6012a045f413abdf7e8f1c70848448ff307a3e1854a2313d7d4998f8ebc96f5d

Analysis

max time kernel
126s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2023, 19:08 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Buff Achievement Tracker - Installer.exe
Size

2.0MB
MD5

e9d1d646b6376de5c6f6b50d6576b500
SHA1

0e89df9bcf7451019152febe5b2af6d3ea5dc3cf
SHA256

6012a045f413abdf7e8f1c70848448ff307a3e1854a2313d7d4998f8ebc96f5d
SHA512

a2784682ec031a015c83f5d463358482c1b898ee6a616e40a24c73051e8c68caa2bbc1172213393bec4405bafc67989a04cbb58cd19235e8366d2c52e9ffa178
SSDEEP

49152:FT/vxE87vxpsrFpIvxrpLCvsMcOiX8isGAYkjyRUcL:FT/ZPN+TIvvLCvslsiHzDC

Score

5^/10

persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3259792829-1422303781-2047321929-1000\Control Panel\International\Geo\Nation	OWinstaller.exe

Drops file in System32 directory 18 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	DxDiag.exe

Executes dropped EXE 1 IoCs

pid	Process
1960	OWinstaller.exe

Loads dropped DLL 11 IoCs

pid	Process
2192	Buff Achievement Tracker - Installer.exe
2192	Buff Achievement Tracker - Installer.exe
2192	Buff Achievement Tracker - Installer.exe
2192	Buff Achievement Tracker - Installer.exe
2192	Buff Achievement Tracker - Installer.exe
2192	Buff Achievement Tracker - Installer.exe
2192	Buff Achievement Tracker - Installer.exe
1960	OWinstaller.exe
1960	OWinstaller.exe
1960	OWinstaller.exe
1960	OWinstaller.exe

Registers COM server for autorun 1 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\System32\\dxdiagn.dll"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	DxDiag.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DxDiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DxDiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DxDiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DxDiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DxDiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DxDiag.exe

Modifies registry class 35 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\System32\\dxdiagn.dll"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}	DxDiag.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3259792829-1422303781-2047321929-1000\{17104BE1-4CFB-4049-8F12-A32512F8D343}	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID	DxDiag.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
1960	OWinstaller.exe
1960	OWinstaller.exe
1960	OWinstaller.exe
924	DxDiag.exe
924	DxDiag.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1960	OWinstaller.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1960	OWinstaller.exe
1960	OWinstaller.exe
1960	OWinstaller.exe
924	DxDiag.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 1960	2192	Buff Achievement Tracker - Installer.exe	80
PID 2192 wrote to memory of 1960	2192	Buff Achievement Tracker - Installer.exe	80
PID 1960 wrote to memory of 924	1960	OWinstaller.exe	82
PID 1960 wrote to memory of 924	1960	OWinstaller.exe	82

C:\Users\Admin\AppData\Local\Temp\Buff Achievement Tracker - Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Buff Achievement Tracker - Installer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWinstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&Referer=www.buff.game&Browser=chrome -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\AppData\Local\Temp\Buff Achievement Tracker - Installer.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1960
- - C:\Windows\System32\DxDiag.exe
    "C:\Windows\System32\DxDiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
    3⤵
    - Drops file in System32 directory
    - Registers COM server for autorun
    - Checks SCSI registry key(s)
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:924

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
PID:4376

Network

DNS

analyticsnew.overwolf.com

OWinstaller.exe

Remote address:

8.8.8.8:53

Request

analyticsnew.overwolf.com

IN A

Response

analyticsnew.overwolf.com

IN CNAME

cds.d3x4y6v5.hwcdn.net

cds.d3x4y6v5.hwcdn.net

IN A

69.16.175.10

cds.d3x4y6v5.hwcdn.net

IN A

69.16.175.42
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
GET

http://analyticsnew.overwolf.com/analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.218.0.8%22%7d%5d

Buff Achievement Tracker - Installer.exe

Remote address:

69.16.175.10:80

Request

GET /analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.218.0.8%22%7d%5d HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: analyticsnew.overwolf.com
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Date: Thu, 29 Jun 2023 19:08:59 GMT
Connection: Keep-Alive
ETag: "1422197399"
Cache-Control: max-age=0
Content-Length: 2
Content-Type: application/octet-stream
Last-Modified: Sun, 25 Jan 2015 14:49:59 GMT
Accept-Ranges: bytes
X-HW: 1688065739.dop205.am5.t,1688065739.cds146.am5.c
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
DNS

10.175.16.69.in-addr.arpa

Remote address:

8.8.8.8:53

Request

10.175.16.69.in-addr.arpa

IN PTR

Response

10.175.16.69.in-addr.arpa

IN PTR

hwcdnnet

10.175.16.69.in-addr.arpa

IN PTR

tlb�7
DNS

254.143.241.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.143.241.8.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
GET

http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=41387868&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=17080157&utmr=/&utmp=/&utmac=UA-80584726-1&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event

OWinstaller.exe

Remote address:

172.217.23.206:80

Request

GET /__utm.gif?utmwv=4.7.2&utmn=41387868&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=17080157&utmr=/&utmp=/&utmac=UA-80584726-1&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event HTTP/1.1
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 10.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.638.0 Safari/534.16
Host: www.google-analytics.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Thu, 29 Jun 2023 02:16:56 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 60726
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
GET

http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=288911388&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=677036673&utmr=/&utmp=/&utmac=UA-18298709-8&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event

OWinstaller.exe

Remote address:

172.217.23.206:80

Request

GET /__utm.gif?utmwv=4.7.2&utmn=288911388&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=677036673&utmr=/&utmp=/&utmac=UA-18298709-8&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event HTTP/1.1
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 10.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.638.0 Safari/534.16
Host: www.google-analytics.com

Response

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Thu, 29 Jun 2023 02:16:56 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 60726
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
DNS

54.120.234.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

54.120.234.20.in-addr.arpa

IN PTR

Response
GET

http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Funnel2_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d

OWinstaller.exe

Remote address:

69.16.175.10:80

Request

GET /analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Funnel2_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d HTTP/1.1
Host: analyticsnew.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Date: Thu, 29 Jun 2023 19:09:02 GMT
Connection: Keep-Alive
ETag: "1422197399"
Cache-Control: max-age=0
Content-Length: 2
Content-Type: application/octet-stream
Last-Modified: Sun, 25 Jan 2015 14:49:59 GMT
Accept-Ranges: bytes
X-HW: 1688065742.dop012.am5.t,1688065742.cds146.am5.c
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
GET

http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522existingUUID%2522%252c%2522Value%2522%253a%25227a0b5f63-92b5-4443-b457-34250c67f41d%2522%257d%252c%257b%2522Name%2522%253a%2522appstoreUUID%2522%252c%2522Value%2522%253a%2522%2522%257d%252c%257b%2522Name%2522%253a%2522clientInstalled%2522%252c%2522Value%2522%253a%2522False%2522%257d%252c%257b%2522Name%2522%253a%2522sel_app%2522%252c%2522Value%2522%253a%2522caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d

OWinstaller.exe

Remote address:

69.16.175.10:80

Request

GET /analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522existingUUID%2522%252c%2522Value%2522%253a%25227a0b5f63-92b5-4443-b457-34250c67f41d%2522%257d%252c%257b%2522Name%2522%253a%2522appstoreUUID%2522%252c%2522Value%2522%253a%2522%2522%257d%252c%257b%2522Name%2522%253a%2522clientInstalled%2522%252c%2522Value%2522%253a%2522False%2522%257d%252c%257b%2522Name%2522%253a%2522sel_app%2522%252c%2522Value%2522%253a%2522caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d HTTP/1.1
Host: analyticsnew.overwolf.com

Response

HTTP/1.1 200 OK

Date: Thu, 29 Jun 2023 19:09:02 GMT
Connection: Keep-Alive
ETag: "1422197399"
Cache-Control: max-age=0
Content-Length: 2
Content-Type: application/octet-stream
Last-Modified: Sun, 25 Jan 2015 14:49:59 GMT
Accept-Ranges: bytes
X-HW: 1688065742.dop012.am5.t,1688065742.cds146.am5.c
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
GET

http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=installer_webbrowser_init&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522ver%2522%252c%2522Value%2522%253a%252211.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d

OWinstaller.exe

Remote address:

69.16.175.10:80

Request

GET /analytics/Counter?CurrentVersion=&PartnerID=3762&Name=installer_webbrowser_init&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522ver%2522%252c%2522Value%2522%253a%252211.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d HTTP/1.1
Host: analyticsnew.overwolf.com

