829a127b23e67e288c

SHA256
71bf3a4647d5e194c12af1c34b997373d3730c7dc75a9f540cfaa398a9c88d33

SHA512
75afe201bce2f3242ccd90597e5c874c3880b3dd67d4183d3b0e6f71fc7d1b8cf72912a87d056555fb3f9d6ecd7196db3dd9a93062999788081ac305797b70c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_ko.dll

Filesize
22KB

MD5
92fab51f986d8240771fd9fa66b6c71f

SHA1
38a0eea63cd18847cd7fb27601e4306411b3389b

SHA256
1fb69e9e1b6ea7ced41701057e9eefe25f80fb4c1b71828fcd6868b82a4615f7

SHA512
44a415d88d5c9f2c11abfccaaf7fcdf4965b959e6f0856834e8535a0158b8735249548b550037a5bdd836526dcab556192218ffd0d0872fbe884cb168fe9756b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_lt.dll

Filesize
26KB

MD5
b20685f9d9c766c4a64cccad1ddb4c3b

SHA1
08dd00860753e2a7ae8e9a0d86ad7c3293088d40

SHA256
af7d1ac7df40689b4b7e4084ab7cc0c75d11e37aa4b070dca8c3744930a7286a

SHA512
c0e74ecf4174e4eee9953110fcefbee3a78d8863a890db005466ffd81a1bb00c9b1a1bb8a2936b58f9f3e69264bb6080f262623e543625513cee306d1067d4ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_lv.dll

Filesize
28KB

MD5
42f15afedfbcad904a8e99681a2edc27

SHA1
879a350fbec08c3df97f59cac24033f38bb4fbc6

SHA256
5e7e3e37a1338454ca3fb7d1957a7c4336584eebbe41eb0d09776dd6da2884c1

SHA512
fd60dba6642842a70d1dd250452175ea4412749387f7df90a8d4af1707c1980820e40599f0888be181ee92a4a809a783e106e629bd9844198d7d1946c6d5f9a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_ml.dll

Filesize
29KB

MD5
6de81e001d5e656946eb33298d671c45

SHA1
81590e474e6f814f86883482be46d3890a7c6a95

SHA256
56e27538bdf50437d7f1effe50453921db0c07f73411aa458ff34200dbe5080f

SHA512
62752549f199c04332f7204ebe3c9b87428b9fd0af0ba1082afc71d6e38cb44a76863095df5d7095eefee64863c451475167c0e97afcab053cb06482973f1021

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_mr.dll

Filesize
27KB

MD5
eee8a71d42faec3a3c94dc9118b91680

SHA1
0a69231ef3f0bf86e7ff4c918bb427d22ffd24a0

SHA256
7afa7bff28befd7fd40ef9f76dacc19013913b11256378fdad8742aea46b37a9

SHA512
20555bc2ba3094d87c2ce231e28728b011dbbae636deaa7229d0cbafdc6531bb5df1f9f52b30fda2f2213ddf19148017330c7559779c77b3a62c8f4f48d5bcbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_ms.dll

Filesize
26KB

MD5
2ca2228a1f9aa239a0d4ddad8252996f

SHA1
7917c8bbbd07ef4d244676669a88762749b54673

SHA256
e45f0700048e3255f4056bb09033e187ce2ca69e64f5bbc1f50c8ad3c8b07adb

SHA512
79692e3cc5a765d6e92a111717b2b07bdab9fc25f975b97b00434fb7d801a1bce0876b170d9fab92943ccc6e1cfce984b4d850dfd5dfdf9902ee6d3107ad820c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_nl.dll

Filesize
28KB

MD5
f45b90c6489b3f3cc1202fae9620893b

SHA1
5dda75a13dc6f24d914cb741c9d48e8e60128021

SHA256
ee784713a2dff6f4fefc930746e7b61e05f60630de55b86560df8ce72b5f6b8d

SHA512
65dc4da4a306f8092fd3e6e20fdde202bcd614d12208b26f6e53a9ad7304f8c3cc616de791b8da95c29799ded312d13cb6d82f836a8abab21532939fb6c6055d

