Windows Analysis Report
SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe

Overview

General Information

Sample name: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe
Analysis ID: 1543317
MD5: 6b47cfd828d584f77aa7496b094c1f82
SHA1: 53779e6456cd6f8d6572c22190141d4464045f17
SHA256: d468becc83ba215453be50cdd6079a2e16501a75c8b6b46add8437ba5f069f99
Infos:

Detection

LummaC
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
LummaC encrypted strings found
Machine Learning detection for dropped file
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Creates a process in suspended mode (likely to inject code)
Drops PE files
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files

Classification

Name Description Attribution Blogpost URLs Link
Lumma Stealer, LummaC2 Stealer Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

AV Detection
barindex
Found malware configuration
Source: EpicUpdate.exe.1044.2.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["ehticsprocw.sbs", "allocatinow.sbs", "mathcucom.sbs", "scratgyy.biz", "condifendteu.sbs", "enlargkiw.sbs", "vennurviot.sbs", "resinedyw.sbs", "drawwyobstacw.sbs"], "Build id": "QxiMJI--REDLIZARD"}
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe ReversingLabs: Detection: 57%
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: drawwyobstacw.sbs
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: condifendteu.sbs
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: ehticsprocw.sbs
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: vennurviot.sbs
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: resinedyw.sbs
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: enlargkiw.sbs
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: allocatinow.sbs
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: mathcucom.sbs
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: scratgyy.biz
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: - Screen Resoluton:
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: - Physical Installed Memory:
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: Workgroup: -
Source: 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String decryptor: QxiMJI--REDLIZARD
Source: unknown HTTPS traffic detected: 52.113.194.132:443 -> 192.168.11.20:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49770 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49772 version: TLS 1.2
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: redlizard.pdbj source: EpicUpdate.exe, 00000002.00000003.32268595883.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: redlizard.pdb source: EpicUpdate.exe, 00000002.00000003.32268595883.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.11.20:49745 -> 104.21.64.165:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.11.20:49745 -> 104.21.64.165:443
Source: Network traffic Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.11.20:49746 -> 104.21.64.165:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.11.20:49746 -> 104.21.64.165:443
Source: Network traffic Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.11.20:49766 -> 104.21.64.165:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.11.20:49772 -> 104.21.64.165:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: ehticsprocw.sbs
Source: Malware configuration extractor URLs: allocatinow.sbs
Source: Malware configuration extractor URLs: mathcucom.sbs
Source: Malware configuration extractor URLs: scratgyy.biz
Source: Malware configuration extractor URLs: condifendteu.sbs
Source: Malware configuration extractor URLs: enlargkiw.sbs
Source: Malware configuration extractor URLs: vennurviot.sbs
Source: Malware configuration extractor URLs: resinedyw.sbs
Source: Malware configuration extractor URLs: drawwyobstacw.sbs
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 52.113.194.132
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown TCP traffic detected without corresponding DNS query: 23.44.201.5
Source: unknown TCP traffic detected without corresponding DNS query: 142.250.80.99
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.81
Source: unknown TCP traffic detected without corresponding DNS query: 40.126.24.81
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /config/v2/Office/officeclicktorun/16.0.14326.20384/Production/CC?&Clientid=%7bB0D7ECDF-3EEF-4767-BB67-27861CCFA721%7d&Application=officeclicktorun&Platform=win32&Version=16.0.14326.20384&MsoVersion=16.0.14326.20384&Audience=Production&Build=ship&Architecture=x64&OsVersion=10.0&OsBuild=19042&Channel=CC&InstallType=C2R&SessionId=%7b416D32E9-EAB1-474A-BE66-27112055BEE5%7d&LabMachine=false HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipIf-None-Match: "vbfTVf/bCysSx4WnMqc2RY2GVSYWfpgdMSpIVEM4P5Q="User-Agent: Microsoft Office 2014DisableExperiments: falseHost: ecs.office.com
Source: global traffic HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgS_YJblGJXJ-bgGIjBjKah9wGrJMTTp-NeylW3cNWLLiDs2v6zWNsaZdGDgstSYwTKUqhP1c1YJbAnaRSgyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIkqHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJblGJXJ-bgGIjAxADqPFati6aNWAS11l0vMQ8zDUJeVR1-nuFIhNKu_EJhp1U7fbLuAmb4KubHNeo0yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: chrome.exe, 00000003.00000002.32739868769.00005C8C02AF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.32747973405.00005C8C039A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: /https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.32739868769.00005C8C02AF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000003.32321316712.00005C8C02418000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.32321148402.00005C8C03740000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$1()}render(){return getHtml$1.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$2=null;function getCss(){return instance$2||(instance$2=[...[getCss$3()],css`:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chro
Source: chrome.exe, 00000003.00000003.32321316712.00005C8C02418000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.32321148402.00005C8C03740000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$1()}render(){return getHtml$1.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$2=null;function getCss(){return instance$2||(instance$2=[...[getCss$3()],css`:host{--ntp-logo-height:200px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([reduced-logo-space-enabled_]){--ntp-logo-height:168px}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:160px}:host([doodle-boxed_][reduced-logo-space-enabled_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chro
