Analysis

  • max time kernel
    126s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/06/2023, 19:08 UTC

General

  • Target

    Buff Achievement Tracker - Installer.exe

  • Size

    2.0MB

  • MD5

    e9d1d646b6376de5c6f6b50d6576b500

  • SHA1

    0e89df9bcf7451019152febe5b2af6d3ea5dc3cf

  • SHA256

    6012a045f413abdf7e8f1c70848448ff307a3e1854a2313d7d4998f8ebc96f5d

  • SHA512

    a2784682ec031a015c83f5d463358482c1b898ee6a616e40a24c73051e8c68caa2bbc1172213393bec4405bafc67989a04cbb58cd19235e8366d2c52e9ffa178

  • SSDEEP

    49152:FT/vxE87vxpsrFpIvxrpLCvsMcOiX8isGAYkjyRUcL:FT/ZPN+TIvvLCvslsiHzDC

Score
5/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 18 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 11 IoCs
  • Registers COM server for autorun 1 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 35 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Buff Achievement Tracker - Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Buff Achievement Tracker - Installer.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWinstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&Referer=www.buff.game&Browser=chrome -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\AppData\Local\Temp\Buff Achievement Tracker - Installer.exe
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1960
      • C:\Windows\System32\DxDiag.exe
        "C:\Windows\System32\DxDiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
        3⤵
        • Drops file in System32 directory
        • Registers COM server for autorun
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:924
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k netsvcs -p
    1⤵
      PID:4376