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_no.dll

Filesize
27KB

MD5
2584b43fcb8e6bef536e370e81d304c5

SHA1
4e2c43ee3c5a63313b481b2d57d2185aed42717c

SHA256
f39f172221fc8aa910bb359c3bb0a3a62f9f0feee1cff5245bafa21d10c1303f

SHA512
fffe2d48d7498ac53bedb293b3040b3b1bce7b26573d341b06764dee3e5607f58f8fe58df72ab9d3e3a5e726b93844548dbe6cbef49820e99287516cababfcef

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_pl.dll

Filesize
28KB

MD5
dce7239d44a7d5656a38eae49bedbedd

SHA1
9730ab9a4b5d734020e0d06ed07daf595454f32b

SHA256
e42937c5fb812227104a27d4c08fd9f8966dff2a72db2abb3a4907e0945f8e60

SHA512
9430857b50db9b321593dbbfa493f67151f244d229259601c5da6f4975b655a557eb492fddf80ce35f9d82405354f42759768ab94c7de84c4bf1162efdf5207f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_pt-BR.dll

Filesize
27KB

MD5
3936da5d7f6576d551e817024fa54c5b

SHA1
cb26558ef379bffb2626ad52c6ac4be1a878730a

SHA256
d2b2720458884071adee98c7027925f0eeaa512239da212283d75d2f608b2b3b

SHA512
28cd341229f52ce0b37fbced7fde25e308da9adce4cebef8ebcef7a76109a2b93adaf0eaf47df25f733010dc7beb8f049c70bf8fe508f3611854490d34661805

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_pt-PT.dll

Filesize
27KB

MD5
41615489699e6550fa0df0bbf4ec1866

SHA1
a22f878abe1a534e5bc6eee230e78d7a9457c7d2

SHA256
0bd431834964ae5e85b005b4b77e98167bc74af3edcf10d4a31ff60fa4504a3c

SHA512
0e65203c5bf31170197c7414a7ff9f05ef4a1b53a37199fba7b08b1268ff77c76226be39864617d408ceda7bab173d29e4464417d6cc06ca458a17279baa0035

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_ro.dll

Filesize
28KB

MD5
ca36229ecda98c7c306444b6828008f5

SHA1
8d08861b2b8970177238db0f463cace059cf81dc

SHA256
9956c1624c66bf371f3d56dcd41589b078803adfb561c5461c8cac3e4cc50f1b

SHA512
1221a1b4b89fc8d697ed6e1d6babc56186f908838ef244c1a28352a85bf8b735c49265dea4029d12022e31d74123768e53fa54f8d09707c87ac4bd2cf53f8bd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_ru.dll

Filesize
26KB

MD5
01145b5ad8590e8375edb0cf966c6e1c

SHA1
b1a550774ea0f20b60c20f2289c8497d42135500

SHA256
a447182c8c48212ef844efe205049fb619908de6d36739f12f4633e50b33def8

SHA512
d099dfbd72d512b611163cb1776601fc23b85c9441d9621cf56e72f8476c0b873ccec6daee62505180d4f41eabe786e8ed270b032d18056548f7ecae7fa9c566

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_sk.dll

Filesize
27KB

MD5
099bf80f276225c4bd61979b6fb53f61

SHA1
4c5506aa213184c4b90eb5d9c5a2700a645c0d2d

SHA256
8e530aa8f8921b7720a683cb0d55ac282e7ffac1e62af8bc0cbb6d52054a0da3

SHA512
46b8bd7952ad37687927fb8174a2e787f678b7b37f80a5135abab32027b7242a129dbace9136de5d1bbb45ee1ff89f9de48837136fa3eb9b39544a4b6f24d2a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_sl.dll

Filesize
27KB

MD5
4bb0ec0ac8757fff5163458a68765319

SHA1
da09de35fe17412d83f4947b063635a589095ace

SHA256
90854b840570e5c809679283f7d9fa1cbcefec645ad5c1f3e61a4df8018c4902

SHA512
7b427158b6223fdf368993a71d89571112b4d3e38ca98e45f2b0c99ae68521d41cfccf0898818057d78fb0082d029f9b4804e4ee44927340b04be78ff9bf8b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_sr.dll

