URL:

https://cdn.epicbrowser.com/epicsetup.exe

Full analysis: https://app.any.run/tasks/116e6eac-81b7-43d1-b31b-8adec51ba16b
Verdict: Malicious activity
Threats:

Crypto mining malware is a resource-intensive threat that infiltrates computers with the purpose of mining cryptocurrencies. This type of threat can be deployed either on an infected machine or a compromised website. In both cases the miner will utilize the computing power of the device and its network bandwidth.

Malware Trends Tracker     >>>
Analysis date: May 18, 2019, 21:34:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
miner
Indicators:
MD5:

ABAC760C93F80423C2B7FFAD6F0AFC57

SHA1:

F475D5E6B2009710F8914684C24786B2A5F8A693

SHA256:

D8FA32D4C632059D394A6844AC5465076F7B394CD881F96C2E62C53B7B6E98BA

SSDEEP:

3:N8cRG3KcyKJ22aA:2cRGwKJ3aA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • epicsetup.exe (PID: 2924)
      • EpicUpdate.exe (PID: 456)
      • EpicUpdate.exe (PID: 936)
      • EpicUpdate.exe (PID: 2644)
      • EpicUpdate.exe (PID: 3996)
      • EpicCrashHandler.exe (PID: 2280)
      • EpicUpdate.exe (PID: 2212)
      • EpicUpdate.exe (PID: 3256)
      • EpicUpdate.exe (PID: 2832)
      • EpicUpdate.exe (PID: 3132)
      • EpicUpdate.exe (PID: 2772)
      • epic.exe (PID: 1092)
      • setup.exe (PID: 3644)
      • epic.exe (PID: 3888)
      • setup.exe (PID: 3660)
      • epic.exe (PID: 1304)
      • epic.exe (PID: 1252)
      • EpicUpdate.exe (PID: 3404)
      • epic.exe (PID: 3348)
      • epic.exe (PID: 948)
      • epic.exe (PID: 3832)
      • epic.exe (PID: 2796)
      • epic.exe (PID: 1856)
      • epic.exe (PID: 1688)
      • epic.exe (PID: 636)
      • epic.exe (PID: 2648)
      • epic.exe (PID: 2460)
      • epic.exe (PID: 4084)
      • epic.exe (PID: 2624)
      • epic.exe (PID: 1452)
      • epic.exe (PID: 644)
      • epic.exe (PID: 1816)
      • epic.exe (PID: 1848)
      • epic.exe (PID: 2336)
      • epic.exe (PID: 3268)
      • epic.exe (PID: 332)
      • epic.exe (PID: 3184)
      • epic.exe (PID: 2744)
      • epic.exe (PID: 2124)
      • epic.exe (PID: 2748)
      • epic.exe (PID: 692)
      • epic.exe (PID: 3204)
      • epic.exe (PID: 3420)
      • epic.exe (PID: 3312)
      • epic.exe (PID: 3648)
      • epic.exe (PID: 1860)
      • epic.exe (PID: 676)
      • epic.exe (PID: 2008)
      • epic.exe (PID: 3132)
      • epic.exe (PID: 3628)
      • epic.exe (PID: 1720)
      • epic.exe (PID: 3360)

    • Loads the Task Scheduler COM API

      • EpicUpdate.exe (PID: 2644)

    • Changes the autorun value in the registry

      • EpicUpdate.exe (PID: 2644)

    • Loads the Task Scheduler DLL interface

      • EpicUpdate.exe (PID: 2644)
      • EpicUpdate.exe (PID: 936)