    Network

    • flag-us
      DNS
      analyticsnew.overwolf.com
      OWinstaller.exe
      Remote address:
      8.8.8.8:53
      Request
      analyticsnew.overwolf.com
      IN A
      Response
      analyticsnew.overwolf.com
      IN CNAME
      cds.d3x4y6v5.hwcdn.net
      cds.d3x4y6v5.hwcdn.net
      IN A
      69.16.175.10
      cds.d3x4y6v5.hwcdn.net
      IN A
      69.16.175.42
    • flag-us
      DNS
      208.194.73.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      208.194.73.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      GET
      http://analyticsnew.overwolf.com/analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.218.0.8%22%7d%5d
      Buff Achievement Tracker - Installer.exe
      Remote address:
      69.16.175.10:80
      Request
      GET /analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.218.0.8%22%7d%5d HTTP/1.1
      User-Agent: NSIS_Inetc (Mozilla)
      Host: analyticsnew.overwolf.com
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      Date: Thu, 29 Jun 2023 19:08:59 GMT
      Connection: Keep-Alive
      ETag: "1422197399"
      Cache-Control: max-age=0
      Content-Length: 2
      Content-Type: application/octet-stream
      Last-Modified: Sun, 25 Jan 2015 14:49:59 GMT
      Accept-Ranges: bytes
      X-HW: 1688065739.dop205.am5.t,1688065739.cds146.am5.c
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Origin: *
    • flag-us
      DNS
      10.175.16.69.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      10.175.16.69.in-addr.arpa
      IN PTR
      Response
      10.175.16.69.in-addr.arpa
      IN PTR
      hwcdnnet
      10.175.16.69.in-addr.arpa
      IN PTR
      tlb�7
    • flag-us
      DNS
      254.143.241.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      254.143.241.8.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      43.58.199.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      43.58.199.20.in-addr.arpa
      IN PTR
      Response
    • flag-de
      GET
      http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=41387868&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=17080157&utmr=/&utmp=/&utmac=UA-80584726-1&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event
      OWinstaller.exe
      Remote address:
      172.217.23.206:80
      Request
      GET /__utm.gif?utmwv=4.7.2&utmn=41387868&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=17080157&utmr=/&utmp=/&utmac=UA-80584726-1&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event HTTP/1.1
      UserAgent: Mozilla/5.0 (Windows; U; Windows NT 10.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.638.0 Safari/534.16
      Host: www.google-analytics.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Access-Control-Allow-Origin: *
      Pragma: no-cache
      X-Content-Type-Options: nosniff
      Cross-Origin-Resource-Policy: cross-origin
      Server: Golfe2
      Content-Length: 35
      Date: Thu, 29 Jun 2023 02:16:56 GMT
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Cache-Control: no-cache, no-store, must-revalidate
      Age: 60726
      Last-Modified: Sun, 17 May 1998 03:00:00 GMT
      Content-Type: image/gif
    • flag-de
      GET
      http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=288911388&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=677036673&utmr=/&utmp=/&utmac=UA-18298709-8&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event
      OWinstaller.exe
      Remote address:
      172.217.23.206:80
      Request
      GET /__utm.gif?utmwv=4.7.2&utmn=288911388&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=677036673&utmr=/&utmp=/&utmac=UA-18298709-8&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event HTTP/1.1
      UserAgent: Mozilla/5.0 (Windows; U; Windows NT 10.0; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.638.0 Safari/534.16
      Host: www.google-analytics.com
      Response
      HTTP/1.1 200 OK
      Access-Control-Allow-Origin: *
      Pragma: no-cache
      X-Content-Type-Options: nosniff
      Cross-Origin-Resource-Policy: cross-origin
      Server: Golfe2
      Content-Length: 35
      Date: Thu, 29 Jun 2023 02:16:56 GMT
      Expires: Mon, 01 Jan 1990 00:00:00 GMT
      Cache-Control: no-cache, no-store, must-revalidate
      Age: 60726
      Last-Modified: Sun, 17 May 1998 03:00:00 GMT
      Content-Type: image/gif
    • flag-us
      DNS
      54.120.234.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      54.120.234.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      GET
      http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Funnel2_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d
      OWinstaller.exe
      Remote address:
      69.16.175.10:80
      Request
      GET /analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Funnel2_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d HTTP/1.1
      Host: analyticsnew.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Date: Thu, 29 Jun 2023 19:09:02 GMT
      Connection: Keep-Alive
      ETag: "1422197399"
      Cache-Control: max-age=0
      Content-Length: 2
      Content-Type: application/octet-stream
      Last-Modified: Sun, 25 Jan 2015 14:49:59 GMT
      Accept-Ranges: bytes
      X-HW: 1688065742.dop012.am5.t,1688065742.cds146.am5.c
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Origin: *
    • flag-us
      GET
      http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522existingUUID%2522%252c%2522Value%2522%253a%25227a0b5f63-92b5-4443-b457-34250c67f41d%2522%257d%252c%257b%2522Name%2522%253a%2522appstoreUUID%2522%252c%2522Value%2522%253a%2522%2522%257d%252c%257b%2522Name%2522%253a%2522clientInstalled%2522%252c%2522Value%2522%253a%2522False%2522%257d%252c%257b%2522Name%2522%253a%2522sel_app%2522%252c%2522Value%2522%253a%2522caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d
      OWinstaller.exe
      Remote address:
      69.16.175.10:80
      Request
      GET /analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522existingUUID%2522%252c%2522Value%2522%253a%25227a0b5f63-92b5-4443-b457-34250c67f41d%2522%257d%252c%257b%2522Name%2522%253a%2522appstoreUUID%2522%252c%2522Value%2522%253a%2522%2522%257d%252c%257b%2522Name%2522%253a%2522clientInstalled%2522%252c%2522Value%2522%253a%2522False%2522%257d%252c%257b%2522Name%2522%253a%2522sel_app%2522%252c%2522Value%2522%253a%2522caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d HTTP/1.1
      Host: analyticsnew.overwolf.com
      Response
      HTTP/1.1 200 OK
      Date: Thu, 29 Jun 2023 19:09:02 GMT
      Connection: Keep-Alive
      ETag: "1422197399"
      Cache-Control: max-age=0
      Content-Length: 2
      Content-Type: application/octet-stream
      Last-Modified: Sun, 25 Jan 2015 14:49:59 GMT
      Accept-Ranges: bytes
      X-HW: 1688065742.dop012.am5.t,1688065742.cds146.am5.c