Filesize
27KB

MD5
be3a5f14fcf91c43abd0a20e838aebd0

SHA1
c513f3a2ceeaab2874768471db8692aa8c4cc7b6

SHA256
51f58cb454a5c78341aaa4f0466e450c82f22a0000d32233263752f40f20b876

SHA512
21a4deea039d884bf0ae3e032182bda91671226e9946704472ebf6d19a92e2d506d4720075a8110a0d81f8f3e15d30f4a9535b690643f62611f5fd91cb18aa55

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_sv.dll

Filesize
27KB

MD5
4f09141c88a23dab8fd840fabf06e191

SHA1
8590fd88fd5e7aca276a50c09f90f0125e935c01

SHA256
f90964febd0305f8052bf605a6ad8a8f9c6f33a1e89497fececcd912bfa76416

SHA512
e69c8b0d7a45bb389bc1de639a51ef1c8bb8ceb04593f0faf991ade220795427e3a9ae3afcf7ce8ebb173963d9773e44f2b235c8a284bfe91a921dd956e29462

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_sw.dll

Filesize
27KB

MD5
86b5c41c84a38c404649c8c0b087153c

SHA1
1b149e4e16005a28d4e2bb4fdcad8f4988167f69

SHA256
c262185e4b3be7e3d21fd4c2d2090ccb819a28f232a982600fb0209af28bb209

SHA512
f296d187c82076a4ac01172810a36ec3b6f7dd12bdd19d7b5fb84044a7b2a45654e0379e152afdf00667454235dc86f75e8116ea56520a3fc79839a6a87c163b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_ta.dll

Filesize
28KB

MD5
cf28ae6f6aac4bfad5c9ef174e32a3d6

SHA1
83b116479afe6fcf94a841554d86cc7f943ae33c

SHA256
a0058db5a994e1b7bd8fc01540b477e3804b29544c1c407b3470da64c7bcf922

SHA512
6dd0db3aa75117a46b064b803b87d7ce67a19016ff4513e41e4a34cbfec26f2ea1d6996178e4a16dfaabf568cc301ed9c129fe2708a530299b266e86fc2d77ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_te.dll

Filesize
27KB

MD5
2c2e4164927dc5bebcb7b5d21f576ec2

SHA1
1b7fb51903c30b6d4f5f80113c299046e8e2a503

SHA256
2c0ed75dc10fe1befb8cda11b0c43b3c7a0a80f599178b63cf504b5382821f26

SHA512
589e4d584159d5fc65c86a32779ac418479e78abdf79d39d0f1c947d66af2c60a03add725d4a97fd07db11dca158e813c3b1b5dc048a6552fba36ad91e15e2fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_th.dll

Filesize
25KB

MD5
4a09e4adebd70eca03292fe40e372bb8

SHA1
c3205bd203e7c289f2e5e9f9e78b522aea1a6dc8

SHA256
aaefe7deeced4374cb13f963b852920458240422546f0d3bb815f74a281559b8

SHA512
7bb2e360d1082cacb559cbddca538ef1260cd378b8b4cdd4a011429df9f96a720e3924619ebc1f237e25edd89f83448cb86bc74ab7984b47b4729972ae0c263c

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_tr.dll

Filesize
27KB

MD5
5379bd0e00d1c6720d62d6232cbf2b79

SHA1
0c7d4eede806596e27641837d0611ab2fd2b5fbb

SHA256
17e7d40e572a7f01224c4a3247eb1d99183283697d5c4d67354d4094fb8755fc

SHA512
f1ab61783a250cd2943f699caf976a634428add0636d79935f8f40d6bd02c4c1db6c909758696ca2f73b1bd0185e00a8051cd78c2e5e55a1f9b9360d1946420b

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_uk.dll

Filesize
26KB

MD5
c58c698a63e66bdbab2a7979140c6378

SHA1
8cd380ce107a0087f8c59bb90e7c62c411f8e176

SHA256
b769a2dfb2c35084b16229d328106760a41a024019dbff30e5240f269f3d5b09

SHA512
2ebb85b4261f4e5ba778ecb1ebe6cde0f14c0f1cab03b84e01f73dcf9ef1ff3f9e8c6f1734df6de4dd136efcd4e642232df5ec1ac6b2e3ff50af2054f95d94fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_ur.dll