Response

HTTP/1.1 200 OK

Date: Thu, 29 Jun 2023 19:09:02 GMT
Connection: Keep-Alive
ETag: "1422197399"
Cache-Control: max-age=0
Content-Length: 2
Content-Type: application/octet-stream
Last-Modified: Sun, 25 Jan 2015 14:49:59 GMT
Accept-Ranges: bytes
X-HW: 1688065742.dop012.am5.t,1688065742.cds146.am5.c
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
DNS

206.23.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.217.172.in-addr.arpa

IN PTR

Response

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f141e100net

206.23.217.172.in-addr.arpa

IN PTR

prg03s05-in-f206�I

206.23.217.172.in-addr.arpa

IN PTR

ams16s37-in-f14�I
DNS

23.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.159.190.20.in-addr.arpa

IN PTR

Response
DNS

cdn.mxpnl.com

OWinstaller.exe

Remote address:

8.8.8.8:53

Request

cdn.mxpnl.com

IN A

Response

cdn.mxpnl.com

IN A

35.186.235.23

cdn.mxpnl.com

IN A

130.211.5.208
GET

https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js

OWinstaller.exe

Remote address:

35.186.235.23:443

Request

GET /libs/mixpanel-2-latest.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: cdn.mxpnl.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

X-GUploader-UploadID: ADPycdufgIKkelin73MrhmQb_5mNYxuNeFlflHWO2lRNMBuc4aOBO6Jh9au82zrL6OT699aFmFgwrW0YPKpjotL_T_MMzR2x7QRk
x-goog-generation: 1683307999305716
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 17969
Content-Encoding: gzip
x-goog-hash: crc32c=6XUl6A==
x-goog-hash: md5=brYSoAD8ED4naeV2po/EEg==
x-goog-storage-class: MULTI_REGIONAL
Accept-Ranges: bytes
Content-Length: 17969
Access-Control-Allow-Origin: *
Server: UploadServer
Date: Thu, 29 Jun 2023 02:49:12 GMT
Expires: Fri, 30 Jun 2023 02:49:12 GMT
Cache-Control: public,max-age=86400
Last-Modified: Fri, 05 May 2023 17:33:19 GMT
ETag: "6eb612a000fc103e2769e576a68fc412"
Content-Type: text/javascript
Vary: Accept-Encoding
Age: 58792
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

content.overwolf.com

OWinstaller.exe

Remote address:

8.8.8.8:53

Request

content.overwolf.com

IN A

Response

content.overwolf.com

IN CNAME

d2t3tkftmx1fe5.cloudfront.net

d2t3tkftmx1fe5.cloudfront.net

IN A

13.227.219.49

d2t3tkftmx1fe5.cloudfront.net

IN A

13.227.219.33

d2t3tkftmx1fe5.cloudfront.net

IN A

13.227.219.2

d2t3tkftmx1fe5.cloudfront.net

IN A

13.227.219.73
DNS

storeapi.overwolf.com

OWinstaller.exe

Remote address:

8.8.8.8:53

Request

storeapi.overwolf.com

IN A

Response

storeapi.overwolf.com

IN CNAME

d19oaezzrax0ot.cloudfront.net

d19oaezzrax0ot.cloudfront.net

IN A

65.9.86.64

d19oaezzrax0ot.cloudfront.net

IN A

65.9.86.50

d19oaezzrax0ot.cloudfront.net

IN A

65.9.86.65

d19oaezzrax0ot.cloudfront.net

IN A

65.9.86.37
GET

https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 06 Dec 2021 15:49:53 GMT
x-amz-meta-cb-modifiedtime: Sun, 17 Jan 2021 09:26:59 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 29 Jun 2023 03:35:05 GMT
ETag: W/"8fe162483b4326f4c8ca4c1fe8840607"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: iO4RJxRVm6Okv3utZDFbdOiDHO45T7uwpbNw35-YH20qz9ZW-5uDUQ==
Age: 58293
GET

https://content.overwolf.com/cmp/vendor-list.json

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /cmp/vendor-list.json HTTP/1.1
Accept: */*
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 23 Jun 2023 18:18:01 GMT
x-amz-server-side-encryption: AES256
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 29 Jun 2023 02:44:00 GMT
ETag: W/"e092bb8c1dd2a678752e44a3fc689aae"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: PzxeOr34nLi4C_zobXBV2MrjBA5_qRlJ43xfSeSKXS9fUPDUZ15n9w==
Age: 59146
GET

https://content.overwolf.com/Installer/webapp3/css/fonts.css

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /Installer/webapp3/css/fonts.css HTTP/1.1
Accept: */*
Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 06 Dec 2021 15:49:46 GMT
x-amz-meta-cb-modifiedtime: Sun, 02 Jun 2019 10:14:49 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 29 Jun 2023 07:12:25 GMT
ETag: W/"2778c70161bb0aec49f4207e1430bf63"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: 6xo_gqIns2WHTmTlA6_Sd-Mzq8kRBcacj5oq1OLXk6vgp2wXyH50iQ==
Age: 43488
GET

https://content.overwolf.com/Installer/webapp3/js/libs/jquery-1.10.2.min.js

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /Installer/webapp3/js/libs/jquery-1.10.2.min.js HTTP/1.1
Accept: */*
Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 06 Dec 2021 15:49:15 GMT
x-amz-meta-cb-modifiedtime: Tue, 19 Sep 2017 06:57:52 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 29 Jun 2023 05:22:22 GMT
ETag: W/"f5181545817b45e967869df84ad33f49"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: Gu3dBzYzNCWtvSB8C0PYzTTB64P4kB_syclLCkrWg4o1Cou-y62caA==
Age: 49820
GET

https://content.overwolf.com/Installer/webapp3/images/progress-app-image-01.png

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /Installer/webapp3/images/progress-app-image-01.png HTTP/1.1
Accept: */*
Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 2440
Connection: keep-alive
Last-Modified: Mon, 06 Dec 2021 15:49:44 GMT
x-amz-meta-cb-modifiedtime: Thu, 02 Dec 2021 11:23:14 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 29 Jun 2023 04:11:47 GMT
ETag: "6276c4f73df3a91718a12878c63dcf24"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: Lq0zg1ugg9Z8neeRt4NIOFiT8a_WNFY6XSHEfCxbpSvz7vupmqPAnQ==
Age: 54188
GET

https://content.overwolf.com/Installer/webapp3/images/progress-app-image-03.png

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /Installer/webapp3/images/progress-app-image-03.png HTTP/1.1
Accept: */*
Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 1847
Connection: keep-alive
Last-Modified: Mon, 06 Dec 2021 15:49:44 GMT
x-amz-meta-cb-modifiedtime: Thu, 02 Dec 2021 11:23:16 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 29 Jun 2023 04:11:47 GMT
ETag: "38ead88ccac4d4f8077e265aafc186bc"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: EkoiDinPGBvmfWuLS668uQh_5i0rdD8mtrdzHsgKGA0qcKf7LROx3A==
Age: 54429
GET

https://storeapi.overwolf.com/asset/tile-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl

OWinstaller.exe

Remote address:

65.9.86.64:443

Request

GET /asset/tile-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl HTTP/1.1
Accept: */*
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: storeapi.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Content-Type: text/plain; charset=utf-8
Content-Length: 147
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Accept, Content-Type, Authorization
Access-Control-Allow-Methods: POST, PUT, GET, OPTIONS
Access-Control-Allow-Origin: *
Date: Thu, 29 Jun 2023 19:08:32 GMT
Location: https://www.overwolf.com/.galleries/app-tiles/buff.game-Buff_Achievement_Tracker_Tilee2c77c14-c947-4689-a168-7078966c10c5.jpg
Server: nginx/1.14.1
X-Cache: Hit from cloudfront
Via: 1.1 fb8f21b90b0483bdc64e7c79b3e007e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
X-Amz-Cf-Id: M0Hu7E-9qcM_mTFRIG1BWpwoRExshn97GgVzOCeUGLI5XnS9T55SMw==
Age: 33
GET

https://storeapi.overwolf.com/asset/logo-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl

OWinstaller.exe

Remote address:

65.9.86.64:443

Request

GET /asset/logo-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl HTTP/1.1
Accept: */*
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: storeapi.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Moved Temporarily

Content-Type: text/plain; charset=utf-8
Content-Length: 147
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Accept, Content-Type, Authorization
Access-Control-Allow-Methods: POST, PUT, GET, OPTIONS
Access-Control-Allow-Origin: *
Date: Thu, 29 Jun 2023 18:57:39 GMT
Location: https://www.overwolf.com/.galleries/app-icons/buff.game-Buff_Achievement_Tracker_Icone2c77c14-c947-4689-a168-7078966c10c5.png
Server: nginx/1.14.1
X-Cache: Hit from cloudfront
Via: 1.1 2bf8812c27f5e451eba4aef5c1aff6ae.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
X-Amz-Cf-Id: dNfcGWWDW96WagtPoGZO8NjroZbwhK439oROJ96RGuPLFife4PUrLA==
Age: 686
DNS

api-js.mixpanel.com

OWinstaller.exe

Remote address:

8.8.8.8:53

Request

api-js.mixpanel.com

IN A

Response

api-js.mixpanel.com

IN A

107.178.240.159

api-js.mixpanel.com

IN A

35.190.25.25

api-js.mixpanel.com

IN A

35.186.241.51

api-js.mixpanel.com

IN A

130.211.34.183
POST

https://api-js.mixpanel.com/track/?ip=1&_=1688065743903

OWinstaller.exe

Remote address:

107.178.240.159:443

Request

POST /track/?ip=1&_=1688065743903 HTTP/1.1
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: api-js.mixpanel.com
Content-Length: 1012
Connection: Keep-Alive
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: X-MP-CE-Backoff
access-control-max-age: 1728000
cache-control: no-cache, no-store
content-type: application/json
strict-transport-security: max-age=604800; includeSubDomains
date: Thu, 29 Jun 2023 19:09:05 GMT
content-length: 1
x-envoy-upstream-service-time: 7
server: envoy
Via: 1.1 google
Alt-Svc: clear
GET

https://content.overwolf.com/cmp/vendor-list.json

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /cmp/vendor-list.json HTTP/1.1
Accept: */*
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 23 Jun 2023 18:18:01 GMT
x-amz-server-side-encryption: AES256
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 29 Jun 2023 02:44:00 GMT
ETag: W/"e092bb8c1dd2a678752e44a3fc689aae"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: Z-kmrcbG_iUkExBix5QHsegr8hHvZDGdjfplx9YgKH_GRv_QdUihpw==
Age: 59146
GET

https://content.overwolf.com/Installer/webapp3/css/reset.css

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /Installer/webapp3/css/reset.css HTTP/1.1
Accept: */*
Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css
Content-Length: 427
Connection: keep-alive
Last-Modified: Mon, 06 Dec 2021 15:49:46 GMT
x-amz-meta-cb-modifiedtime: Sun, 02 Jun 2019 10:14:49 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 29 Jun 2023 17:44:14 GMT
ETag: "d29f1cfab4739a8757e86b90ee9a745f"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: zJP0UvaUHI2arpyice8HWnIALfPqIpo4xcQdujESNL5CMf-02b0Qiw==
Age: 5152
GET

https://content.overwolf.com/Installer/webapp3/css/style.css

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /Installer/webapp3/css/style.css HTTP/1.1
Accept: */*
Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 06 Dec 2021 15:49:46 GMT
x-amz-meta-cb-modifiedtime: Sun, 02 Jun 2019 10:14:49 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 29 Jun 2023 17:45:38 GMT
ETag: W/"bde238bc90d90deecbdfebadafbac483"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: r_BXSGrX5ykAeJ_t0XKjkYfKrG-EgdH2gUE-TWzLyHJGmImVVmv5ZA==
Age: 5008
GET

https://content.overwolf.com/Installer/webapp3/css/progress.css

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /Installer/webapp3/css/progress.css HTTP/1.1
Accept: */*
Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: text/css
Content-Length: 702
Connection: keep-alive
Last-Modified: Mon, 06 Dec 2021 15:49:46 GMT
x-amz-meta-cb-modifiedtime: Mon, 06 Dec 2021 15:47:02 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 29 Jun 2023 04:11:47 GMT
ETag: "1d66bac6d892d75acd1ca5fe4fd39974"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: 0nFvmpzHB5prqxfBOkozinE3E8e-SwWSzFV6BqQDmK7tXC_eDcdcfg==
Age: 54188
GET

https://content.overwolf.com/Installer/webapp3/js/block_inputs.js

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /Installer/webapp3/js/block_inputs.js HTTP/1.1
Accept: */*
Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/x-javascript
Content-Length: 281
Connection: keep-alive
Last-Modified: Mon, 06 Dec 2021 15:49:16 GMT
x-amz-meta-cb-modifiedtime: Tue, 31 Oct 2017 10:02:10 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 29 Jun 2023 18:29:29 GMT
ETag: "78958110509900367e8bd8f6fe554e70"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: Q_wmPA-5y1FCo6WZdWfAd7LS7pxgQyMgiR7dbY64ljLXgbh6yyxKzg==
Age: 2389
GET

https://content.overwolf.com/Installer/webapp3/images/progress-app-image-02.png

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /Installer/webapp3/images/progress-app-image-02.png HTTP/1.1
Accept: */*
Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 2294
Connection: keep-alive
Last-Modified: Mon, 06 Dec 2021 15:49:44 GMT
x-amz-meta-cb-modifiedtime: Thu, 02 Dec 2021 11:23:15 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 29 Jun 2023 05:22:22 GMT
ETag: "9626ec7a1330f4fa65abb37f08ff6421"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: Vx6UgVEBGzuKyxR4gHsV5SKmao4s5B4SCjyvSgk59Azk6BmgIR3GbA==
Age: 49615
GET

https://content.overwolf.com/Installer/webapp3/assets/fonts/lato/Lato-Regular.eot?

OWinstaller.exe

Remote address:

13.227.219.49:443

Request

GET /Installer/webapp3/assets/fonts/lato/Lato-Regular.eot? HTTP/1.1
Accept: */*
Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
Accept-Language: en-US
Origin: https://content.overwolf.com
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: content.overwolf.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Content-Length: 253461
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, HEAD
Access-Control-Max-Age: 3000
Last-Modified: Mon, 06 Dec 2021 15:49:47 GMT
x-amz-meta-cb-modifiedtime: Sat, 25 May 2019 10:14:01 GMT
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 29 Jun 2023 06:44:10 GMT
ETag: "8ab18d934cfa1e51dc8273cd8585387e"
Vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
X-Cache: Hit from cloudfront
Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS54-C1
X-Amz-Cf-Id: 0_YwtzmIpjnbMZW6ZIY3uEvLQLvZTtfePhRsJRvcQEGLZBRTsIZ8BQ==
Age: 44714
DNS

23.235.186.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.235.186.35.in-addr.arpa

IN PTR

Response

23.235.186.35.in-addr.arpa

IN PTR

2323518635bcgoogleusercontentcom
DNS

49.219.227.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

49.219.227.13.in-addr.arpa

IN PTR

Response

49.219.227.13.in-addr.arpa

IN PTR

server-13-227-219-49ams54r cloudfrontnet
DNS

64.86.9.65.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.86.9.65.in-addr.arpa

IN PTR

Response

64.86.9.65.in-addr.arpa

IN PTR

server-65-9-86-64ams1r cloudfrontnet
DNS

159.240.178.107.in-addr.arpa

Remote address:

8.8.8.8:53

Request

159.240.178.107.in-addr.arpa

IN PTR

Response

159.240.178.107.in-addr.arpa

IN PTR

159240178107bcgoogleusercontentcom
DNS

136.61.156.108.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.61.156.108.in-addr.arpa

IN PTR

Response

136.61.156.108.in-addr.arpa

IN PTR

server-108-156-61-136ams1r cloudfrontnet
DNS

ocsp.r2m02.amazontrust.com

OWinstaller.exe

Remote address:

8.8.8.8:53

Request

ocsp.r2m02.amazontrust.com

IN A

Response

ocsp.r2m02.amazontrust.com

IN A

18.66.128.120
DNS

www.overwolf.com

OWinstaller.exe

Remote address:

8.8.8.8:53

Request

www.overwolf.com

IN A

Response

www.overwolf.com

IN CNAME

d9izjqopfltbj.cloudfront.net

d9izjqopfltbj.cloudfront.net

IN A

65.9.86.64

d9izjqopfltbj.cloudfront.net

IN A

65.9.86.57

d9izjqopfltbj.cloudfront.net

IN A

65.9.86.123

d9izjqopfltbj.cloudfront.net

IN A

65.9.86.107
GET

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEALwVLnxzZ9BlqdgaIzdoyI%3D

OWinstaller.exe

Remote address:

18.66.128.120:80

Request

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEALwVLnxzZ9BlqdgaIzdoyI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.r2m02.amazontrust.com

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Thu, 29 Jun 2023 18:59:36 GMT
Server: ECAcc (amb/6B4C)
X-Cache: Hit from cloudfront
Via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P2
X-Amz-Cf-Id: aFlwbFmfphD8rpOsfCv2RhUKBryyCtfJbfyt5KeldihhpLAg6LRVqA==
Age: 569
GET

https://www.overwolf.com/.galleries/app-icons/buff.game-Buff_Achievement_Tracker_Icone2c77c14-c947-4689-a168-7078966c10c5.png

OWinstaller.exe

Remote address:

65.9.86.64:443

Request

GET /.galleries/app-icons/buff.game-Buff_Achievement_Tracker_Icone2c77c14-c947-4689-a168-7078966c10c5.png HTTP/1.1
Accept: */*
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: www.overwolf.com