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Origin: *
    • flag-us
      GET
      http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=installer_webbrowser_init&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522ver%2522%252c%2522Value%2522%253a%252211.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d
      OWinstaller.exe
      Remote address:
      69.16.175.10:80
      Request
      GET /analytics/Counter?CurrentVersion=&PartnerID=3762&Name=installer_webbrowser_init&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522ver%2522%252c%2522Value%2522%253a%252211.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d HTTP/1.1
      Host: analyticsnew.overwolf.com
      Response
      HTTP/1.1 200 OK
      Date: Thu, 29 Jun 2023 19:09:02 GMT
      Connection: Keep-Alive
      ETag: "1422197399"
      Cache-Control: max-age=0
      Content-Length: 2
      Content-Type: application/octet-stream
      Last-Modified: Sun, 25 Jan 2015 14:49:59 GMT
      Accept-Ranges: bytes
      X-HW: 1688065742.dop012.am5.t,1688065742.cds146.am5.c
      Access-Control-Allow-Methods: GET
      Access-Control-Allow-Origin: *
    • flag-us
      DNS
      206.23.217.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      206.23.217.172.in-addr.arpa
      IN PTR
      Response
      206.23.217.172.in-addr.arpa
      IN PTR
      prg03s05-in-f141e100net
      206.23.217.172.in-addr.arpa
      IN PTR
      prg03s05-in-f206�I
      206.23.217.172.in-addr.arpa
      IN PTR
      ams16s37-in-f14�I
    • flag-us
      DNS
      23.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      cdn.mxpnl.com
      OWinstaller.exe
      Remote address:
      8.8.8.8:53
      Request
      cdn.mxpnl.com
      IN A
      Response
      cdn.mxpnl.com
      IN A
      35.186.235.23
      cdn.mxpnl.com
      IN A
      130.211.5.208
    • flag-us
      GET
      https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
      OWinstaller.exe
      Remote address:
      35.186.235.23:443
      Request
      GET /libs/mixpanel-2-latest.min.js HTTP/1.1
      Accept: */*
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: cdn.mxpnl.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      X-GUploader-UploadID: ADPycdufgIKkelin73MrhmQb_5mNYxuNeFlflHWO2lRNMBuc4aOBO6Jh9au82zrL6OT699aFmFgwrW0YPKpjotL_T_MMzR2x7QRk
      x-goog-generation: 1683307999305716
      x-goog-metageneration: 2
      x-goog-stored-content-encoding: gzip
      x-goog-stored-content-length: 17969
      Content-Encoding: gzip
      x-goog-hash: crc32c=6XUl6A==
      x-goog-hash: md5=brYSoAD8ED4naeV2po/EEg==
      x-goog-storage-class: MULTI_REGIONAL
      Accept-Ranges: bytes
      Content-Length: 17969
      Access-Control-Allow-Origin: *
      Server: UploadServer
      Date: Thu, 29 Jun 2023 02:49:12 GMT
      Expires: Fri, 30 Jun 2023 02:49:12 GMT
      Cache-Control: public,max-age=86400
      Last-Modified: Fri, 05 May 2023 17:33:19 GMT
      ETag: "6eb612a000fc103e2769e576a68fc412"
      Content-Type: text/javascript
      Vary: Accept-Encoding
      Age: 58792
      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
    • flag-us
      DNS
      content.overwolf.com
      OWinstaller.exe
      Remote address:
      8.8.8.8:53
      Request
      content.overwolf.com
      IN A
      Response
      content.overwolf.com
      IN CNAME
      d2t3tkftmx1fe5.cloudfront.net
      d2t3tkftmx1fe5.cloudfront.net
      IN A
      13.227.219.49
      d2t3tkftmx1fe5.cloudfront.net
      IN A
      13.227.219.33
      d2t3tkftmx1fe5.cloudfront.net
      IN A
      13.227.219.2
      d2t3tkftmx1fe5.cloudfront.net
      IN A
      13.227.219.73
    • flag-us
      DNS
      storeapi.overwolf.com
      OWinstaller.exe
      Remote address:
      8.8.8.8:53
      Request
      storeapi.overwolf.com
      IN A
      Response
      storeapi.overwolf.com
      IN CNAME
      d19oaezzrax0ot.cloudfront.net
      d19oaezzrax0ot.cloudfront.net
      IN A
      65.9.86.64
      d19oaezzrax0ot.cloudfront.net
      IN A
      65.9.86.50
      d19oaezzrax0ot.cloudfront.net
      IN A
      65.9.86.65
      d19oaezzrax0ot.cloudfront.net
      IN A
      65.9.86.37
    • flag-nl
      GET
      https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1 HTTP/1.1
      Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: text/html
      Transfer-Encoding: chunked
      Connection: keep-alive
      Last-Modified: Mon, 06 Dec 2021 15:49:53 GMT
      x-amz-meta-cb-modifiedtime: Sun, 17 Jan 2021 09:26:59 GMT
      Server: AmazonS3
      Content-Encoding: gzip
      Date: Thu, 29 Jun 2023 03:35:05 GMT
      ETag: W/"8fe162483b4326f4c8ca4c1fe8840607"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: iO4RJxRVm6Okv3utZDFbdOiDHO45T7uwpbNw35-YH20qz9ZW-5uDUQ==
      Age: 58293
    • flag-nl
      GET
      https://content.overwolf.com/cmp/vendor-list.json
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /cmp/vendor-list.json HTTP/1.1
      Accept: */*
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: application/json
      Transfer-Encoding: chunked
      Connection: keep-alive
      Last-Modified: Fri, 23 Jun 2023 18:18:01 GMT
      x-amz-server-side-encryption: AES256
      Server: AmazonS3
      Content-Encoding: gzip
      Date: Thu, 29 Jun 2023 02:44:00 GMT
      ETag: W/"e092bb8c1dd2a678752e44a3fc689aae"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: PzxeOr34nLi4C_zobXBV2MrjBA5_qRlJ43xfSeSKXS9fUPDUZ15n9w==
      Age: 59146
    • flag-nl
      GET
      https://content.overwolf.com/Installer/webapp3/css/fonts.css
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /Installer/webapp3/css/fonts.css HTTP/1.1
      Accept: */*
      Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: text/css
      Transfer-Encoding: chunked
      Connection: keep-alive
      Last-Modified: Mon, 06 Dec 2021 15:49:46 GMT
      x-amz-meta-cb-modifiedtime: Sun, 02 Jun 2019 10:14:49 GMT
      Server: AmazonS3
      Content-Encoding: gzip
      Date: Thu, 29 Jun 2023 07:12:25 GMT
      ETag: W/"2778c70161bb0aec49f4207e1430bf63"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: 6xo_gqIns2WHTmTlA6_Sd-Mzq8kRBcacj5oq1OLXk6vgp2wXyH50iQ==
      Age: 43488
    • flag-nl
      GET
      https://content.overwolf.com/Installer/webapp3/js/libs/jquery-1.10.2.min.js
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /Installer/webapp3/js/libs/jquery-1.10.2.min.js HTTP/1.1
      Accept: */*
      Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: application/x-javascript
      Transfer-Encoding: chunked
      Connection: keep-alive
      Last-Modified: Mon, 06 Dec 2021 15:49:15 GMT
      x-amz-meta-cb-modifiedtime: Tue, 19 Sep 2017 06:57:52 GMT
      Server: AmazonS3
      Content-Encoding: gzip
      Date: Thu, 29 Jun 2023 05:22:22 GMT
      ETag: W/"f5181545817b45e967869df84ad33f49"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: Gu3dBzYzNCWtvSB8C0PYzTTB64P4kB_syclLCkrWg4o1Cou-y62caA==