Source: chrome.exe, 00000003.00000002.32736348840.00005C8C02388000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: gnkcojhhkbfbldkacnbeo{"ack_external":true,"active_bit":false,"allowlist":1,"app_launcher_ordinal":"y","creation_flags":137,"first_install_time":"13273758449372370","from_bookmark":false,"from_webstore":true,"last_update_time":"13273758449372370","lastpingday":"13273743588725962","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"http://www.youtube.com"},"web_content":{"enabled":true,"origin":"http://www.youtube.com"}},"current_locale":"en","default_locale":"en","description":"","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","manifest_version":2,"name":"YouTube","update_url":"http://clients2.google.com/service/update2/crx","version":"4.2.8"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0","state":1,"was_installed_by_default":true,"was_installed_by_oem":false} equals www.youtube.com (Youtube)
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/s?ie={inputEncoding}&wd={searchTerms}https://www.baidu.com/s?ie={inputEncoding}&word={searchTerms}https://www.baidu.com/{google:pathWildcard}/s?ie={inputEncoding}&word={searchTerms}sigs_ssp{google:baseURL}#q={searchTerms}{google:baseURL}search#q={searchTerms}{google:baseURL}webhp#q={searchTerms}{google:baseURL}s#q={searchTerms}{google:baseURL}s?q={searchTerms}https://go.mail.ru/msearch?q={searchTerms}&{mailru:referralID}https://m.so.com/s?ie={inputEncoding}&q={searchTerms}https://m.so.com/index.php?ie={inputEncoding}&q={searchTerms}https://m.sogou.com/web/{google:pathWildcard}?ie={inputEncoding}&keyword={searchTerms}http://searchatlas.centrum.cz/?q={searchTerms}http://hladaj.atlas.sk/fulltext/?phrase={searchTerms}http://isearch.avg.com/search?q={searchTerms}http://search.avg.com/route/?q={searchTerms}&lng={language}https://isearch.avg.com/search?q={searchTerms}https://search.avg.com/route/?q={searchTerms}&lng={language}http://search.babylon.com/?q={searchTerms}http://search.conduit.com/Results.aspx?q={searchTerms}http://www.delfi.lt/paieska/?q={searchTerms}http://www.delta-search.com/?q={searchTerms}http://www1.delta-search.com/home?q={searchTerms}http://www1.delta-search.com/?q={searchTerms}http://www2.delta-search.com/home?q={searchTerms}http://www2.delta-search.com/?q={searchTerms}http://www.search.delta-search.com/home?q={searchTerms}http://www.search.delta-search.com/?q={searchTerms}http://www.yhs.delta-search.com/home?q={searchTerms}http://www.yhs.delta-search.com/?q={searchTerms}http://mixidj.delta-search.com/home?q={searchTerms}http://mixidj.delta-search.com/?q={searchTerms}http://search.goo.ne.jp/web.jsp?MT={searchTerms}&IE={inputEncoding}http://search.goo.ne.jp/sgt.jsp?MT={searchTerms}&CL=plugin&FM=json&IE={inputEncoding}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Default.aspx#q={searchTerms}http://search.iminent.com/SearchTheWeb/v6/1033/homepage/Result.aspx#q={searchTerms}http://start.iminent.com/?q={searchTerms}http://start.iminent.com/StartWeb/1033/homepage/#q={searchTerms}http://search.incredibar.com/?q={searchTerms}http://mystart.incredibar.com/?search={searchTerms}https://www.neti.ee/cgi-bin/otsing?query={searchTerms}&src=webhttps://www.neti.ee/api/suggestOS?suggestVersion=1&suggestQuery={searchTerms}https://nova.rambler.ru/search?query={searchTerms}https://nova.rambler.ru/suggest?v=3&query={searchTerms}http://www.search-results.com/web?q={searchTerms}http://search.snap.do/?q={searchTerms}http://feed.snapdo.com/?q={searchTerms}http://feed.snap.do/?q={searchTerms}http://en.softonic.com/s/{searchTerms}http://www.softonic.com/s/{searchTerms}http://www.softonic.com.br/s/{searchTerms}http://buscador.softonic.com/?q={searchTerms}http://nl.softonic.com/s/{searchTerms}https://search.softonic.com/?q={searchTerms}https://en.softonic.com/s/{searchTerms}https://www.softonic.com/s/{searchTerms}https://www.softonic.com.br/s/{searchTerms}https://buscador.softonic.com/?q={searchTerms}https://nl.softonic.com/s/{se
Source: chrome.exe, 00000003.00000002.32746127811.00005C8C03598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.32739868769.00005C8C02AF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.32746127811.00005C8C03598000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.32739868769.00005C8C02AF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.32747973405.00005C8C039A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
Source: chrome.exe, 00000003.00000002.32747973405.00005C8C039A4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlult equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: scratgyy.biz
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: scratgyy.biz
Source: global traffic TCP traffic: 192.168.11.20:54200 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:54200 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:54200 -> 239.255.255.250:1900
Source: global traffic TCP traffic: 192.168.11.20:54200 -> 239.255.255.250:1900
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ak.apnstatic.com/media/images/favicon_search-results.icohttp://dts.search-results.com/sr?lng=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://arianna.libero.it/search/abin/integrata.cgi?query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://autocomplete.nigma.ru/complete/query_help.php?suggest=true&q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://clients3.google.com/cert_upload_json
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crbug.com/1138528
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://dts.search-results.com/sr?lng=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://find.in.gr/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.png
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://find.in.gr/Themes/1/Default/Media/Layout/icon_in.pnghttp://find.in.gr/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://g1.delphi.lv/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://g1.delphi.lv/favicon.icohttp://www.delfi.lv/search_all/?ie=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://i.rl0.ru/2011/icons/rambler.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://i.rl0.ru/2011/icons/rambler.icohttp://nova.rambler.ru/search?query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://imgs.sapo.pt/images/sapo.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://imgs.sapo.pt/images/sapo.icohttp://pesquisa.sapo.pt/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://linkurystoragenorthus.blob.core.windows.net/static/favicon.icohttp://search.snapdo.com/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ms1.iol.it/graph_hf/v.8.3.04/themes/default/img/favicon.icohttp://arianna.libero.it/search/ab
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://nigma.ru/?s=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://nigma.ru/themes/nigma/img/favicon.icohttp://nigma.ru/?s=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://nova.rambler.ru/search?query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://nova.rambler.ru/suggest?v=3&query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ok.hu/gfx/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ok.hu/gfx/favicon.icohttp://ok.hu/katalogus?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ok.hu/katalogus?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://pesquisa.sapo.pt/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://pesquisa.sapo.pt/livesapo?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://radce.centrum.cz/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://report-example.test/test