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 958
Connection: keep-alive
Date: Thu, 29 Jun 2023 19:00:44 GMT
Server: Apache
Expires: Fri, 30 Jun 2023 16:02:47 CEST
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: Hit from cloudfront
Via: 1.1 e029c86e892e2d8a35492f6625a1d26e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: _rHYABxjq8i6gT8MEy_wUH2t3oqEK3tCHdEdPYrXQderrUvLgrJU0w==
Age: 18378
GET

https://www.overwolf.com/.galleries/app-tiles/buff.game-Buff_Achievement_Tracker_Tilee2c77c14-c947-4689-a168-7078966c10c5.jpg

OWinstaller.exe

Remote address:

65.9.86.64:443

Request

GET /.galleries/app-tiles/buff.game-Buff_Achievement_Tracker_Tilee2c77c14-c947-4689-a168-7078966c10c5.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Connection: Keep-Alive
Host: www.overwolf.com

Response

HTTP/1.1 200 OK

Content-Type: image/jpeg
Content-Length: 68547
Connection: keep-alive
Date: Thu, 29 Jun 2023 18:55:26 GMT
Server: Apache
Expires: Fri, 30 Jun 2023 23:04:47 KST
Access-Control-Allow-Origin: *
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Cache: Hit from cloudfront
Via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
Alt-Svc: h3=":443"; ma=86400
X-Amz-Cf-Id: wOowcHO_8iG3Bb8T9cS5FpDfdFizaqY0aDAwWSrugpVM5toUPxyYjA==
Age: 18257
DNS

11.102.239.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

11.102.239.18.in-addr.arpa

IN PTR

Response

11.102.239.18.in-addr.arpa

IN PTR

server-18-239-102-11ams1r cloudfrontnet
DNS

106.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.208.58.216.in-addr.arpa

IN PTR

Response

106.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f1061e100net

106.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f10�J
DNS

35.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.36.251.142.in-addr.arpa

IN PTR

Response

35.36.251.142.in-addr.arpa

IN PTR

ams17s12-in-f31e100net
DNS

120.128.66.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

120.128.66.18.in-addr.arpa

IN PTR

Response

120.128.66.18.in-addr.arpa

IN PTR

server-18-66-128-120fra60r cloudfrontnet
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

212.46.222.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.46.222.23.in-addr.arpa

IN PTR

Response

212.46.222.23.in-addr.arpa

IN PTR

a23-222-46-212deploystaticakamaitechnologiescom
DNS

99.113.223.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.113.223.173.in-addr.arpa

IN PTR

Response

99.113.223.173.in-addr.arpa

IN PTR

a173-223-113-99deploystaticakamaitechnologiescom
DNS

99.113.223.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.113.223.173.in-addr.arpa

IN PTR

Response

99.113.223.173.in-addr.arpa

IN PTR

a173-223-113-99deploystaticakamaitechnologiescom
DNS

58.14.97.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.14.97.104.in-addr.arpa

IN PTR

Response

58.14.97.104.in-addr.arpa

IN PTR

a104-97-14-58deploystaticakamaitechnologiescom
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

86.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.23.85.13.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

8.195.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.195.19.2.in-addr.arpa

IN PTR

Response

8.195.19.2.in-addr.arpa

IN PTR

a2-19-195-8deploystaticakamaitechnologiescom
DNS

8.195.19.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.195.19.2.in-addr.arpa

IN PTR

Response

8.195.19.2.in-addr.arpa

IN PTR

a2-19-195-8deploystaticakamaitechnologiescom
DNS

86.8.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.8.109.52.in-addr.arpa

IN PTR

Response
DNS

86.8.109.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.8.109.52.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response

69.16.175.10:80

http://analyticsnew.overwolf.com/analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.218.0.8%22%7d%5d

http

Buff Achievement Tracker - Installer.exe

871 B
589 B
13
5

HTTP Request

GET http://analyticsnew.overwolf.com/analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.218.0.8%22%7d%5d

HTTP Response

200
172.217.23.206:80

http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=288911388&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=677036673&utmr=/&utmp=/&utmac=UA-18298709-8&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event

http

OWinstaller.exe

1.6kB
1.1kB
7
5

HTTP Request

GET http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=41387868&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=17080157&utmr=/&utmp=/&utmac=UA-80584726-1&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event

HTTP Response

200

HTTP Request

GET http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=288911388&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=677036673&utmr=/&utmp=/&utmac=UA-18298709-8&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event

HTTP Response

200
69.16.175.10:80

http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=installer_webbrowser_init&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522ver%2522%252c%2522Value%2522%253a%252211.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d

http

OWinstaller.exe

2.3kB
1.5kB
16
10

HTTP Request

GET http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Funnel2_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d

HTTP Response

200

HTTP Request

GET http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522existingUUID%2522%252c%2522Value%2522%253a%25227a0b5f63-92b5-4443-b457-34250c67f41d%2522%257d%252c%257b%2522Name%2522%253a%2522appstoreUUID%2522%252c%2522Value%2522%253a%2522%2522%257d%252c%257b%2522Name%2522%253a%2522clientInstalled%2522%252c%2522Value%2522%253a%2522False%2522%257d%252c%257b%2522Name%2522%253a%2522sel_app%2522%252c%2522Value%2522%253a%2522caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d

HTTP Response

200

HTTP Request

GET http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=installer_webbrowser_init&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522ver%2522%252c%2522Value%2522%253a%252211.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d

HTTP Response

200
35.186.235.23:443

https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js

tls, http

OWinstaller.exe

1.9kB
25.2kB
27
23

HTTP Request

GET https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js

HTTP Response

200
13.227.219.49:443

content.overwolf.com

tls

OWinstaller.exe

647 B
6.2kB
10
7
13.227.219.49:443

https://content.overwolf.com/Installer/webapp3/images/progress-app-image-03.png

tls, http

OWinstaller.exe

7.5kB
110.6kB
94
88

HTTP Request

GET https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1

HTTP Response

200

HTTP Request

GET https://content.overwolf.com/cmp/vendor-list.json

HTTP Response

200

HTTP Request

GET https://content.overwolf.com/Installer/webapp3/css/fonts.css

HTTP Response

200

HTTP Request

GET https://content.overwolf.com/Installer/webapp3/js/libs/jquery-1.10.2.min.js

HTTP Response

200

HTTP Request

GET https://content.overwolf.com/Installer/webapp3/images/progress-app-image-01.png

HTTP Response

200

HTTP Request

GET https://content.overwolf.com/Installer/webapp3/images/progress-app-image-03.png

HTTP Response

200
65.9.86.64:443

https://storeapi.overwolf.com/asset/tile-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl

tls, http

OWinstaller.exe

1.3kB
6.9kB
13
11

HTTP Request

GET https://storeapi.overwolf.com/asset/tile-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl

HTTP Response

302
65.9.86.64:443

https://storeapi.overwolf.com/asset/logo-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl

tls, http

OWinstaller.exe

1.3kB
7.4kB
14
11

HTTP Request

GET https://storeapi.overwolf.com/asset/logo-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl

HTTP Response

302
107.178.240.159:443

https://api-js.mixpanel.com/track/?ip=1&_=1688065743903

tls, http

OWinstaller.exe

2.4kB
6.1kB
14
11

HTTP Request

POST https://api-js.mixpanel.com/track/?ip=1&_=1688065743903

HTTP Response

200
13.227.219.49:443

https://content.overwolf.com/Installer/webapp3/assets/fonts/lato/Lato-Regular.eot?

tls, http

OWinstaller.exe

15.4kB
334.9kB
256
249

HTTP Request

GET https://content.overwolf.com/cmp/vendor-list.json

HTTP Response

200

HTTP Request

GET https://content.overwolf.com/Installer/webapp3/css/reset.css

HTTP Response

200

HTTP Request

GET https://content.overwolf.com/Installer/webapp3/css/style.css

HTTP Response

200

HTTP Request

GET https://content.overwolf.com/Installer/webapp3/css/progress.css

HTTP Response

200

HTTP Request

GET https://content.overwolf.com/Installer/webapp3/js/block_inputs.js

HTTP Response

200

HTTP Request

GET https://content.overwolf.com/Installer/webapp3/images/progress-app-image-02.png

HTTP Response

200

HTTP Request

GET https://content.overwolf.com/Installer/webapp3/assets/fonts/lato/Lato-Regular.eot?