      Age: 49820
    • flag-nl
      GET
      https://content.overwolf.com/Installer/webapp3/images/progress-app-image-01.png
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /Installer/webapp3/images/progress-app-image-01.png HTTP/1.1
      Accept: */*
      Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: image/png
      Content-Length: 2440
      Connection: keep-alive
      Last-Modified: Mon, 06 Dec 2021 15:49:44 GMT
      x-amz-meta-cb-modifiedtime: Thu, 02 Dec 2021 11:23:14 GMT
      Accept-Ranges: bytes
      Server: AmazonS3
      Date: Thu, 29 Jun 2023 04:11:47 GMT
      ETag: "6276c4f73df3a91718a12878c63dcf24"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: Lq0zg1ugg9Z8neeRt4NIOFiT8a_WNFY6XSHEfCxbpSvz7vupmqPAnQ==
      Age: 54188
    • flag-nl
      GET
      https://content.overwolf.com/Installer/webapp3/images/progress-app-image-03.png
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /Installer/webapp3/images/progress-app-image-03.png HTTP/1.1
      Accept: */*
      Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: image/png
      Content-Length: 1847
      Connection: keep-alive
      Last-Modified: Mon, 06 Dec 2021 15:49:44 GMT
      x-amz-meta-cb-modifiedtime: Thu, 02 Dec 2021 11:23:16 GMT
      Accept-Ranges: bytes
      Server: AmazonS3
      Date: Thu, 29 Jun 2023 04:11:47 GMT
      ETag: "38ead88ccac4d4f8077e265aafc186bc"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 1396f0307ab4835adf6e4163507d4c8a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: EkoiDinPGBvmfWuLS668uQh_5i0rdD8mtrdzHsgKGA0qcKf7LROx3A==
      Age: 54429
    • flag-nl
      GET
      https://storeapi.overwolf.com/asset/tile-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl
      OWinstaller.exe
      Remote address:
      65.9.86.64:443
      Request
      GET /asset/tile-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl HTTP/1.1
      Accept: */*
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: storeapi.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 302 Moved Temporarily
      Content-Type: text/plain; charset=utf-8
      Content-Length: 147
      Connection: keep-alive
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Headers: X-Requested-With, Accept, Content-Type, Authorization
      Access-Control-Allow-Methods: POST, PUT, GET, OPTIONS
      Access-Control-Allow-Origin: *
      Date: Thu, 29 Jun 2023 19:08:32 GMT
      Location: https://www.overwolf.com/.galleries/app-tiles/buff.game-Buff_Achievement_Tracker_Tilee2c77c14-c947-4689-a168-7078966c10c5.jpg
      Server: nginx/1.14.1
      X-Cache: Hit from cloudfront
      Via: 1.1 fb8f21b90b0483bdc64e7c79b3e007e0.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS1-C1
      X-Amz-Cf-Id: M0Hu7E-9qcM_mTFRIG1BWpwoRExshn97GgVzOCeUGLI5XnS9T55SMw==
      Age: 33
    • flag-nl
      GET
      https://storeapi.overwolf.com/asset/logo-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl
      OWinstaller.exe
      Remote address:
      65.9.86.64:443
      Request
      GET /asset/logo-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl HTTP/1.1
      Accept: */*
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: storeapi.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 302 Moved Temporarily
      Content-Type: text/plain; charset=utf-8
      Content-Length: 147
      Connection: keep-alive
      Access-Control-Allow-Credentials: true
      Access-Control-Allow-Headers: X-Requested-With, Accept, Content-Type, Authorization
      Access-Control-Allow-Methods: POST, PUT, GET, OPTIONS
      Access-Control-Allow-Origin: *
      Date: Thu, 29 Jun 2023 18:57:39 GMT
      Location: https://www.overwolf.com/.galleries/app-icons/buff.game-Buff_Achievement_Tracker_Icone2c77c14-c947-4689-a168-7078966c10c5.png
      Server: nginx/1.14.1
      X-Cache: Hit from cloudfront
      Via: 1.1 2bf8812c27f5e451eba4aef5c1aff6ae.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS1-C1
      X-Amz-Cf-Id: dNfcGWWDW96WagtPoGZO8NjroZbwhK439oROJ96RGuPLFife4PUrLA==
      Age: 686
    • flag-us
      DNS
      api-js.mixpanel.com
      OWinstaller.exe
      Remote address:
      8.8.8.8:53
      Request
      api-js.mixpanel.com
      IN A
      Response
      api-js.mixpanel.com
      IN A
      107.178.240.159
      api-js.mixpanel.com
      IN A
      35.190.25.25
      api-js.mixpanel.com
      IN A
      35.186.241.51
      api-js.mixpanel.com
      IN A
      130.211.34.183
    • flag-us
      POST
      https://api-js.mixpanel.com/track/?ip=1&_=1688065743903
      OWinstaller.exe
      Remote address:
      107.178.240.159:443
      Request
      POST /track/?ip=1&_=1688065743903 HTTP/1.1
      Accept: */*
      Content-Type: application/x-www-form-urlencoded
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: api-js.mixpanel.com
      Content-Length: 1012
      Connection: Keep-Alive
      Cache-Control: no-cache
      Response
      HTTP/1.1 200 OK
      access-control-allow-credentials: true
      access-control-allow-headers: X-Requested-With
      access-control-allow-methods: GET, POST, OPTIONS
      access-control-allow-origin: *
      access-control-expose-headers: X-MP-CE-Backoff
      access-control-max-age: 1728000
      cache-control: no-cache, no-store
      content-type: application/json
      strict-transport-security: max-age=604800; includeSubDomains
      date: Thu, 29 Jun 2023 19:09:05 GMT
      content-length: 1
      x-envoy-upstream-service-time: 7
      server: envoy
      Via: 1.1 google
      Alt-Svc: clear
    • flag-nl
      GET
      https://content.overwolf.com/cmp/vendor-list.json
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /cmp/vendor-list.json HTTP/1.1
      Accept: */*
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: application/json
      Transfer-Encoding: chunked
      Connection: keep-alive
      Last-Modified: Fri, 23 Jun 2023 18:18:01 GMT
      x-amz-server-side-encryption: AES256
      Server: AmazonS3
      Content-Encoding: gzip
      Date: Thu, 29 Jun 2023 02:44:00 GMT
      ETag: W/"e092bb8c1dd2a678752e44a3fc689aae"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: Z-kmrcbG_iUkExBix5QHsegr8hHvZDGdjfplx9YgKH_GRv_QdUihpw==
      Age: 59146
    • flag-nl
      GET
      https://content.overwolf.com/Installer/webapp3/css/reset.css
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /Installer/webapp3/css/reset.css HTTP/1.1
      Accept: */*
      Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: text/css
      Content-Length: 427
      Connection: keep-alive
      Last-Modified: Mon, 06 Dec 2021 15:49:46 GMT
      x-amz-meta-cb-modifiedtime: Sun, 02 Jun 2019 10:14:49 GMT
      Accept-Ranges: bytes
      Server: AmazonS3
      Date: Thu, 29 Jun 2023 17:44:14 GMT