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.avg.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.avg.com/favicon.icohttp://search.avg.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.avg.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.babylon.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.babylon.com/favicon.icohttp://search.babylon.com/home?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.babylon.com/home?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.imesh.net/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.imesh.net/favicon.icohttp://search.imesh.net/music?hl=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.imesh.net/music?hl=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.iminent.com/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.iminent.com/Shared/Images/favicon_gl.icohttp://search.iminent.com/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.incredibar.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.incredibar.com/favicon.icohttp://search.incredibar.com/search.php?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.incredibar.com/search.php?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://search.snapdo.com/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://searchfunmoods.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://searchfunmoods.com/favicon.icohttp://searchfunmoods.com/results.php?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://searchfunmoods.com/results.php?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://static.mediacentrum.sk/katalog/atlas.sk/images/favicon.icohttps://hladaj.atlas.sk/fulltext/?p
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.conduit.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.conduit.com/favicon.icohttp://www.conduit.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.conduit.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.delfi.lv/search_all/?ie=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.delta-search.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.delta-search.com/favicon.icohttp://www.delta-search.com/home?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.delta-search.com/home?q=
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2F50000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3157000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3256000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.intel.com/support/gfx_feedback
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.neti.ee/api/suggestOS?suggestQuery=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.neti.ee/cgi-bin/otsing?query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.neti.ee/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.neti.ee/favicon.icohttp://www.neti.ee/cgi-bin/otsing?query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.searchnu.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.searchnu.com/favicon.icohttp://www.searchnu.com/web?hl=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.searchnu.com/web?hl=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-capture-time
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/abs-send-timeCreating
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.webrtc.org/experiments/rtp-hdrext/generic-frame-descriptor-00https://aomediacodec.github.
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32741436014.00005C8C02DA0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.search.naver.com/nx/ac?of=os&ie=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aomediacodec.github.io/av1-rtp-spec/#dependency-descriptor-rtp-header-extension
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.karmasearch.org/search/autosuggest?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.oceanhero.today/suggestions?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.qwant.com/api/suggest/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.yep.com/ac/?query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.you.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://api.you.com/favicon.icohttps://you.com/search?tbm=youchat&q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ar.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ar.search.yahoo.com/favicon.icohttps://ar.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ar.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ar.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://at.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://at.search.yahoo.com/favicon.icohttps://at.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://at.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://at.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://au.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://au.search.yahoo.com/favicon.icohttps://au.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://au.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://au.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://br.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://br.search.yahoo.com/favicon.icohttps://br.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://br.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://br.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ca.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ca.search.yahoo.com/favicon.icohttps://ca.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ca.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ca.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32742482634.00005C8C02F94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.search.brave.com/serp/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.search.brave.com/serp/favicon.icohttps://search.brave.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.yep.com/static/meta/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.yep.com/static/meta/favicon.icohttps://yep.com/web?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cl.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cl.search.yahoo.com/favicon.icohttps://cl.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cl.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://co.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://co.search.yahoo.com/favicon.icohttps://co.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://co.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://co.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://coccoc.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://coccoc.com/favicon.icohttps://coccoc.com/search#query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://coccoc.com/search#query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1161355
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1214923
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1237175
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1313172
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/1338622.