HTTP Response

200
18.66.128.120:80

http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEALwVLnxzZ9BlqdgaIzdoyI%3D

http

OWinstaller.exe

523 B
1.1kB
6
5

HTTP Request

GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEALwVLnxzZ9BlqdgaIzdoyI%3D

HTTP Response

200
65.9.86.64:443

https://www.overwolf.com/.galleries/app-icons/buff.game-Buff_Achievement_Tracker_Icone2c77c14-c947-4689-a168-7078966c10c5.png

tls, http

OWinstaller.exe

1.4kB
8.1kB
15
13

HTTP Request

GET https://www.overwolf.com/.galleries/app-icons/buff.game-Buff_Achievement_Tracker_Icone2c77c14-c947-4689-a168-7078966c10c5.png

HTTP Response

200
65.9.86.64:443

https://www.overwolf.com/.galleries/app-tiles/buff.game-Buff_Achievement_Tracker_Tilee2c77c14-c947-4689-a168-7078966c10c5.jpg

tls, http

OWinstaller.exe

3.5kB
71.7kB
59
57

HTTP Request

GET https://www.overwolf.com/.galleries/app-tiles/buff.game-Buff_Achievement_Tracker_Tilee2c77c14-c947-4689-a168-7078966c10c5.jpg

HTTP Response

200
13.89.179.10:443

322 B
7

8.8.8.8:53

analyticsnew.overwolf.com

dns

OWinstaller.exe

71 B
139 B
1
1

DNS Request

analyticsnew.overwolf.com

DNS Response

69.16.175.10

69.16.175.42
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

10.175.16.69.in-addr.arpa

dns

71 B
112 B
1
1

DNS Request

10.175.16.69.in-addr.arpa
8.8.8.8:53

254.143.241.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

254.143.241.8.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

54.120.234.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

54.120.234.20.in-addr.arpa
8.8.8.8:53

206.23.217.172.in-addr.arpa

dns

73 B
173 B
1
1

DNS Request

206.23.217.172.in-addr.arpa
8.8.8.8:53

23.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

23.159.190.20.in-addr.arpa
8.8.8.8:53

cdn.mxpnl.com

dns

OWinstaller.exe

59 B
91 B
1
1

DNS Request

cdn.mxpnl.com

DNS Response

35.186.235.23

130.211.5.208
8.8.8.8:53

content.overwolf.com

dns

OWinstaller.exe

66 B
173 B
1
1

DNS Request

content.overwolf.com

DNS Response

13.227.219.49

13.227.219.33

13.227.219.2

13.227.219.73
8.8.8.8:53

storeapi.overwolf.com

dns

OWinstaller.exe

67 B
174 B
1
1

DNS Request

storeapi.overwolf.com

DNS Response

65.9.86.64

65.9.86.50

65.9.86.65

65.9.86.37
8.8.8.8:53

api-js.mixpanel.com

dns

OWinstaller.exe

65 B
129 B
1
1

DNS Request

api-js.mixpanel.com

DNS Response

107.178.240.159

35.190.25.25

35.186.241.51

130.211.34.183
8.8.8.8:53

23.235.186.35.in-addr.arpa

dns

72 B
124 B
1
1

DNS Request

23.235.186.35.in-addr.arpa
8.8.8.8:53

49.219.227.13.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

49.219.227.13.in-addr.arpa
8.8.8.8:53

64.86.9.65.in-addr.arpa

dns

69 B
122 B
1
1

DNS Request

64.86.9.65.in-addr.arpa
8.8.8.8:53

159.240.178.107.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

159.240.178.107.in-addr.arpa
8.8.8.8:53

136.61.156.108.in-addr.arpa

dns

73 B
130 B
1
1

DNS Request

136.61.156.108.in-addr.arpa
8.8.8.8:53

ocsp.r2m02.amazontrust.com

dns

OWinstaller.exe

72 B
88 B
1
1

DNS Request

ocsp.r2m02.amazontrust.com

DNS Response

18.66.128.120
8.8.8.8:53

www.overwolf.com

dns

OWinstaller.exe

62 B
168 B
1
1

DNS Request

www.overwolf.com

DNS Response

65.9.86.64

65.9.86.57

65.9.86.123

65.9.86.107
8.8.8.8:53

11.102.239.18.in-addr.arpa

dns

72 B
128 B
1
1

DNS Request

11.102.239.18.in-addr.arpa
8.8.8.8:53

106.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

106.208.58.216.in-addr.arpa
8.8.8.8:53

35.36.251.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

35.36.251.142.in-addr.arpa
8.8.8.8:53

120.128.66.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

120.128.66.18.in-addr.arpa
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
8.8.8.8:53

212.46.222.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

212.46.222.23.in-addr.arpa
8.8.8.8:53

99.113.223.173.in-addr.arpa

dns

146 B
278 B
2
2

DNS Request

99.113.223.173.in-addr.arpa

DNS Request

99.113.223.173.in-addr.arpa
8.8.8.8:53

58.14.97.104.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

58.14.97.104.in-addr.arpa
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

146.78.124.51.in-addr.arpa

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

142 B
314 B
2
2

DNS Request

59.128.231.4.in-addr.arpa

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

86.23.85.13.in-addr.arpa

dns

140 B
288 B
2
2

DNS Request

86.23.85.13.in-addr.arpa

DNS Request

86.23.85.13.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

140 B
288 B
2
2

DNS Request

18.31.95.13.in-addr.arpa

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

8.195.19.2.in-addr.arpa

dns

138 B
262 B
2
2

DNS Request

8.195.19.2.in-addr.arpa

DNS Request

8.195.19.2.in-addr.arpa
8.8.8.8:53

86.8.109.52.in-addr.arpa

dns

140 B
288 B
2
2

DNS Request

86.8.109.52.in-addr.arpa

DNS Request

86.8.109.52.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

140 B
312 B
2
2

DNS Request

9.228.82.20.in-addr.arpa

DNS Request

9.228.82.20.in-addr.arpa

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml

Filesize
752B

MD5
2c7bfa3a5f989330e22d9b669462ec29

SHA1
55a2ced54c85ae07344db107f7573c611b8c9013

SHA256
b65fbac7019e1618969fab7dfa1a727d1ebd299ca8224f67334daae1963a4396

SHA512
8d1a1c3c06a983e1bdd81cea677c873d32fe386f5aafde507339415e8c47474a100bd765bf5c09e74cf3f993ae96e3a0e9c52d3f03a3cdb69ac24ac0c23107bb

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt

Filesize
83KB

MD5
a1bbef34e0ba9e80cc43a11197158ad9

SHA1
f606788f3da0a3b5b7b19515d7e32af742109eea

SHA256
3f87ce2e7fab29d5e38df4faf4fa8ee7decc6be3125d3b5848bc61ff0e3519ea

SHA512
429dbc54377266fed587f31cbc37018d99a0832aba0b403e97d2d33e444209ebbc078842998089020ba81a90615b044794f4f4dd6b468f8c553bd90b11b6fe5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\CommandLine.dll

Filesize
68KB

MD5
b6b6fa587b962aba564fde90f63b48f6

SHA1
a2075082c2d4b7ff4a8847e816c87939afdecb53

SHA256
39709617237429eff46f7557eff6af3ebe7ace49bde07fce0013ea5b4c99f2ca

SHA512
9e63d553b101b6f73fd60baed470165e8805b0f208020b0b44617a26c0d0b2ceed864a37b61543a61a01c7f6d2df57acefd02fc1fa1b953427d244a0b5c0edb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\Newtonsoft.Json.dll

Filesize
692KB

MD5
98cbb64f074dc600b23a2ee1a0f46448

SHA1
c5e5ec666eeb51ec15d69d27685fe50148893e34

SHA256
7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13

SHA512
eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWInstaller.exe

Filesize
325KB

MD5
d0634b4a81f6c061a2fb13f3978c41d5

SHA1
f24e2824d2482fb3fe59035ddd155d97bfbd11c9

SHA256
7d354f19a0dd1304aef29e1b106ba84faeb6b8f50b09b0443bd4f9dfb5b47111

SHA512
6f1c95850ee1e074dd46d618d125870bf46410af3913dadf9560648c759a9ca254e8043daac66faf591e169a74cb3b5ad035cd8e2d41de620ad1ad61d3099a47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWInstaller.exe

Filesize
325KB

MD5
d0634b4a81f6c061a2fb13f3978c41d5

SHA1
f24e2824d2482fb3fe59035ddd155d97bfbd11c9

SHA256
7d354f19a0dd1304aef29e1b106ba84faeb6b8f50b09b0443bd4f9dfb5b47111

SHA512
6f1c95850ee1e074dd46d618d125870bf46410af3913dadf9560648c759a9ca254e8043daac66faf591e169a74cb3b5ad035cd8e2d41de620ad1ad61d3099a47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWInstaller.exe