      ETag: "d29f1cfab4739a8757e86b90ee9a745f"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: zJP0UvaUHI2arpyice8HWnIALfPqIpo4xcQdujESNL5CMf-02b0Qiw==
      Age: 5152
    • flag-nl
      GET
      https://content.overwolf.com/Installer/webapp3/css/style.css
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /Installer/webapp3/css/style.css HTTP/1.1
      Accept: */*
      Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: text/css
      Transfer-Encoding: chunked
      Connection: keep-alive
      Last-Modified: Mon, 06 Dec 2021 15:49:46 GMT
      x-amz-meta-cb-modifiedtime: Sun, 02 Jun 2019 10:14:49 GMT
      Server: AmazonS3
      Content-Encoding: gzip
      Date: Thu, 29 Jun 2023 17:45:38 GMT
      ETag: W/"bde238bc90d90deecbdfebadafbac483"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: r_BXSGrX5ykAeJ_t0XKjkYfKrG-EgdH2gUE-TWzLyHJGmImVVmv5ZA==
      Age: 5008
    • flag-nl
      GET
      https://content.overwolf.com/Installer/webapp3/css/progress.css
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /Installer/webapp3/css/progress.css HTTP/1.1
      Accept: */*
      Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: text/css
      Content-Length: 702
      Connection: keep-alive
      Last-Modified: Mon, 06 Dec 2021 15:49:46 GMT
      x-amz-meta-cb-modifiedtime: Mon, 06 Dec 2021 15:47:02 GMT
      Accept-Ranges: bytes
      Server: AmazonS3
      Date: Thu, 29 Jun 2023 04:11:47 GMT
      ETag: "1d66bac6d892d75acd1ca5fe4fd39974"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: 0nFvmpzHB5prqxfBOkozinE3E8e-SwWSzFV6BqQDmK7tXC_eDcdcfg==
      Age: 54188
    • flag-nl
      GET
      https://content.overwolf.com/Installer/webapp3/js/block_inputs.js
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /Installer/webapp3/js/block_inputs.js HTTP/1.1
      Accept: */*
      Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: application/x-javascript
      Content-Length: 281
      Connection: keep-alive
      Last-Modified: Mon, 06 Dec 2021 15:49:16 GMT
      x-amz-meta-cb-modifiedtime: Tue, 31 Oct 2017 10:02:10 GMT
      Accept-Ranges: bytes
      Server: AmazonS3
      Date: Thu, 29 Jun 2023 18:29:29 GMT
      ETag: "78958110509900367e8bd8f6fe554e70"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: Q_wmPA-5y1FCo6WZdWfAd7LS7pxgQyMgiR7dbY64ljLXgbh6yyxKzg==
      Age: 2389
    • flag-nl
      GET
      https://content.overwolf.com/Installer/webapp3/images/progress-app-image-02.png
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /Installer/webapp3/images/progress-app-image-02.png HTTP/1.1
      Accept: */*
      Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: image/png
      Content-Length: 2294
      Connection: keep-alive
      Last-Modified: Mon, 06 Dec 2021 15:49:44 GMT
      x-amz-meta-cb-modifiedtime: Thu, 02 Dec 2021 11:23:15 GMT
      Accept-Ranges: bytes
      Server: AmazonS3
      Date: Thu, 29 Jun 2023 05:22:22 GMT
      ETag: "9626ec7a1330f4fa65abb37f08ff6421"
      Vary: Accept-Encoding
      X-Cache: Hit from cloudfront
      Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: Vx6UgVEBGzuKyxR4gHsV5SKmao4s5B4SCjyvSgk59Azk6BmgIR3GbA==
      Age: 49615
    • flag-nl
      GET
      https://content.overwolf.com/Installer/webapp3/assets/fonts/lato/Lato-Regular.eot?
      OWinstaller.exe
      Remote address:
      13.227.219.49:443
      Request
      GET /Installer/webapp3/assets/fonts/lato/Lato-Regular.eot? HTTP/1.1
      Accept: */*
      Referer: https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1
      Accept-Language: en-US
      Origin: https://content.overwolf.com
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Host: content.overwolf.com
      Connection: Keep-Alive
      Response
      HTTP/1.1 200 OK
      Content-Type: application/octet-stream
      Content-Length: 253461
      Connection: keep-alive
      Access-Control-Allow-Origin: *
      Access-Control-Allow-Methods: GET, HEAD
      Access-Control-Max-Age: 3000
      Last-Modified: Mon, 06 Dec 2021 15:49:47 GMT
      x-amz-meta-cb-modifiedtime: Sat, 25 May 2019 10:14:01 GMT
      Accept-Ranges: bytes
      Server: AmazonS3
      Date: Thu, 29 Jun 2023 06:44:10 GMT
      ETag: "8ab18d934cfa1e51dc8273cd8585387e"
      Vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
      X-Cache: Hit from cloudfront
      Via: 1.1 bb1fd0922e473ba97ff6a00f6c71141a.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS54-C1
      X-Amz-Cf-Id: 0_YwtzmIpjnbMZW6ZIY3uEvLQLvZTtfePhRsJRvcQEGLZBRTsIZ8BQ==
      Age: 44714
    • flag-us
      DNS
      23.235.186.35.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      23.235.186.35.in-addr.arpa
      IN PTR
      Response
      23.235.186.35.in-addr.arpa
      IN PTR
      2323518635bcgoogleusercontentcom
    • flag-us
      DNS
      49.219.227.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      49.219.227.13.in-addr.arpa
      IN PTR
      Response
      49.219.227.13.in-addr.arpa
      IN PTR
      server-13-227-219-49ams54r cloudfrontnet
    • flag-us
      DNS
      64.86.9.65.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      64.86.9.65.in-addr.arpa
      IN PTR
      Response
      64.86.9.65.in-addr.arpa
      IN PTR
      server-65-9-86-64ams1r cloudfrontnet
    • flag-us
      DNS
      159.240.178.107.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      159.240.178.107.in-addr.arpa
      IN PTR
      Response
      159.240.178.107.in-addr.arpa
      IN PTR
      159240178107bcgoogleusercontentcom
    • flag-us
      DNS
      136.61.156.108.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      136.61.156.108.in-addr.arpa
      IN PTR
      Response
      136.61.156.108.in-addr.arpa
      IN PTR
      server-108-156-61-136ams1r cloudfrontnet
    • flag-us
      DNS
      ocsp.r2m02.amazontrust.com
      OWinstaller.exe
      Remote address:
      8.8.8.8:53
      Request
      ocsp.r2m02.amazontrust.com
      IN A
      Response
      ocsp.r2m02.amazontrust.com
      IN A
      18.66.128.120
    • flag-us
      DNS
      www.overwolf.com
      OWinstaller.exe
      Remote address:
      8.8.8.8:53
      Request
      www.overwolf.com
      IN A
      Response
      www.overwolf.com
      IN CNAME
      d9izjqopfltbj.cloudfront.net
      d9izjqopfltbj.cloudfront.net
      IN A
      65.9.86.64
      d9izjqopfltbj.cloudfront.net
      IN A
      65.9.86.57
      d9izjqopfltbj.cloudfront.net
      IN A
      65.9.86.123
      d9izjqopfltbj.cloudfront.net
      IN A
      65.9.86.107
    • flag-de
      GET
      http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEALwVLnxzZ9BlqdgaIzdoyI%3D
      OWinstaller.exe
      Remote address:
      18.66.128.120:80
      Request
      GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEALwVLnxzZ9BlqdgaIzdoyI%3D HTTP/1.1
      Connection: Keep-Alive
      Accept: */*
      User-Agent: Microsoft-CryptoAPI/10.0