    • Loads dropped or rewritten executable

      • EpicUpdate.exe (PID: 936)
      • EpicUpdate.exe (PID: 2832)
      • EpicUpdate.exe (PID: 2644)
      • EpicUpdate.exe (PID: 3996)
      • EpicCrashHandler.exe (PID: 2280)
      • EpicUpdate.exe (PID: 456)
      • EpicUpdate.exe (PID: 3132)
      • EpicUpdate.exe (PID: 3256)
      • EpicUpdate.exe (PID: 2212)
      • EpicUpdate.exe (PID: 2772)
      • chrome.exe (PID: 1132)
      • epic.exe (PID: 1252)
      • epic.exe (PID: 3888)
      • epic.exe (PID: 1092)
      • EpicUpdate.exe (PID: 3404)
      • epic.exe (PID: 3348)
      • epic.exe (PID: 1304)
      • epic.exe (PID: 1856)
      • epic.exe (PID: 2796)
      • epic.exe (PID: 3832)
      • epic.exe (PID: 948)
      • epic.exe (PID: 1688)
      • epic.exe (PID: 636)
      • epic.exe (PID: 2336)
      • epic.exe (PID: 2648)
      • epic.exe (PID: 4084)
      • epic.exe (PID: 2624)
      • epic.exe (PID: 644)
      • epic.exe (PID: 1816)
      • epic.exe (PID: 1848)
      • epic.exe (PID: 2460)
      • epic.exe (PID: 1452)
      • epic.exe (PID: 3184)
      • epic.exe (PID: 332)
      • epic.exe (PID: 3268)
      • epic.exe (PID: 2744)
      • epic.exe (PID: 3648)
      • epic.exe (PID: 3204)
      • epic.exe (PID: 2748)
      • epic.exe (PID: 2124)
      • epic.exe (PID: 3420)
      • epic.exe (PID: 3312)
      • epic.exe (PID: 692)
      • epic.exe (PID: 1860)
      • epic.exe (PID: 2008)
      • epic.exe (PID: 676)
      • epic.exe (PID: 1720)
      • epic.exe (PID: 3132)
      • epic.exe (PID: 3628)

    • Actions looks like stealing of personal data

      • epic.exe (PID: 3888)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • epicsetup.exe (PID: 2924)
      • EpicUpdate.exe (PID: 2644)
      • chrome.exe (PID: 3152)
      • mini_installer.exe (PID: 2620)
      • setup.exe (PID: 3644)

    • Creates COM task schedule object

      • EpicUpdate.exe (PID: 456)
      • EpicUpdate.exe (PID: 2644)

    • Creates files in the program directory

      • EpicUpdate.exe (PID: 2644)

    • Starts itself from another location

      • EpicUpdate.exe (PID: 2644)
      • EpicUpdate.exe (PID: 936)

    • Application launched itself

      • EpicUpdate.exe (PID: 936)
      • EpicUpdate.exe (PID: 3256)
      • setup.exe (PID: 3644)
      • EpicUpdate.exe (PID: 2772)
      • epic.exe (PID: 3888)

    • Modifies the open verb of a shell class

      • setup.exe (PID: 3644)

    • Creates files in the user directory

      • setup.exe (PID: 3644)

    • Creates a software uninstall entry

      • setup.exe (PID: 3644)

    • Dropped object may contain URLs of mainers pools

      • epic.exe (PID: 3888)

  • INFO

    • Reads Internet Cache Settings

      • chrome.exe (PID: 3152)

    • Application launched itself

      • chrome.exe (PID: 3152)

    • Changes settings of System certificates

      • chrome.exe (PID: 3152)

    • Reads settings of System Certificates

      • epic.exe (PID: 3888)

    • Dropped object may contain Bitcoin addresses

      • epic.exe (PID: 1688)
      • epic.exe (PID: 3888)

    • Dropped object may contain TOR URL's

      • epic.exe (PID: 1688)
      • epic.exe (PID: 3888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
94
Monitored processes
60
Malicious processes
15
Suspicious processes
31