Filesize
325KB

MD5
d0634b4a81f6c061a2fb13f3978c41d5

SHA1
f24e2824d2482fb3fe59035ddd155d97bfbd11c9

SHA256
7d354f19a0dd1304aef29e1b106ba84faeb6b8f50b09b0443bd4f9dfb5b47111

SHA512
6f1c95850ee1e074dd46d618d125870bf46410af3913dadf9560648c759a9ca254e8043daac66faf591e169a74cb3b5ad035cd8e2d41de620ad1ad61d3099a47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWinstaller.exe

Filesize
325KB

MD5
d0634b4a81f6c061a2fb13f3978c41d5

SHA1
f24e2824d2482fb3fe59035ddd155d97bfbd11c9

SHA256
7d354f19a0dd1304aef29e1b106ba84faeb6b8f50b09b0443bd4f9dfb5b47111

SHA512
6f1c95850ee1e074dd46d618d125870bf46410af3913dadf9560648c759a9ca254e8043daac66faf591e169a74cb3b5ad035cd8e2d41de620ad1ad61d3099a47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWinstaller.exe.config

Filesize
632B

MD5
82d22e4e19e27e306317513b9bfa70ff

SHA1
ff3c7dd06b7fff9c12b1beaf0ca32517710ac161

SHA256
272e4c5364193e73633caa3793e07509a349b79314ea01808b24fdb12c51b827

SHA512
b0fb708f6bcab923f5b381b7f03b3220793eff69559e895d7cf0e33781358ec2159f9c8276bf8ba81302feda8721327d43607868de5caaa9015d7bb82060a0b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OverWolf.Client.CommonUtils.dll

Filesize
576KB

MD5
6f2cd11e22d645a9a96d0af7ef41e591

SHA1
262833b218889d6ceabe45993789df0c651720de

SHA256
e17992155fb558a778a09ff028c1bf084dfe7c7d8a3e713eb8ad8293d8e3c011

SHA512
e6728f8d4ea913ca3ffc221579a77f18a2c63ea39b8666f1a67b516c1d4c00cdd4d503002039bb40b77b4f6309b96a5b304c65c17fbf948e2520771959250de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OverWolf.Client.CommonUtils.dll

Filesize
576KB

MD5
6f2cd11e22d645a9a96d0af7ef41e591

SHA1
262833b218889d6ceabe45993789df0c651720de

SHA256
e17992155fb558a778a09ff028c1bf084dfe7c7d8a3e713eb8ad8293d8e3c011

SHA512
e6728f8d4ea913ca3ffc221579a77f18a2c63ea39b8666f1a67b516c1d4c00cdd4d503002039bb40b77b4f6309b96a5b304c65c17fbf948e2520771959250de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OverWolf.Client.CommonUtils.dll

Filesize
576KB

MD5
6f2cd11e22d645a9a96d0af7ef41e591

SHA1
262833b218889d6ceabe45993789df0c651720de

SHA256
e17992155fb558a778a09ff028c1bf084dfe7c7d8a3e713eb8ad8293d8e3c011

SHA512
e6728f8d4ea913ca3ffc221579a77f18a2c63ea39b8666f1a67b516c1d4c00cdd4d503002039bb40b77b4f6309b96a5b304c65c17fbf948e2520771959250de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\SharpRaven.dll

Filesize
80KB

MD5
6a978f944cc4e39f66b1895336eb4301

SHA1
620ad5adeb12b9ef096c857486f937e288a03587

SHA256
154bf227f4a1f7a4a2ffdbe2cf5e7481b750652ce7ac31186efb3b9d163a294c

SHA512
f56a93af202cc832a4c718339ba871dc52bae734217c6694ed6eb09e4797aa8ea15f6e747fc7127e5770ef34ce5b959bb7482d812dba72b481f626284e9c4fec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\System.dll

Filesize
11KB

MD5
7399323923e3946fe9140132ac388132

SHA1
728257d06c452449b1241769b459f091aabcffc5

SHA256
5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

SHA512
d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\UserInfo.dll

Filesize
4KB

MD5
9301577ff4d229347fe33259b43ef3b2

SHA1
5e39eb4f99920005a4b2303c8089d77f589c133d

SHA256
090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc

SHA512
77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\_locales\en\messages.json

Filesize
10KB

MD5
e404a0ea1ac8d53b2efb0fda7f1f2795

SHA1
ec38cee96fce134fe9b08b83133e2a40c484db43

SHA256
448ea9ebb9ef609b852d78976708cd3d3c91674de3e60766704ff2d066f0de53

SHA512
8d9e10f2ba26be6bdc0e54b8e650c3f21543358b645bc9342964d258e8a1ca558e08225f3aaab5a19ad411c34fdfccc932d2cc51c6b5ced43415ef32cb9339f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\assets\fonts\lato\LatoLatin-Regular.eot

Filesize
66KB

MD5
6cfad5881181ae658a6efdd68889a690

SHA1
5b54f6ccc20ed3a078fbdf94d7a68ac80002624d

SHA256
c6c970b103b3c3aa83f7a45172619a4451ea5f015f9f3ef4fd08c9a4aa895cbc

SHA512
ddd3d43540eb3d4eef48d0834136de1e7bf23a52f286d0a666cf57c7d685aadf1cea6d37c88f9d7ce5ad6143d7c3213f54b16a11f616b7dce154bba50997bbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\bottom-arrow.png

Filesize
279B

MD5
847fab99890ddd7460e758ad8d463ba9

SHA1
bdf8c1e45993ee33ee0bf9a2e43d6048df71cb8a

SHA256
46bfb08af2269108c681b78373c98e899b4234adce39394322c7dfd6d40dcdac

SHA512
0bd2075c61eafc2946a9431bd4fbbbb141f3743144782376874640e4aae1ee97a05844589661b3a0912b23dacdf57e0a667d8ffa8ccd0f4358e5802e653aef1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\close-hover.png

Filesize
399B

MD5
5b691eb1c6836563447358b108bc9f39

SHA1
14104e60754aa46034effcbdf21af44e13f3c4cb

SHA256
aaad22634eed5977eb3a690652f16f4efda3143dfb0c165cd391bd862de6eef0

SHA512
d239bba8ce1c22dcf6d8c830614c158290b1fd9f684f7eda86e959f5cfa86cc572fa01711e0d0850f48e13c654a9e69675d83148a3bf22f64de91f7a51eaa124

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\close-normal.png

Filesize
330B

MD5
1acb62ec3fa5a82347c330512f2259d6

SHA1
c81389f19687e791bc4ada896620b17471371c04

SHA256
e8bd82cb680ae552f587a3f0bdc1df18fc7624dffec501840cc508d327baeec3

SHA512
a6693f68c41f8a7c137f3129403b14144329c132b99956ff2c1cc5317b046eaec70aef82c7c05b9220c3c3a7f2a417718fb65bbbe486250c05191778456f602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\icon.ico

Filesize
21KB

MD5
51e75bda8d67975d112b9e3676cfee94

SHA1
681691af738cd40573219a5cb53f0e898f8f81a9

SHA256
2d57121ff4e34cf983bc91b41fdb974883b41efe213bb149e3e81d7d4d10d41e

SHA512
405a4d29e081ff0bffa081ae4f527ebf9c850fcebca9f1a75af05077289bbdb0dd34d1636734b456767df71e06c7d23ac5d5dd364d2f57e970f72aa476088195

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\minimize-hover.png

Filesize
171B

MD5
f4b8851b9ef5a55b0d45392baceb31fb

SHA1
03a87a04dc75579a8568543d40db963b6e9f4051

SHA256
d84b877f7a2d601b1d71cf878b33ff78c94c2d144a0f4d72436a7dcf64e712c2

SHA512
a849659d4ba4e40b924108cd567a58f4b1569afc5c7517a10c26fd6d64422fa61812683292da1c3b19dbe91c63aacd5cd1c5b342ccce98b6815e94b55767ce4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\minimize-normal.png

Filesize
150B

MD5
1bcfd10e50ab56ac335a463ec19b8d33

SHA1
b5054dd1cdd714a6771bc11e43291df361a16ccc

SHA256
aa2b021cd0dd9563705503dad48866eac926c7ace608ff8d00f755afc509f39b

SHA512
7257c401db826ed1f4a549b1b899d0fb4a5bcc3c599ced49b07a64fc308b08fb208dc378a32d9c3cd193b4d603ae76f82bb297334998ca6abb790081a5467edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\welcome-logo.png

Filesize
995B

MD5
860785e1633b7a170ec443f4d36551c7

SHA1
f5a3401fdb22bffabbaae7f912f93cddbb7ea148

SHA256
2e3dced384fe419468973dcb074794b1444f48bce8f96217aa5e3a98c34e4c01

SHA512
217b2177b9f990ee27d1e169dca9f99da18e9bd41fc6d7a5ce7d01cf9e35a23f343763835424125b3fa73de196579054e56542e5885327c6922deeb34fd78e16