      Host: ocsp.r2m02.amazontrust.com
      Response
      HTTP/1.1 200 OK
      Content-Type: application/ocsp-response
      Content-Length: 471
      Connection: keep-alive
      Cache-Control: max-age=7200
      Date: Thu, 29 Jun 2023 18:59:36 GMT
      Server: ECAcc (amb/6B4C)
      X-Cache: Hit from cloudfront
      Via: 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: FRA60-P2
      X-Amz-Cf-Id: aFlwbFmfphD8rpOsfCv2RhUKBryyCtfJbfyt5KeldihhpLAg6LRVqA==
      Age: 569
    • flag-nl
      GET
      https://www.overwolf.com/.galleries/app-icons/buff.game-Buff_Achievement_Tracker_Icone2c77c14-c947-4689-a168-7078966c10c5.png
      OWinstaller.exe
      Remote address:
      65.9.86.64:443
      Request
      GET /.galleries/app-icons/buff.game-Buff_Achievement_Tracker_Icone2c77c14-c947-4689-a168-7078966c10c5.png HTTP/1.1
      Accept: */*
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Connection: Keep-Alive
      Host: www.overwolf.com
      Response
      HTTP/1.1 200 OK
      Content-Type: image/png
      Content-Length: 958
      Connection: keep-alive
      Date: Thu, 29 Jun 2023 19:00:44 GMT
      Server: Apache
      Expires: Fri, 30 Jun 2023 16:02:47 CEST
      Access-Control-Allow-Origin: *
      X-Frame-Options: SAMEORIGIN
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      X-Cache: Hit from cloudfront
      Via: 1.1 e029c86e892e2d8a35492f6625a1d26e.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS1-C1
      Alt-Svc: h3=":443"; ma=86400
      X-Amz-Cf-Id: _rHYABxjq8i6gT8MEy_wUH2t3oqEK3tCHdEdPYrXQderrUvLgrJU0w==
      Age: 18378
    • flag-nl
      GET
      https://www.overwolf.com/.galleries/app-tiles/buff.game-Buff_Achievement_Tracker_Tilee2c77c14-c947-4689-a168-7078966c10c5.jpg
      OWinstaller.exe
      Remote address:
      65.9.86.64:443
      Request
      GET /.galleries/app-tiles/buff.game-Buff_Achievement_Tracker_Tilee2c77c14-c947-4689-a168-7078966c10c5.jpg HTTP/1.1
      Accept: */*
      Accept-Language: en-US
      UA-CPU: AMD64
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
      Connection: Keep-Alive
      Host: www.overwolf.com
      Response
      HTTP/1.1 200 OK
      Content-Type: image/jpeg
      Content-Length: 68547
      Connection: keep-alive
      Date: Thu, 29 Jun 2023 18:55:26 GMT
      Server: Apache
      Expires: Fri, 30 Jun 2023 23:04:47 KST
      Access-Control-Allow-Origin: *
      X-Frame-Options: SAMEORIGIN
      Strict-Transport-Security: max-age=31536000; includeSubDomains
      X-Cache: Hit from cloudfront
      Via: 1.1 241b025da3883bdb653910a6da97c0a8.cloudfront.net (CloudFront)
      X-Amz-Cf-Pop: AMS1-C1
      Alt-Svc: h3=":443"; ma=86400
      X-Amz-Cf-Id: wOowcHO_8iG3Bb8T9cS5FpDfdFizaqY0aDAwWSrugpVM5toUPxyYjA==
      Age: 18257
    • flag-us
      DNS
      11.102.239.18.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.102.239.18.in-addr.arpa
      IN PTR
      Response
      11.102.239.18.in-addr.arpa
      IN PTR
      server-18-239-102-11ams1r cloudfrontnet
    • flag-us
      DNS
      106.208.58.216.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      106.208.58.216.in-addr.arpa
      IN PTR
      Response
      106.208.58.216.in-addr.arpa
      IN PTR
      sof01s11-in-f1061e100net
      106.208.58.216.in-addr.arpa
      IN PTR
      ams17s08-in-f10�J
    • flag-us
      DNS
      35.36.251.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      35.36.251.142.in-addr.arpa
      IN PTR
      Response
      35.36.251.142.in-addr.arpa
      IN PTR
      ams17s12-in-f31e100net
    • flag-us
      DNS
      120.128.66.18.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      120.128.66.18.in-addr.arpa
      IN PTR
      Response
      120.128.66.18.in-addr.arpa
      IN PTR
      server-18-66-128-120fra60r cloudfrontnet
    • flag-us
      DNS
      131.179.250.142.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      131.179.250.142.in-addr.arpa
      IN PTR
      Response
      131.179.250.142.in-addr.arpa
      IN PTR
      ams17s10-in-f31e100net
    • flag-us
      DNS
      212.46.222.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      212.46.222.23.in-addr.arpa
      IN PTR
      Response
      212.46.222.23.in-addr.arpa
      IN PTR
      a23-222-46-212deploystaticakamaitechnologiescom
    • flag-us
      DNS
      99.113.223.173.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      99.113.223.173.in-addr.arpa
      IN PTR
      Response
      99.113.223.173.in-addr.arpa
      IN PTR
      a173-223-113-99deploystaticakamaitechnologiescom
    • flag-us
      DNS
      99.113.223.173.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      99.113.223.173.in-addr.arpa
      IN PTR
      Response
      99.113.223.173.in-addr.arpa
      IN PTR
      a173-223-113-99deploystaticakamaitechnologiescom
    • flag-us
      DNS
      58.14.97.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      58.14.97.104.in-addr.arpa
      IN PTR
      Response
      58.14.97.104.in-addr.arpa
      IN PTR
      a104-97-14-58deploystaticakamaitechnologiescom
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      146.78.124.51.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.78.124.51.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      59.128.231.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      59.128.231.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      59.128.231.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      59.128.231.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.23.85.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.23.85.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      18.31.95.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      18.31.95.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      8.195.19.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.195.19.2.in-addr.arpa
      IN PTR
      Response
      8.195.19.2.in-addr.arpa
      IN PTR
      a2-19-195-8deploystaticakamaitechnologiescom
    • flag-us
      DNS
      8.195.19.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.195.19.2.in-addr.arpa
      IN PTR
      Response
      8.195.19.2.in-addr.arpa
      IN PTR
      a2-19-195-8deploystaticakamaitechnologiescom
    • flag-us
      DNS
      86.8.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.8.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      86.8.109.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.8.109.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      9.228.82.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      9.228.82.20.in-addr.arpa
      IN PTR
      Response
    • 69.16.175.10:80
      http://analyticsnew.overwolf.com/analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.218.0.8%22%7d%5d
      http
      Buff Achievement Tracker - Installer.exe
      871 B
      589 B
      13
      5