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/333424893
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/341254292
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/342701242
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/chromium/1361662
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/chromium/329702368
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/chromium/331688266
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/chromium/335553337
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1016
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1071
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1083
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1203
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1216
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1264
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1276
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1289
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1302
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1305
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/136
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1389
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1393
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/145
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1462
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1473
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1487
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/155
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1550
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1564
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1579
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1707
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1781
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1782
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1789
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1800
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/1823
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/193
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/2079
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/2260
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/2362
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/237
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/2391
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/2470
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/27
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/271
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/282
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/286
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/342
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/343
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/348654098
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/36
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/402
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/42
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/434
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/480
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/484
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/537
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/549
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/56
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/582
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/633
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/666
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/673
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/727
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/776
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/792
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/838
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/840
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/949
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/dawn/966
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/new
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/newCheckIfAudioThreadIsAliveMedia.AudioThreadStatusCreating
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/tint.
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/tint.SPIRV
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/tint/1003
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/tint/1497
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/tint/1718
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/tint/1798
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/tint/1890
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/tint/2128
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/tint/2161
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://crbug.com/tint/976
Source: EpicUpdate.exe, 00000002.00000003.32355877138.00000000043ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
Source: EpicUpdate.exe, 00000002.00000003.32355877138.00000000043ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1rj
Source: EpicUpdate.exe, 00000002.00000003.32355877138.00000000043ED000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dawn.googlesource.com/dawn/
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://de.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://de.search.yahoo.com/favicon.icohttps://de.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://de.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dk.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dk.search.yahoo.com/favicon.icohttps://dk.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dk.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.gmx.com/apps/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://dl.gmx.com/apps/favicon.icohttps://search.gmx.com/web/result?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32742482634.00005C8C02F94000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://emea.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://emea.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://es.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://es.search.yahoo.com/favicon.icohttps://es.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://es.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://es.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fi.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fi.search.yahoo.com/favicon.icohttps://fi.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fi.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fr.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fr.search.yahoo.com/favicon.icohttps://fr.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fr.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://fr.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3088000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gameplayapi.intel.com/api/games/downloadthumbnail/
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gameplayapi.intel.com/api/games/downloadthumbnail/2f
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31846836441.000001ECC2E81000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3088000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gameplayapi.intel.com/api/games/downloadthumbnail/v
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31846836441.000001ECC2E62000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E79000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC317F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3081000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gameplayapi.intel.com/api/games/getagsgames2/
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gameplayapi.intel.com/api/games/getagsgames2/u
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31846836441.000001ECC2E81000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3088000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gameplayapi.intel.com/api/games/getagsgames2/v
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31846836441.000001ECC2E62000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E79000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC317F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3081000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gameplayapi.intel.com/api/games/getagsgamesettings2/
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://gameplayapi.intel.com/api/games/getagsgamesettings2/Ff
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/KhronosGroup/Vulkan-Docs/issues/1005)
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/gpuweb/gpuweb/blob/main/proposals/subgroups.md
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://go.imgsmail.ru/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://go.imgsmail.ru/favicon.icohttps://go.mail.ru/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://go.mail.ru/chrome/newtab/
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://go.mail.ru/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/#bgra8unorm-storage
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/#depth-clip-control
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/#depth32float-stencil8
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/#float32-filterable
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/#indirect-first-instance
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/#rg11b10ufloat-renderable
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/#shader-f16
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/#texture-compression-astc
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/#texture-compression-bc