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\index.html

Filesize
18KB

MD5
d367bf95bb13abbb839927ef76618253

SHA1
95b95767ec022a74f4c9a6b74895557439817ac9

SHA256
a7db7133613735b6b5c96d4ee3eb8a1630ee783dd41a81260f2461a66c3728d8

SHA512
98fa35e39b3dc54d410c7b4af0efe31845e195473843d2ce0e25ad4b892784a2fba6a9e99964b47a4c3c1d49bc9e839c210a73c7cc788643ef36abe8a1966952

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\app.js

Filesize
21KB

MD5
7c15ecdc0a6c4894af1ebf28e32aed6f

SHA1
db55a0d8935fb49b9be45da4bb4ee88a5277b7db

SHA256
5e67c50e827ad0e651d58646ffeae6a22d6c048e34e33b5e8f1fa98a21f40eab

SHA512
792a28a59330c60f8769d46eb32d1e0c0ff25b27b338288eb6c6e4c7278d3c4dacd44d58bf8c5006e4b8fa5dc313ee23581d0c33e2b0696632dafd7223893472

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\block_inputs.js

Filesize
789B

MD5
b5b52c92b90f4283a761cb8a40860c75

SHA1
7212e7e566795017e179e7b9c9bf223b0cdb9ec2

SHA256
f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544

SHA512
16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\libs\cmp.bundle.js

Filesize
296KB

MD5
c3dbbd4cfe15de60c8c3606ddf9c8784

SHA1
ef44afa8b6fb172b04aa62242b78d90b7ff34a3f

SHA256
a1d99c498fb84e20aeffcb22e7b473fa88e2909f2b9eacdc63d8e09aa56b5aec

SHA512
849a71028e2db8a14178c14c05de413d23282fa49b59befddbc5279d203f27e0d2b21ee9ef43d0aa15b2c81c17d42301d52760c894b9f7ee78ddad258f31a5f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\libs\jquery-1.10.2.min.js

Filesize
90KB

MD5
44e3f0db3e4ab6fedc5758c05cf27591

SHA1
2d408aa1d35661019c95adcc60b78c0727ed25b4

SHA256
bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144

SHA512
4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\libs\mixpanel.js

Filesize
1KB

MD5
344e4265b3d4e1fecfd81c561293edab

SHA1
51dbcac23b839e64362d11763bbe64538ad80bb8

SHA256
88872b5b01a8d1dfee124333aba630ceb8535390130833dd2a312c461ac52217

SHA512
dcda17cb89861c4cd0be4b7cd93b58283cd1acc3c7a4a2176add3ea6403079c8567bcf88d878aa2e91e96c43b15a7ce668299c3d015c6dc4db5b15cddbe4ea7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\models\notifications.js

Filesize
4KB

MD5
a94dbd9bd18433d3bdc6c9efa61cba7e

SHA1
16260be72ae3101010b34b7f721edb72d0550dbf

SHA256
4eb5c8f6679df6f4a23455fe20230e1dac155324709dc8e5cb97b7ede46614bc

SHA512
6ea99466ad1252d203ba4c9a13baf6874b5603422676036aac9a03d4145529747e35b9819ce5fc35182fca78985daa4856c1d621be566b5e86e3e161135b6b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\analytics.js

Filesize
3KB

MD5
00da91079bba7d8b219376f9a9b20961

SHA1
fcaeffa5cc73a667c8ef69442ba62964fddeba5a

SHA256
15f8b8bd605296723e1322465f220e173c750da0745bdf39ec400ab6215c28c7

SHA512
d906ae32a0e2d5b65a030ac6a20a95bdba63cb86ded7d48a6f9d809fe000631c309eb81a5445fa68b45e16f06fe5d282827c026208429297f78be1e7d9ed9961

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\commands.js

Filesize
12KB

MD5
8077c868435c2ab49cc70683489d229b

SHA1
31dfe51f87ec33073b2209e60de7ecd647007c7b

SHA256
72947e14b9e17653b7557c7083a39e453d05f3ef529ddab77c6d6099a95cc881

SHA512
a9f0247a0e1242c02928567f5e9d71564af930446a2be9bcaf51b415a4d30e3a064b1bcaf2c7115a268b01597f2b57905f49f42bd1989398213c262abbafe2ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\cookies.js

Filesize
1KB

MD5
6c60e675f8c8c68c0174b644d3a63a2a

SHA1
3635a3fe07ccc4a6f33a986ddb690522d0611abb

SHA256
9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287

SHA512
1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\modal-events-delegate.js

Filesize
1KB

MD5
117e4fdbdb0ecf211c8bd909efd337d1

SHA1
9f8684d856b7c95bdffb139217dfd89f41373187

SHA256
267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857

SHA512
f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\strings-loader.js

Filesize
5KB

MD5
9c94eb933d8a43dd3825e67a7e30c980

SHA1
7ec7b16af6f399219209ba5967d377040486a11b

SHA256
96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf

SHA512
a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\utils.js

Filesize
118B

MD5
a0952ebeab701c05c75710c33d725e7e

SHA1
1da8a2e889f1213d481ae3cd5571670c01e64adc

SHA256
b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246

SHA512
5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\cri\cri-controller.js

Filesize
5KB

MD5
d222c95a2ef0b75ad6c96a3abe20fdc5

SHA1
641c39f92a169f0ca435ed12d2a4d276eb415642

SHA256
aafb56625ec30b24035baafff7bc20215e8ec7e4be4ea58a90aa5b46bdd14a6e

SHA512
e9e66abf6d95fc15a6ffe46cf85c3c9d3b80f3884ca4c8cbb5d2b024fa1dcc46a5e2f39041a4a120a8b8b881d07b3d70b18b552332180aa08c4a67577ea6242b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\cri\template.js

Filesize
1KB

MD5
76c1ef0cb437db144c2bed53a5a8a5d7

SHA1
aaab8fff649f8e46d1e9510018118ee9abe01498

SHA256
505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e

SHA512
822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js

Filesize
1KB

MD5
01878b1f0f27ba2af34f89c648f3e16f

SHA1
b45e04411d06052772b4645d1feb7a594b722067

SHA256
4c96454e5b0493676af666aa5716ba12209aa72fb30e8dbde8e85ab000a4350a

SHA512
5a7860c8df74ad9dd2eea3bd0927dbfa1fff1de7b9a093a6d727ecc2abb7139d721cbf76c55a7ade24ade5e08e6547321a62e3a1440eb202b7a8569305dfa782

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\finish-with-recommended-app\template.js

Filesize
681B

MD5
d1cb34b57cef7e28b9286454b197b712

SHA1
f3a964b319bab82d4eda07e126bbfd6dec35c349

SHA256
b61dfc304b46e8cd95d7b15bb93c6160b30523a1a093397a84fc8b8bed00ac42

SHA512
3a07de9c58134edbb7998f85e6d037a0cd066e32c4daa07594a949a7574f5693153bbcdb59739e1a92e847ab1128e2369fb30ba76a7b9cdfa9a37a409db691c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\finish\finish-controller.js

Filesize
2KB

MD5
cbdfd75bb47bda0ae536b3d45958b615

SHA1
9a69d440e1d8ba1976b2880964f7041c46e8bdf9

SHA256
b4221b80fbbc4ef93b3a1f668d8a3445353db9f3e1ec77c9b6520a7312ac46f9

SHA512
e78272fcd6af8656cd054c91b97508603792dcc75c4f7a123880671ff6ed126e03cd19ec13d005f655e8281a1e90f6b190be650ddf07522fa613a940148dd475

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\finish\template.js

Filesize
1KB

MD5
f092de7ea66d8e920b345f38537fa35d

SHA1
82d107a409f18878307ae0cefe24074db64937c4

SHA256
b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f

SHA512
14942c0122f216c07595cbaae498f9c4d37a2d0fd95f262c332502befdf4566c7a042c4d85702c1d82a111123dde677096195e9efeb1d74eb1dfd4df84d01a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\main\main-controller.js

Filesize
11KB

MD5
15b665a5c915004e1aa7e9e11a710f7e

SHA1
7821924e42bb19d60c572ff80bbaaa04d7aaeefb

SHA256
84dc33e2eb3118fc77a38b0ca53af42c53f6eb85cfb1e8737dbe39fa03515653

SHA512
dd47f7bac0dbaac714e6d2fc91b4c24756ca4acb70bdbc4b54cd5216552d6bb85ba2e1c3c8445c5fb40d116dfab6569945cd74730bb7c8f3cf46e8d08f8afa02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\main\template.js

Filesize
3KB

MD5
a118c7724c208f12083240cafccfd10b

SHA1
f89c676a215b869626737862a08c9eb07d440211

SHA256
63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc

SHA512
9fede79044ae5de7baf5bfba0d5a515ce462a25420026ff45bcf1751e57510023cb40df42d08e880114f62b38ddb218355d5357b725df32a41ae4e6a18414cb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\modal\modal-controller.js