      HTTP Request

      GET http://analyticsnew.overwolf.com/analytics/Counter?Name=installer_uac_action&Value=1&&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.218.0.8%22%7d%5d

      HTTP Response

      200
    • 172.217.23.206:80
      http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=288911388&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=677036673&utmr=/&utmp=/&utmac=UA-18298709-8&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event
      http
      OWinstaller.exe
      1.6kB
      1.1kB
      7
      5

      HTTP Request

      GET http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=41387868&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=17080157&utmr=/&utmp=/&utmac=UA-80584726-1&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event

      HTTP Response

      200

      HTTP Request

      GET http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=288911388&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=677036673&utmr=/&utmp=/&utmac=UA-18298709-8&utmcc=__utma%3D0.1971004251.1688065740.1688065740.1688065740.2%3B%2B__utmz%3D0.1688065740.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client%29%28%29&gaq=1&utmt=event

      HTTP Response

      200
    • 69.16.175.10:80
      http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=installer_webbrowser_init&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522ver%2522%252c%2522Value%2522%253a%252211.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d
      http
      OWinstaller.exe
      2.3kB
      1.5kB
      16
      10

      HTTP Request

      GET http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Funnel2_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d

      HTTP Response

      200

      HTTP Request

      GET http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=Manual_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522existingUUID%2522%252c%2522Value%2522%253a%25227a0b5f63-92b5-4443-b457-34250c67f41d%2522%257d%252c%257b%2522Name%2522%253a%2522appstoreUUID%2522%252c%2522Value%2522%253a%2522%2522%257d%252c%257b%2522Name%2522%253a%2522clientInstalled%2522%252c%2522Value%2522%253a%2522False%2522%257d%252c%257b%2522Name%2522%253a%2522sel_app%2522%252c%2522Value%2522%253a%2522caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d

      HTTP Response

      200

      HTTP Request

      GET http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=3762&Name=installer_webbrowser_init&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19041.1288%2522%257d%252c%257b%2522Name%2522%253a%2522ver%2522%252c%2522Value%2522%253a%252211.0.19041.1288%2522%257d%255d&owver=2.222.0.1&MUID=7a0b5f63-92b5-4443-b457-34250c67f41d

      HTTP Response

      200
    • 35.186.235.23:443
      https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js
      tls, http
      OWinstaller.exe
      1.9kB
      25.2kB
      27
      23

      HTTP Request

      GET https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js

      HTTP Response

      200
    • 13.227.219.49:443
      content.overwolf.com
      tls
      OWinstaller.exe
      647 B
      6.2kB
      10
      7
    • 13.227.219.49:443
      https://content.overwolf.com/Installer/webapp3/images/progress-app-image-03.png
      tls, http
      OWinstaller.exe
      7.5kB
      110.6kB
      94
      88

      HTTP Request

      GET https://content.overwolf.com/Installer/webapp3/progress.html?isApp=app&state=installing&lang=en&ver=1

      HTTP Response

      200

      HTTP Request

      GET https://content.overwolf.com/cmp/vendor-list.json

      HTTP Response

      200

      HTTP Request

      GET https://content.overwolf.com/Installer/webapp3/css/fonts.css

      HTTP Response

      200

      HTTP Request

      GET https://content.overwolf.com/Installer/webapp3/js/libs/jquery-1.10.2.min.js

      HTTP Response

      200

      HTTP Request

      GET https://content.overwolf.com/Installer/webapp3/images/progress-app-image-01.png

      HTTP Response

      200

      HTTP Request

      GET https://content.overwolf.com/Installer/webapp3/images/progress-app-image-03.png

      HTTP Response

      200
    • 65.9.86.64:443
      https://storeapi.overwolf.com/asset/tile-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl
      tls, http
      OWinstaller.exe
      1.3kB
      6.9kB
      13
      11

      HTTP Request

      GET https://storeapi.overwolf.com/asset/tile-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl

      HTTP Response

      302
    • 65.9.86.64:443
      https://storeapi.overwolf.com/asset/logo-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl
      tls, http
      OWinstaller.exe
      1.3kB
      7.4kB
      14
      11

      HTTP Request

      GET https://storeapi.overwolf.com/asset/logo-image/caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl

      HTTP Response

      302
    • 107.178.240.159:443
      https://api-js.mixpanel.com/track/?ip=1&_=1688065743903
      tls, http
      OWinstaller.exe
      2.4kB
      6.1kB
      14
      11

      HTTP Request

      POST https://api-js.mixpanel.com/track/?ip=1&_=1688065743903

      HTTP Response

      200
    • 13.227.219.49:443
      https://content.overwolf.com/Installer/webapp3/assets/fonts/lato/Lato-Regular.eot?
      tls, http
      OWinstaller.exe
      15.4kB
      334.9kB
      256
      249

      HTTP Request

      GET https://content.overwolf.com/cmp/vendor-list.json

      HTTP Response

      200

      HTTP Request

      GET https://content.overwolf.com/Installer/webapp3/css/reset.css

      HTTP Response

      200

      HTTP Request

      GET https://content.overwolf.com/Installer/webapp3/css/style.css

      HTTP Response

      200

      HTTP Request

      GET https://content.overwolf.com/Installer/webapp3/css/progress.css

      HTTP Response

      200

      HTTP Request

      GET https://content.overwolf.com/Installer/webapp3/js/block_inputs.js

      HTTP Response

      200

      HTTP Request

      GET https://content.overwolf.com/Installer/webapp3/images/progress-app-image-02.png

      HTTP Response

      200

      HTTP Request

      GET https://content.overwolf.com/Installer/webapp3/assets/fonts/lato/Lato-Regular.eot?

      HTTP Response

      200
    • 18.66.128.120:80
      http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEALwVLnxzZ9BlqdgaIzdoyI%3D
      http
      OWinstaller.exe
      523 B
      1.1kB
      6
      5

      HTTP Request

      GET http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEALwVLnxzZ9BlqdgaIzdoyI%3D

      HTTP Response

      200
    • 65.9.86.64:443
      https://www.overwolf.com/.galleries/app-icons/buff.game-Buff_Achievement_Tracker_Icone2c77c14-c947-4689-a168-7078966c10c5.png
      tls, http
      OWinstaller.exe
      1.4kB
      8.1kB
      15
      13

      HTTP Request

      GET https://www.overwolf.com/.galleries/app-icons/buff.game-Buff_Achievement_Tracker_Icone2c77c14-c947-4689-a168-7078966c10c5.png