Filesize
26KB

MD5
2daa38d2ce922e96a3ef41088f6887ff

SHA1
cf1072a9ca0a79c153cbfb9f32aa32a97aecefe6

SHA256
8ff5254e6afc0b06766cda5f459487f88da167803458126c60b20d16c2fa2e50

SHA512
694e626daeed3a25b7b77d84158ba176d8dba4fefe9a4641904da9c66ac101c55f08a1775090448510db7ce9a64e5edffb4bf5fcc9bb86923d11e7b69db60cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_vi.dll

Filesize
26KB

MD5
c58a0d34e22c4a1012b05350dd14e01c

SHA1
484ab20a0d50d17e19cb39c49d826114ac7b8628

SHA256
ac94f3b0d075144a19631f388ccfeef04fd0ea48e3370ee9181463e0b5192e2b

SHA512
cee194b448d6e384965786e99320e5ae0c403ed786f5f660a3580655c43e7419034741bf0f22e7bfb9bf2146bb2717832017aace9a810eb273282ab265c5ba46

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_zh-CN.dll

Filesize
20KB

MD5
00c57145de73df06fbac1e8217381f4e

SHA1
bea33bf66f9021ac636d874b6d67c1c24e531209

SHA256
10a847131bf465f49aabe81917bcb704bb2a99194ca256e64fb9809f799e6a80

SHA512
7ae578e59792d618aa3d08bb5981bb03d05204df170bcf83b580e56bd601a46468c476e3d0bf0b9be8147ce5cf63af0894e93b600d6407c8e8567c522a4bbf55

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\goopdateres_zh-TW.dll

Filesize
20KB

MD5
6b96e2406ae0cb4c12f62c415576b108

SHA1
c7a0a065cf671d6d337540cc7b69e1aa559d6dc4

SHA256
ce164b96ff50b2c2ed0df8f8deb1d4152b596428885860f8ae497f537f73288f

SHA512
f37d68e8111005f63ec552e8d1663f76a716f846d98c38e3fec31787f064d9814b76d8678db70a971c87f5afc3b402c97aa209f2d7f8c1ead708ff5e914c0ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\npEpicUpdate3.dll

Filesize
3.0MB

MD5
089feb1d8ae5cc610c8e37c565b02851

SHA1
30018233a4867068db917cbb8bf71a6998e8e269

SHA256
1ddede4c9920c59075f4d0c0b5c961ef80c14a1deb932981d5837bc355511909

SHA512
2d5d8806771bb2e728244d976a6d3ed274a1ae39adb65ddf103669e7021e5431927cd675e6238b842e5c7e7f27e634771efbf3eca326af2c26d87eb08381a375

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\psmachine.dll

Filesize
1.7MB

MD5
4a3db9e8fe95a3eee0e4970375414ef4

SHA1
c08e3b80535758588c6549524f6e1eb3545c585d

SHA256
90a1606521b93d57532a7469e8602f855bb83241c4ce10be43ff88a8dea4760c

SHA512
2a91434a1a0caf538aabb0fd46ff761afa1197f6c8694dfbbf4eff5d491f815262ad957570b13a2daa57419a5645718dd541aaf8ccbc54c12c33de1a47a062c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\GUM9308.tmp\psuser.dll

Filesize
1.7MB

MD5
cc36535f71124a8119f41d0b4bc2a9c3

SHA1
2b2fa4a0017e6027151ef12fc19145fce5931a53

SHA256
f21d7e7d5902a16fa79611437c5fffd46c0a8396cf1d9a70f54dbb41427dd53e

SHA512
5bd922a245ec4d34aad24066a7862d92e3d6881446988606cb84b0b0d4d1a98641b1a7ea74f1d3a20071644c0aa6d476426f4f0565d40990887e5d207b9d8c75

Download Submit
memory/1368-272-0x0000000003B00000-0x0000000003B01000-memory.dmp

Filesize
4KB

Download
memory/3288-70-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/3752-297-0x0000000003C20000-0x0000000003C21000-memory.dmp

Filesize
4KB

Download
memory/3752-276-0x0000000003C20000-0x0000000003C21000-memory.dmp

Filesize
4KB

Download