Filesize
2KB

MD5
995aa365976d4166ec6de5fe212b0255

SHA1
0d0e8c6aabfc8c967d5af224f66045314c0564b1

SHA256
cff5f7519eb05899df67ae1d79c9318ea344b068d95b565ae8dafacb70a1c52b

SHA512
71a51e34e92e2c478397e70ade9b33e39f4fb9a6da14f04a27997dfd9149978f4d90f0cb6d35e9ede116a2f6ed7f3c6f291383ef84d10994050893c1741f3de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\privacy\privacy-controller.js

Filesize
2KB

MD5
9caf44e466f9dc19ea102980da4ae5d5

SHA1
da7e0fa627f6f3d2d9f0ec091ba19aa81e66332f

SHA256
f0b55a937f0bdc60394c4259dc226562b552a6eaaac61950fa29400200f5380a

SHA512
e88b1e18b14e0abb6f625c4210196609f8f8c001dd3ff66b1807d66113df471468d6c8548bd1af1e1f5c25faf759517c4eb93108394ff1f9abc7b36a8b6ad11f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\privacy\template.js

Filesize
655B

MD5
cf8d2c26520d7c84e560dfa79e31dcd3

SHA1
716f2ec17480d5cc9c145bc147833fbfc39d36f0

SHA256
95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8

SHA512
d466dcf7e86a4295857020feea281fc89f519f6bf1e79c3b5e1046d0745c9c9010377b1941e06c9a9b2c78a4173ed9909332d5d6c39b05f460e8a863086c895b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\progress\progress-1-controller.js

Filesize
2KB

MD5
4bc723bda9cc718301f2533ca3196768

SHA1
7f78b74746762fd5007ea3fbce45349bb0ef7901

SHA256
164bbdea64ca671a04b91747191227a89992a34159f1578a2cbf0e16398af1ec

SHA512
920f898d1592ae8d713410ac3fb43e9d490d567f2bb70b8f8d2958a0899fb8bf6a0a735db63a8eb3e1bf2cb02be70354a0f7b92d12584b1ecbde2d5ec19f9a53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\progress\template.js

Filesize
242B

MD5
92b145e6649ba0add3dee9a69d3fa91e

SHA1
4db1a45392ec973cc8a7eecf3a30a9a7ecc7a64d

SHA256
a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab

SHA512
747a087dffdba5c92d9f4c8923615d388b9c4c79d3b71d3cb90487aa37c132290a4f5107eef3055c03eadcb9614e20d4655393dc9251fab7e0ee2438f0d95751

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\settings\settings-controller.js

Filesize
6KB

MD5
7c30acb5d090c141185bf36c991c44ec

SHA1
59c12294a10835566e6ababc81ca6f66c0cfa984

SHA256
8928a80ed2c782ac5538cf7b2b5cbac05b5b70e03abb2e9c44cdf3061cf2f6ef

SHA512
9af7605aec15b76147060b592834568c023618ee9f1b6f375649c1a8f342476775f0b7b1fed1b015362dc481b1065a657f9a4b0aa8ae186a381acf6aef894ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\settings\template.js

Filesize
2KB

MD5
aee08bbe8994d59ce5b0fd4611968394

SHA1
3533ee4e288625aefdf5b2cd2a17494e340fa097

SHA256
91bdc29c6bee6de168cec29912e46d8bfb53a2a7c3d5082e3933eff8db887ecf

SHA512
13462812b482f5bad79260ca1ae9f11db38d32c9ca01204f5b1fb5c512e11b963d070fc2c5ab88d40e0069144d9a96eec86990e4d05b3032085607dca3bc9b51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\welcome\template.js

Filesize
1KB

MD5
17f54fca6723b983875d940d931e0afb

SHA1
01774cd5cea36bd74c80a708d6f77567e8091024

SHA256
42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb

SHA512
401df9a54cd14c19227d91bd08b4775a7b437644b4ca0d1d636d3e07b04591f9c5516e80040ae6a79ba400457d15e3d80aa148a63de870a64664fc5a02f7a038

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\welcome\welcome-controller.js

Filesize
2KB

MD5
6127f0a4ee214776271ea6fce1fb58e9

SHA1
378cd32ccf043889de731fce6d96b6c21632a165

SHA256
aa42af897b154c05a5a5bdf5c9420e698bc943cf1a6fcd830aae7c5b8317f654

SHA512
f2b35ced730fb95b64dd72be81345788d1fb66d38f26f2ddeb205cbecfc767703a12c455d2bb8ba1dbada1a409e123aaf020a822321b8ad80947e67c53e83a9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\manifest.json

Filesize
691B

MD5
3a21806224b428d7edb8e5f50938aa5c

SHA1
dfe1eca9483849849bdd70a826bdb110d27de098

SHA256
8d407b22388304ec08a21c11450097343dd455155e4b6cd859c423b9d7b314fc

SHA512
d74de8210e5f52668790d549e3fd194feed9086f6839780d48cfd433724fbe89b660e86716e85ddad84b4b7a5e6d14efb7dbd4dca7c8cad1456637094e0c18f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\log4net.dll

Filesize
270KB

MD5
f15c8a9e2876568b3910189b2d493706

SHA1
32634db97e7c1705286cb1ac5ce20bc4e0ec17af

SHA256
ae9c8073c3357c490f5d1c64101362918357c568f6b9380a60b09a4a4c1ff309

SHA512
805cd0a70aba2f1cf66e557d51ad30d42b32fbafcfbc6685ec204bc69847619479f653f4f33a4e466055707880d982eb1574ddab8edfa3c641e51cda950e2a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\uac.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\uac.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\utils.dll

Filesize
55KB

MD5
aad3f2ecc74ddf65e84dcb62cf6a77cd

SHA1
1e153e0f4d7258cae75847dba32d0321864cf089

SHA256
1cc004fcce92824fa27565b31299b532733c976671ac6cf5dbd1e0465c0e47e8

SHA512
8e44b86c92c890d303448e25f091f1864946126343ee4665440de0dbeed1c89ff05e4f3f47d530781aa4db4a0d805b41899b57706b8eddfc95cfa64c073c26e2

Download Submit
memory/924-408-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

Filesize
4KB

Download
memory/924-440-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

Filesize
4KB

Download
memory/924-442-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

Filesize
4KB

Download
memory/924-441-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

Filesize
4KB

Download
memory/924-439-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

Filesize
4KB

Download
memory/924-438-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

Filesize
4KB

Download
memory/924-436-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

Filesize
4KB

Download
memory/924-435-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

Filesize
4KB

Download
memory/924-406-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

Filesize
4KB

Download
memory/924-405-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

Filesize
4KB

Download
memory/1960-324-0x0000022E80080000-0x0000022E80090000-memory.dmp

Filesize
64KB

Download
memory/1960-289-0x0000022EFFB80000-0x0000022EFFC30000-memory.dmp

Filesize
704KB

Download
memory/1960-272-0x0000022EE5970000-0x0000022EE5984000-memory.dmp

Filesize
80KB

Download
memory/1960-279-0x0000022EE59A0000-0x0000022EE59B8000-memory.dmp

Filesize
96KB

Download
memory/1960-316-0x0000022EE5A60000-0x0000022EE5A82000-memory.dmp

Filesize
136KB

Download
memory/1960-285-0x0000022E80080000-0x0000022E80090000-memory.dmp

Filesize
64KB

Download
memory/1960-270-0x0000022EFFA20000-0x0000022EFFAB2000-memory.dmp

Filesize
584KB

Download
memory/1960-326-0x0000022E80080000-0x0000022E80090000-memory.dmp

Filesize
64KB

Download
memory/1960-275-0x0000022EE5A10000-0x0000022EE5A56000-memory.dmp

Filesize
280KB

Download
memory/1960-357-0x00000237007B0000-0x0000023700F56000-memory.dmp

Filesize
7.6MB

Download
memory/1960-273-0x0000022E80530000-0x0000022E80A58000-memory.dmp

Filesize
5.2MB

Download
memory/1960-325-0x0000022E80080000-0x0000022E80090000-memory.dmp

Filesize
64KB

Download
memory/1960-266-0x0000022EE55A0000-0x0000022EE55F2000-memory.dmp

Filesize
328KB

Download
memory/1960-454-0x0000022E80080000-0x0000022E80090000-memory.dmp

Filesize
64KB

Download
memory/1960-455-0x0000022E80080000-0x0000022E80090000-memory.dmp

Filesize
64KB

Download
memory/1960-456-0x0000022E80080000-0x0000022E80090000-memory.dmp

Filesize
64KB

Download
memory/1960-457-0x0000022E80080000-0x0000022E80090000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request