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs epicsetup.exe epicupdate.exe epicupdate.exe epicupdate.exe epicupdate.exe epiccrashhandler.exe epicupdate.exe epicupdate.exe epicupdate.exe epicupdate.exe epicupdate.exe mini_installer.exe setup.exe setup.exe no specs epic.exe epic.exe no specs epicupdate.exe epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs epic.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
332"C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --field-trial-handle=944,13357633912461134310,46762383058680565,131072 --lang=en-US --service-sandbox-type=utility --service-request-channel-token=12007248873020801252 --mojo-platform-channel-handle=4980 --ignored=" --type=renderer " /prefetch:8C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exeepic.exe
User:
admin
Company:
Hidden Reflex Authors
Integrity Level:
LOW
Description:
Epic Privacy Browser
Exit code:
0
Version:
71.0.3578.98
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\application\epic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\epic privacy browser\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
456"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /regserverC:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
EpicUpdate.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer
Exit code:
0
Version:
1.3.27.13
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\installer\epicupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
636"C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=utility --field-trial-handle=944,13357633912461134310,46762383058680565,131072 --lang=en-US --service-sandbox-type=utility --service-request-channel-token=16362681823072425612 --mojo-platform-channel-handle=3992 --ignored=" --type=renderer " /prefetch:8C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exeepic.exe
User:
admin
Company:
Hidden Reflex Authors
Integrity Level:
LOW
Description:
Epic Privacy Browser
Exit code:
0
Version:
71.0.3578.98
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\application\epic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\epic privacy browser\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
644"C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --field-trial-handle=944,13357633912461134310,46762383058680565,131072 --disable-gpu-compositing --service-pipe-token=6882409267617372275 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=6882409267617372275 --renderer-client-id=19 --mojo-platform-channel-handle=5408 /prefetch:1C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exeepic.exe
User:
admin
Company:
Hidden Reflex Authors
Integrity Level:
LOW
Description:
Epic Privacy Browser
Exit code:
0
Version:
71.0.3578.98
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\application\epic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\epic privacy browser\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
676"C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --field-trial-handle=944,13357633912461134310,46762383058680565,131072 --disable-gpu-compositing --service-pipe-token=13102820383513888891 --lang=en-US --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13102820383513888891 --renderer-client-id=33 --mojo-platform-channel-handle=2840 /prefetch:1C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exeepic.exe
User:
admin
Company:
Hidden Reflex Authors
Integrity Level:
LOW
Description:
Epic Privacy Browser
Exit code:
0
Version:
71.0.3578.98
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\application\epic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\epic privacy browser\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
692"C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --field-trial-handle=944,13357633912461134310,46762383058680565,131072 --disable-gpu-compositing --service-pipe-token=1067597989551501332 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1067597989551501332 --renderer-client-id=24 --mojo-platform-channel-handle=6204 /prefetch:1C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exeepic.exe
User:
admin
Company:
Hidden Reflex Authors
Integrity Level:
LOW
Description:
Epic Privacy Browser
Exit code:
0
Version:
71.0.3578.98
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\application\epic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\epic privacy browser\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
936"C:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /cC:\Users\admin\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe
EpicUpdate.exe
User:
admin
Company:
Epic Privacy Browser
Integrity Level:
MEDIUM
Description:
Epic Privacy Browser Installer
Exit code:
0
Version:
1.3.27.13
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\installer\epicupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
948"C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=renderer --field-trial-handle=944,13357633912461134310,46762383058680565,131072 --service-pipe-token=17455107602272856127 --lang=en-US --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17455107602272856127 --renderer-client-id=8 --mojo-platform-channel-handle=2536 /prefetch:1C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exeepic.exe
User:
admin
Company:
Hidden Reflex Authors
Integrity Level:
LOW
Description:
Epic Privacy Browser
Exit code:
0
Version:
71.0.3578.98
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\application\epic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\epic privacy browser\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1092"C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exe" --type=gpu-process --field-trial-handle=944,13357633912461134310,46762383058680565,131072 --gpu-preferences=KAAAAAAAAACAAwBgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --service-request-channel-token=11978383014294255892 --mojo-platform-channel-handle=972 --ignored=" --type=renderer " /prefetch:2C:\Users\admin\AppData\Local\Epic Privacy Browser\Application\epic.exeepic.exe
User:
admin
Company:
Hidden Reflex Authors
Integrity Level:
LOW
Description:
Epic Privacy Browser
Exit code:
0
Version:
71.0.3578.98
Modules
Images
c:\users\admin\appdata\local\epic privacy browser\application\epic.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\epic privacy browser\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
1132"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=960,1202593172576514276,2785419405118137926,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12093851127285970670 --mojo-platform-channel-handle=948 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
73.0.3683.75
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
2 589
Read events
2 076
Write events
500
Delete events
13