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/#texture-compression-etc2
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/#timestamp-query
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://gpuweb.github.io/gpuweb/wgsl/#texel-formats
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://hk.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://hk.search.yahoo.com/favicon.icohttps://hk.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://hk.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://hk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://hladaj.atlas.sk/fulltext/?phrase=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://id.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://id.search.yahoo.com/favicon.icohttps://id.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://id.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://id.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://in.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://in.search.yahoo.com/favicon.icohttps://in.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://in.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://in.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://it.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://it.search.yahoo.com/favicon.icohttps://it.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://it.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://it.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://karmasearch.org/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://karmasearch.org/favicon.icohttps://karmasearch.org/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://karmasearch.org/newtab
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://karmasearch.org/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://lss.sse-iacapps.com/query?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://malaysia.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://malaysia.search.yahoo.com/favicon.icohttps://malaysia.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://malaysia.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://malaysia.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://metager.de/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://metager.de/favicon.icohttps://metager.de/meta/meta.ger3?eingabe=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://metager.de/meta/meta.ger3?eingabe=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://metager.org/meta/meta.ger3?eingabe=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mx.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mx.search.yahoo.com/favicon.icohttps://mx.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mx.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://mx.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://nl.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://nl.search.yahoo.com/favicon.icohttps://nl.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://nl.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://nl.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://nz.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://nz.search.yahoo.com/favicon.icohttps://nz.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://nz.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://nz.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oceanhero.today/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oceanhero.today/favicon.icohttps://oceanhero.today/web?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oceanhero.today/home
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://oceanhero.today/web?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://panda-search.org/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://panda-search.org/favicon.icohttps://panda-search.org/search/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://panda-search.org/search/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pe.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pe.search.yahoo.com/favicon.icohttps://pe.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pe.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://pe.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://petalsearch.com/search?query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ph.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ph.search.yahoo.com/favicon.icohttps://ph.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ph.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ph.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://presearch.com/api/suggest?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://presearch.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://presearch.com/favicon.icohttps://presearch.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://presearch.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://quendu.com/assets/favicon-48x48.png
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://quendu.com/assets/favicon-48x48.pnghttps://www.quendu.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://se.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://se.search.yahoo.com/favicon.icohttps://se.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://se.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search-static-dre.dbankcdn.com/pc/v1/favicon.icohttps://petalsearch.com/search?query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.brave.com/api/suggest?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.brave.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.daum.net/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.daum.net/favicon.icohttps://search.daum.net/search?w=tot&DA=JU5&q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.daum.net/search?w=tot&DA=JU5&q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.gmx.co.uk/web/result?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.gmx.com/web/result?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.gmx.es/web/result?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.gmx.fr/web/result?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.goo.ne.jp/cdn/common/img/favicon.icohttps://search.goo.ne.jp/web.jsp?MT=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.goo.ne.jp/sgt.jsp?MT=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.goo.ne.jp/web.jsp?MT=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.lilo.org
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.lilo.org/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.lilo.org/api/?service=suggestions&action=suggest&q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.naver.com/search.naver?ie=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.privacywall.org/suggest.php?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.seznam.cz/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.seznam.cz/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.seznam.cz/favicon.icohttps://search.seznam.cz/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.seznam.cz/newtab
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.yahoo.co.jp/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.yahoo.co.jp/favicon.icohttps://search.yahoo.co.jp/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.yahoo.co.jp/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?p=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://searchatlas.centrum.cz/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://searchatlas.centrum.cz/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://searchatlas.centrum.cz/favicon.icohttps://searchatlas.centrum.cz/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sg.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sg.search.yahoo.com/favicon.icohttps://sg.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sg.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sg.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp, EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://source.chromium.org/chromium/chromium/src/
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ssl.pstatic.net/sstatic/search/favicon/favicon_140327.icohttps://search.naver.com/search.nav
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://storage.ape.yandex.net/get/browser/Doodles/yandex/drawable-xxhdpi/yandex.png
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suche.gmx.at/web/result?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suche.gmx.net/web/result?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sug.so.360.cn/suggest?encodein=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://sugg.sogou.com/sugg/ajaj_json.jsp?type=addrbar&key=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggest.panda-search.org/suggest?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggest.search.daum.net/sushi/opensearch/pc?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggest.seznam.cz/fulltext_ff?phrase=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggest.yandex.by/suggest-ff.cgi?part=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggest.yandex.com.tr/suggest-ff.cgi?part=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggest.yandex.com/suggest-ff.cgi?part=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggest.yandex.kz/suggest-ff.cgi?part=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggest.yandex.ua/suggest-ff.cgi?part=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggestion.baidu.com/su?wd=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggestplugin.gmx.at/s?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggestplugin.gmx.co.uk/s?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggestplugin.gmx.com/s?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggestplugin.gmx.es/s?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggestplugin.gmx.fr/s?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggestplugin.gmx.net/s?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://suggests.go.mail.ru/chrome?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://th.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://th.search.yahoo.com/favicon.icohttps://th.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://th.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://th.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tr.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tr.search.yahoo.com/favicon.icohttps://tr.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tr.search.yahoo.com/search