Modification events

(PID) Process:(3152) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3152) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3152) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3152) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3152) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3632) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:3152-13202688880932000
Value:
259
(PID) Process:(3152) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3152) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(3152) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3488-13197474229333984
Value:
0
(PID) Process:(3152) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
139
Suspicious files
54
Text files
594
Unknown types
45

Dropped files

PID
Process
Filename
Type
3152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
MD5:
SHA256:
3152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
MD5:
SHA256:
3152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
MD5:
SHA256:
3152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
MD5:
SHA256:
3152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
MD5:
SHA256:
3152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
MD5:
SHA256:
3152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF11fa4b.TMP
MD5:
SHA256:
3152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
MD5:
SHA256:
3152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\5418db45-e6de-4e19-abda-56aaa8a172dc.tmp
MD5:
SHA256:
3152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
118
TCP/UDP connections
72
DNS requests
31
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2212
EpicUpdate.exe
POST
200
128.199.39.15:80
http://updates.epicbrowser.com/service/update2
NL
xml
352 b
whitelisted
3888
epic.exe
GET
200
206.189.4.63:80
http://updates.epicbrowser.com/extensions/newtab/newTabAd.xml
US
text
118 b
whitelisted
3888
epic.exe
GET
200
206.189.4.63:80
http://updates.epicbrowser.com/extensions/newtab/newAdd.html
US
html
1003 b
whitelisted
3404
EpicUpdate.exe
POST
200
128.199.39.15:80
http://updates.epicbrowser.com/service/update2
NL
xml
1.02 Kb
whitelisted
3888
epic.exe
GET
200
206.189.4.63:80
http://updates.epicbrowser.com/extensions/updates.xml?response=redirect&x=uc%26installsource%3Dsignature%26id%3Dclhiejnehegdfknplplojohghjaklbae%26v%3D1.5
US
text
570 b
whitelisted
3888
epic.exe
GET
200
206.189.4.63:80
http://updates.epicbrowser.com/extensions/updates.xml?response=redirect&x=uc%26installsource%3Dsignature%26id%3Dheedlljjfegnjeijpnkbhpofeejflkea%26v%3D2.1.1
US
text
570 b
whitelisted
3888
epic.exe
GET
200
206.189.4.63:80
http://updates.epicbrowser.com/extensions/updates.xml?response=redirect&x=uc%26installsource%3Dsignature%26id%3Dihibngdinmfjamjgadhblfieeeiedjah%26v%3D1.5
US
text
570 b
whitelisted
3888
epic.exe
GET
200
206.189.4.63:80
http://updates.epicbrowser.com/extensions/updates.xml?response=redirect&x=uc%26installsource%3Dsignature%26id%3Ddehdhmbfpjfihgpekceokjdeeheinkfo%26v%3D1.16
US
text
570 b
whitelisted
3888
epic.exe
GET
200
206.189.4.63:80
http://updates.epicbrowser.com/extensions/updates.xml?response=redirect&x=uc%26installsource%3Dsignature%26id%3Ddehdhmbfpjfihgpekceokjdeeheinkfo%26v%3D1.16
US
text
570 b
whitelisted
3888
epic.exe
GET
200
206.189.4.63:80
http://updates.epicbrowser.com/extensions/updates.xml?response=redirect&x=uc%26installsource%3Dsignature%26id%3Dclhiejnehegdfknplplojohghjaklbae%26v%3D1.5
US
text
570 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3152
chrome.exe
172.217.22.67:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3152
chrome.exe
62.113.194.12:443
cdn.epicbrowser.com
23media GmbH
DE
suspicious
3152
chrome.exe
172.217.23.174:443
sb-ssl.google.com
Google Inc.
US
whitelisted
3152
chrome.exe
172.217.16.164:443
www.google.com
Google Inc.
US
whitelisted
3152
chrome.exe
91.199.212.52:80
crt.comodoca.com
Comodo CA Ltd
GB
suspicious
3996
EpicUpdate.exe
128.199.39.15:80
updates.epicbrowser.com
Digital Ocean, Inc.
NL
unknown
2212
EpicUpdate.exe
128.199.39.15:80
updates.epicbrowser.com
Digital Ocean, Inc.
NL
unknown
2772
EpicUpdate.exe
128.199.39.15:80
updates.epicbrowser.com
Digital Ocean, Inc.
NL
unknown
2772
EpicUpdate.exe
128.199.39.15:443
updates.epicbrowser.com
Digital Ocean, Inc.
NL
unknown
62.113.194.12:443
cdn.epicbrowser.com
23media GmbH
DE
suspicious