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tst-gameplayapi.intel.com/api/games/downloadthumbnail/
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tst-gameplayapi.intel.com/api/games/downloadthumbnail/$f3O
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tst-gameplayapi.intel.com/api/games/downloadthumbnail/nf
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31846836441.000001ECC2E81000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3088000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tst-gameplayapi.intel.com/api/games/downloadthumbnail/q
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31846836441.000001ECC2E62000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E79000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC317F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3081000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tst-gameplayapi.intel.com/api/games/downloadthumbnail/s
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tst-gameplayapi.intel.com/api/games/downloadthumbnail/u
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31846836441.000001ECC2E62000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E79000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31846836441.000001ECC2E81000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3088000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC317F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3081000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tst-gameplayapi.intel.com/api/games/getagsgames2/
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3088000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC317F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3081000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tst-gameplayapi.intel.com/api/games/getagsgamesettings2/
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tst-gameplayapi.intel.com/api/games/getagsgamesettings2/5
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31848251825.000001ECC2E9A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC30A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC3186000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tst-gameplayapi.intel.com/api/games/getagsgamesettings2/u
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tw.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tw.search.yahoo.com/favicon.icohttps://tw.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tw.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://tw.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://uk.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32744920207.00005C8C0339C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://uk.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32744308626.00005C8C032D8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ve.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ve.search.yahoo.com/favicon.icohttps://ve.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ve.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ve.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vn.search.yahoo.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vn.search.yahoo.com/favicon.icohttps://vn.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vn.search.yahoo.com/search
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://vn.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.amd.com/en/support/apu/amd-series-processors/amd-a8-series-apu-for-laptops/a8-5550m-rade
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ask.com/web?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ask.com/wp-content/uploads/sites/3/2021/10/ask-favicon.png
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ask.com/wp-content/uploads/sites/3/2021/10/ask-favicon.pnghttps://www.ask.com/web?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/#ie=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.baidu.com/favicon.icohttps://www.baidu.com/#ie=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.delfi.lt/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.delfi.lt/favicon.icohttps://www.delfi.lt/paieska/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.delfi.lt/paieska/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32745016713.00005C8C033C0000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.givero.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.givero.com/favicon.icohttps://www.givero.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.givero.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.givero.com/suggest?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32741436014.00005C8C02DA0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32738330298.00005C8C02774000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32739685764.00005C8C02A98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.32322473496.00005C8C02744000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: EpicUpdate.exe, 00000002.00000003.32355877138.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32742121439.00005C8C02ED4000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgS_YJblGJX
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.info.com/serp?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.info.com/static/www.info.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.info.com/static/www.info.com/favicon.icohttps://www.info.com/serp?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.lilo.org/wp-content/themes/jarvis_wp/ajans/assets/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.lilo.org/wp-content/themes/jarvis_wp/ajans/assets/favicon.icohttps://search.lilo.org/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mojeek.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mojeek.com/favicon.icohttps://www.mojeek.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mojeek.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.nona.de/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.nona.de/autocomplete/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.nona.de/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.nona.de/favicon.icohttps://www.nona.de/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.privacywall.org/images/favicon_32x32.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.privacywall.org/images/favicon_32x32.icohttps://www.privacywall.org/search/secure/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.privacywall.org/newtab/
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.privacywall.org/newtab/h
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.privacywall.org/search/secure/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.quendu.com/search?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.quendu.com/suggest?query=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.qwant.com/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.qwant.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.qwant.com/favicon.icohttps://www.qwant.com/?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.so.com/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.so.com/favicon.icohttps://www.so.com/s?ie=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.so.com/s?ie=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.sogou.com/images/logo/old/favicon.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.sogou.com/images/logo/old/favicon.icohttps://www.sogou.com/web?ie=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.sogou.com/web?ie=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.yandex.by/chrome/newtab
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.yandex.com.tr/
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.yandex.com.tr/chrome/newtab
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.yandex.kz/chrome/newtab
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.yandex.ua/chrome/newtab
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.by/
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.by/images/search/?rpt=imageview
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.by/images/search/?rpt=imageviewhttps://www.yandex.by/chrome/newtabhttps://storage.ape
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageview
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.com.tr/gorsel/search?rpt=imageviewhttps://www.yandex.com.tr/chrome/newtab
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.com/images/search?rpt=imageview
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.com/search/?text=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.kz/
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.kz/images/search/?rpt=imageview
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.kz/images/search/?rpt=imageviewhttps://www.yandex.kz/chrome/newtabp
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.ua/
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.ua/images/search/?rpt=imageview