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.22.67
whitelisted
cdn.epicbrowser.com
  • 62.113.194.12
malicious
accounts.google.com
  • 172.217.22.13
shared
sb-ssl.google.com
  • 172.217.23.174
whitelisted
www.google.com
  • 172.217.16.164
malicious
crt.comodoca.com
  • 91.199.212.52
whitelisted
updates.epicbrowser.com
  • 128.199.39.15
  • 206.189.4.63
whitelisted
epicbrowser.com
  • 82.196.2.74
unknown
www.epicbrowser.com
  • 82.196.2.74
unknown
www.gstatic.com
  • 172.217.18.99
whitelisted

Threats

No threats detected
Process
Message
EpicUpdate.exe
LOG_SYSTEM: [EpicUpdate:goopdate]: ERROR - Cannot create ETW log writer
EpicUpdate.exe
[05/18/19 22:34:53.116][EpicUpdate:goopdate][2644:2496][OS][version: OS_WINDOWS_7][service pack: 1]
EpicUpdate.exe
[05/18/19 22:34:53.116][EpicUpdate:goopdate][2644:2496][GetNamedObjectAttributes][named_object=Global\ES-1-5-21-1302019708-1500728564-335382590-1000_Epic Privacy Browser_Installer_Report_Ids_Lock_57146B01-6A07-4b8d-A1D8-0C3AFC3B2F9B]
EpicUpdate.exe
[05/18/19 22:34:53.132][EpicUpdate:goopdate][2644:2496][DllEntry][C:\Users\admin\AppData\Local\Temp\GUM2042.tmp\EpicUpdate.exe /installsource taggedmi /install "appguid={A3AA2AD6-C357-4BB3-9625-6550647D956D}&appname=Epic&needsadmin=False&lang=en"]
EpicUpdate.exe
[05/18/19 22:34:53.132][EpicUpdate:goopdate][2644:2496][Goopdate::Goopdate]
EpicUpdate.exe
[05/18/19 22:34:53.132][EpicUpdate:goopdate][2644:2496][Crash::InstallCrashHandler][is_machine 0]
EpicUpdate.exe
[05/18/19 22:34:53.132][EpicUpdate:goopdate][2644:2496][crash dir C:\Users\admin\AppData\Local\Epic Privacy Browser\CrashReports]
EpicUpdate.exe
[05/18/19 22:34:53.147][EpicUpdate:goopdate][2644:2496][exception handler has been installed]
EpicUpdate.exe
[05/18/19 22:34:53.147][EpicUpdate:goopdate][2644:2496][ThreadPool::ThreadPool]
EpicUpdate.exe
[05/18/19 22:34:53.147][EpicUpdate:goopdate][2644:2496][C:\Users\admin\AppData\Local\Temp\GUM2042.tmp\goopdate.dll][version 1.3.27.13][dbg][dev]
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://cdn.epicbrowser.com/epicsetup.exe