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yandex.ua/images/search/?rpt=imageviewhttps://www.yandex.ua/chrome/newtabp
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yastatic.net/lego/_/pDu9OWAQKB0s2J9IojKpiS_Eho.icohttps://yandex.by/
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.ico
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yastatic.net/lego/_/rBTjd6UOPk5913OSn5ZQVYMTQWQ.icohttps://yandex.com/search/?text=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://yep.com/web?q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://you.com/api/ac?domain=default&q=
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://you.com/search?tbm=youchat&q=
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown HTTPS traffic detected: 52.113.194.132:443 -> 192.168.11.20:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49767 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49768 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49770 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.165:443 -> 192.168.11.20:49772 version: TLS 1.2
Installs a raw input device (often for capturing keystrokes)
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: RegisterRawInputDevices() failed for RIDEV_REMOVE memstr_0d19808d-f
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@35/4@5/4
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe File created: C:\Users\user\AppData\Local\Temp\temp_bRBfgSMcTpYCpANwkGLzu Jump to behavior
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Name FROM Win32_Process
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: chrome.exe, 00000003.00000002.32750416934.00005C8C04104000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 45;
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31846836441.000001ECC2F1A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31888277681.000001ECC321F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31903198582.000001ECC3121000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Select the interlaced (i) or progressive (p) refresh rate from the list.;
Source: chrome.exe, 00000003.00000002.32750416934.00005C8C04104000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';
Source: chrome.exe, 00000003.00000002.32750416934.00005C8C04104000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';c ca
Source: chrome.exe, 00000003.00000002.32748102803.00005C8C039F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32744878310.00005C8C03394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.32423714979.00005C8C02CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32744703430.00005C8C03368000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'AD411B741D0DA012' AND metrics.metric_value > 0;
Source: chrome.exe, 00000003.00000002.32748102803.00005C8C039F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32744878310.00005C8C03394000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.32423714979.00005C8C02CC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.32744703430.00005C8C03368000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B691' AND metrics.metric_value > 0;
Source: chrome.exe, 00000003.00000002.32750416934.00005C8C04104000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '79964621D357AB88';c ca
Source: chrome.exe, 00000003.00000002.32750416934.00005C8C04104000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '79964621D357AB88';
Source: chrome.exe, 00000003.00000002.32742977949.00005C8C03034000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '534661B278B11BD';
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe ReversingLabs: Detection: 57%
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Process created: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe "C:\Users\user\AppData\Local\Temp\EpicUpdate.exe"
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2224,i,15343665010239501280,16387244067859444287,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2244 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-subproc-heap-profiling --field-trial-handle=4452,i,15343665010239501280,16387244067859444287,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3824 /prefetch:3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Process created: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe "C:\Users\user\AppData\Local\Temp\EpicUpdate.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2224,i,15343665010239501280,16387244067859444287,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2244 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --no-subproc-heap-profiling --field-trial-handle=4452,i,15343665010239501280,16387244067859444287,262144 --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=3824 /prefetch:3 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: pdh.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: perfos.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: acgenral.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: samcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: msacm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: dwmapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: winmmbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: edgegdi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: redlizard.pdbj source: EpicUpdate.exe, 00000002.00000003.32268595883.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: redlizard.pdb source: EpicUpdate.exe, 00000002.00000003.32268595883.0000000002F9D000.00000004.00000800.00020000.00000000.sdmp
PE file contains sections with non-standard names
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Static PE information: section name: .voltbl
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Static PE information: section name: _RDATA
Drops PE files
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe File created: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PortConnector
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM CIM_PhysicalConnector
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM CIM_Slot
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_PhysicalMemory
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe System information queried: FirmwareTableInformation Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe TID: 2592 Thread sleep time: -90000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe TID: 2504 Thread sleep time: -30000s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisorl"
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Virtual Webcam
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31836845768.000001ECC2863000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31836514521.000001ECC2855000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O T
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor Logical Processormui}
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Virtual WebcamGoogle Camera AdapterIP Camera [JPEG/MJPEG]CyberLink Webcam SplitterEpocCamp3
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2F83000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2E84000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Dynamic Memory Integration Service
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2F83000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2E84000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor Root Virtual Processor
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VHyper-V Dynamic Memory Integration Service
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: X2Hyper-V VM Vid Partition
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: THyper-V Hypervisor Root Virtual Processor
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2F83000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2E84000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor Root Partitionl
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware, Inc.
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: &Hyper-V Hypervisors
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: JHyper-V Hypervisor Logical Processor
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: sWDHyper-V Hypervisor Root Partition
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: DHyper-V Hypervisor Root Partition
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Inc.
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: DHyper-V Virtual Machine Bus Pipes
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31830411647.000001ECC2811000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: rkflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Inte
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Gearway Electronics (Dong Guan) Co., Ltd.VMware Inc.Olimex Ltd.
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Virtual Machine Bus/
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2F83000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2E84000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor Logical Processorc.sys_
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V VM Vid Partition
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V VM Vid Partition|
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Dynamic Memory Integration Service3
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor Root Partition
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VHyper-V Dynamic Memory Integration Service
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2F83000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2E84000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisoraf
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Virtual Machine Bus Pipes.
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31836514521.000001ECC28A4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count SnapshotreadWW:M
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2F83000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2E84000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Virtual Machine Bus Pipes
Source: chrome.exe, 00000003.00000002.32725292827.00000275340EC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllooB
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: AlDHyper-V Virtual Machine Bus Pipesd
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware Fusion 4 has corrupt rendering on Windows
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: JHyper-V Hypervisor Logical Processor
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Hypervisor Root Virtual Processor{
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: THyper-V Hypervisor Root Virtual Processor>
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004AD9000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Qemu Audio Device
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31830537283.000001ECC0E7F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31830093071.000001ECC0E7F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 56Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost5032Debug Register Accesses/sec5034Debug Register Accesses Cost5036Page Fault Intercepts/sec5038Page Fault Intercepts Cost5040NMI Interrupts/sec5042NMI Interrupts Cost5044Guest Page Table Maps/sec5046Large Page TLB Fills/sec5048Small Page TLB Fills/sec5050Reflected Guest Page Faults/sec5052APIC MMIO Accesses/sec5054IO Intercept Messages/sec5056Memory Intercept Messages/sec5058APIC EOI Accesses/sec5060Other Messages/sec5062Page Table Allocations/sec5064Logical Processor Migrations/sec5066Address Space Evictions/sec5068Address Space Switches/sec5070Addr
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: &Hyper-V Hypervisorr
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31836514521.000001ECC28A4000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Proce
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31892912851.000001ECC2FFC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31856570034.000001ECC2F01000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: 2Hyper-V VM Vid Partition.dll(
Source: EpicUpdate.exe, 00000002.00000003.32366887199.0000000004508000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: VMware can crash with older drivers and WebGL content
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
LummaC encrypted strings found
Source: EpicUpdate.exe, 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: drawwyobstacw.sbs
Source: EpicUpdate.exe, 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: condifendteu.sbs
Source: EpicUpdate.exe, 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: ehticsprocw.sbs
Source: EpicUpdate.exe, 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: vennurviot.sbs
Source: EpicUpdate.exe, 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: resinedyw.sbs
Source: EpicUpdate.exe, 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: enlargkiw.sbs
Source: EpicUpdate.exe, 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: allocatinow.sbs
Source: EpicUpdate.exe, 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: mathcucom.sbs
Source: EpicUpdate.exe, 00000002.00000003.32268342328.0000000001530000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: scratgyy.biz
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe Process created: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe "C:\Users\user\AppData\Local\Temp\EpicUpdate.exe" Jump to behavior
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31902009033.000001ECC3005000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31841061318.000001ECC2D0D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Shell_TrayWnd
Source: SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31902009033.000001ECC3005000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe, 00000000.00000003.31841061318.000001ECC2D0D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Shell_TrayWndMv/-
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Queries volume information: C:\Users\user\AppData\Local\Temp\temp_bRBfgSMcTpYCpANwkGLzu VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cert9.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\prefs.js Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\formhistory.sqlite Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\key4.db Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\logins.json Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\FTPGetter Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\FTPbox Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\FTPInfo Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\FTPRush Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\ProgramData\SiteDesigner\3D-FTP Jump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Binance Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB Jump to behavior
Searches for user specific document files
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\EFOYFBOLXA Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\GRXZDKKVDB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\HMPPSXQPQV Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\ZGGKNSUKOP Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\EFOYFBOLXA Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\GRXZDKKVDB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\HMPPSXQPQV Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\NYMMPCEIMA Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\UNKRLCVOHV Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\UNKRLCVOHV Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\ZGGKNSUKOP Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\ZGGKNSUKOP Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\EFOYFBOLXA Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\EOWRVPQCCS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\NVWZAPQSQL Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\NYMMPCEIMA Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\NYMMPCEIMA Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\UNKRLCVOHV Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\EFOYFBOLXA Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\EOWRVPQCCS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\HMPPSXQPQV Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\NVWZAPQSQL Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\NYMMPCEIMA Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\EOWRVPQCCS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\EFOYFBOLXA Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\GRXZDKKVDB Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\EpicUpdate.exe Directory queried: C:\Users\user\Documents\GRXZDKKVDB Jump to behavior

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1543317 Sample: SecuriteInfo.com.Win64.Cryp... Startdate: 27/10/2024 Architecture: WINDOWS Score: 100 31 scratgyy.biz 2->31 37 Suricata IDS alerts for network traffic 2->37 39 Found malware configuration 2->39 41 Multi AV Scanner detection for submitted file 2->41 43 3 other signatures 2->43 9 SecuriteInfo.com.Win64.CrypterX-gen.14264.32283.exe 2 2->9         started        signatures3 process4 file5 25 C:\Users\user\AppData\...picUpdate.exe, PE32 9->25 dropped 45 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 9->45 47 Queries memory information (via WMI often done to detect virtual machines) 9->47 13 EpicUpdate.exe 9->13         started        signatures6 process7 dnsIp8 35 scratgyy.biz 104.21.64.165, 443, 49745, 49746 CLOUDFLARENETUS United States 13->35 49 Query firmware table information (likely to detect VMs) 13->49 51 Machine Learning detection for dropped file 13->51 53 Tries to harvest and steal ftp login credentials 13->53 55 3 other signatures 13->55 17 chrome.exe 13->17         started        signatures9 process10 dnsIp11 27 192.168.11.20, 137, 1900, 443 unknown unknown 17->27 29 239.255.255.250, 1900 unknown Reserved 17->29 20 chrome.exe 17->20         started        23 chrome.exe 17->23         started        process12 dnsIp13 33 www.google.com 142.251.40.100, 443, 49750, 49751 GOOGLEUS United States 20->33
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.64.165
 scratgyy.biz United States
13335 CLOUDFLARENETUS true
142.251.40.100
 www.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false

Private

IP
192.168.11.20

Contacted Domains

Name IP Active
scratgyy.biz 104.21.64.165 true
www.google.com 142.251.40.100 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://scratgyy.biz/api true
    		unknown
    condifendteu.sbs true
      		unknown