      HTTP Response

      200
    • 65.9.86.64:443
      https://www.overwolf.com/.galleries/app-tiles/buff.game-Buff_Achievement_Tracker_Tilee2c77c14-c947-4689-a168-7078966c10c5.jpg
      tls, http
      OWinstaller.exe
      3.5kB
      71.7kB
      59
      57

      HTTP Request

      GET https://www.overwolf.com/.galleries/app-tiles/buff.game-Buff_Achievement_Tracker_Tilee2c77c14-c947-4689-a168-7078966c10c5.jpg

      HTTP Response

      200
    • 13.89.179.10:443
      322 B
      7
    • 8.8.8.8:53
      analyticsnew.overwolf.com
      dns
      OWinstaller.exe
      71 B
      139 B
      1
      1

      DNS Request

      analyticsnew.overwolf.com

      DNS Response

      69.16.175.10
      69.16.175.42

    • 8.8.8.8:53
      208.194.73.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      208.194.73.20.in-addr.arpa

    • 8.8.8.8:53
      10.175.16.69.in-addr.arpa
      dns
      71 B
      112 B
      1
      1

      DNS Request

      10.175.16.69.in-addr.arpa

    • 8.8.8.8:53
      254.143.241.8.in-addr.arpa
      dns
      72 B
      126 B
      1
      1

      DNS Request

      254.143.241.8.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
      144 B
      1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      43.58.199.20.in-addr.arpa
      dns
      71 B
      157 B
      1
      1

      DNS Request

      43.58.199.20.in-addr.arpa

    • 8.8.8.8:53
      54.120.234.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      54.120.234.20.in-addr.arpa

    • 8.8.8.8:53
      206.23.217.172.in-addr.arpa
      dns
      73 B
      173 B
      1
      1

      DNS Request

      206.23.217.172.in-addr.arpa

    • 8.8.8.8:53
      23.159.190.20.in-addr.arpa
      dns
      72 B
      158 B
      1
      1

      DNS Request

      23.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      cdn.mxpnl.com
      dns
      OWinstaller.exe
      59 B
      91 B
      1
      1

      DNS Request

      cdn.mxpnl.com

      DNS Response

      35.186.235.23
      130.211.5.208

    • 8.8.8.8:53
      content.overwolf.com
      dns
      OWinstaller.exe
      66 B
      173 B
      1
      1

      DNS Request

      content.overwolf.com

      DNS Response

      13.227.219.49
      13.227.219.33
      13.227.219.2
      13.227.219.73

    • 8.8.8.8:53
      storeapi.overwolf.com
      dns
      OWinstaller.exe
      67 B
      174 B
      1
      1

      DNS Request

      storeapi.overwolf.com

      DNS Response

      65.9.86.64
      65.9.86.50
      65.9.86.65
      65.9.86.37

    • 8.8.8.8:53
      api-js.mixpanel.com
      dns
      OWinstaller.exe
      65 B
      129 B
      1
      1

      DNS Request

      api-js.mixpanel.com

      DNS Response

      107.178.240.159
      35.190.25.25
      35.186.241.51
      130.211.34.183

    • 8.8.8.8:53
      23.235.186.35.in-addr.arpa
      dns
      72 B
      124 B
      1
      1

      DNS Request

      23.235.186.35.in-addr.arpa

    • 8.8.8.8:53
      49.219.227.13.in-addr.arpa
      dns
      72 B
      129 B
      1
      1

      DNS Request

      49.219.227.13.in-addr.arpa

    • 8.8.8.8:53
      64.86.9.65.in-addr.arpa
      dns
      69 B
      122 B
      1
      1

      DNS Request

      64.86.9.65.in-addr.arpa

    • 8.8.8.8:53
      159.240.178.107.in-addr.arpa
      dns
      74 B
      128 B
      1
      1

      DNS Request

      159.240.178.107.in-addr.arpa

    • 8.8.8.8:53
      136.61.156.108.in-addr.arpa
      dns
      73 B
      130 B
      1
      1

      DNS Request

      136.61.156.108.in-addr.arpa

    • 8.8.8.8:53
      ocsp.r2m02.amazontrust.com
      dns
      OWinstaller.exe
      72 B
      88 B
      1
      1

      DNS Request

      ocsp.r2m02.amazontrust.com

      DNS Response

      18.66.128.120

    • 8.8.8.8:53
      www.overwolf.com
      dns
      OWinstaller.exe
      62 B
      168 B
      1
      1

      DNS Request

      www.overwolf.com

      DNS Response

      65.9.86.64
      65.9.86.57
      65.9.86.123
      65.9.86.107

    • 8.8.8.8:53
      11.102.239.18.in-addr.arpa
      dns
      72 B
      128 B
      1
      1

      DNS Request

      11.102.239.18.in-addr.arpa

    • 8.8.8.8:53
      106.208.58.216.in-addr.arpa
      dns
      73 B
      143 B
      1
      1

      DNS Request

      106.208.58.216.in-addr.arpa

    • 8.8.8.8:53
      35.36.251.142.in-addr.arpa
      dns
      72 B
      110 B
      1
      1

      DNS Request

      35.36.251.142.in-addr.arpa

    • 8.8.8.8:53
      120.128.66.18.in-addr.arpa
      dns
      72 B
      129 B
      1
      1

      DNS Request

      120.128.66.18.in-addr.arpa

    • 8.8.8.8:53
      131.179.250.142.in-addr.arpa
      dns
      74 B
      112 B
      1
      1

      DNS Request

      131.179.250.142.in-addr.arpa

    • 8.8.8.8:53
      212.46.222.23.in-addr.arpa
      dns
      72 B
      137 B
      1
      1

      DNS Request

      212.46.222.23.in-addr.arpa

    • 8.8.8.8:53
      99.113.223.173.in-addr.arpa
      dns
      146 B
      278 B
      2
      2

      DNS Request

      99.113.223.173.in-addr.arpa

      DNS Request

      99.113.223.173.in-addr.arpa

    • 8.8.8.8:53
      58.14.97.104.in-addr.arpa
      dns
      71 B
      135 B
      1
      1

      DNS Request

      58.14.97.104.in-addr.arpa

    • 8.8.8.8:53
      146.78.124.51.in-addr.arpa
      dns
      144 B
      316 B
      2
      2

      DNS Request

      146.78.124.51.in-addr.arpa

      DNS Request

      146.78.124.51.in-addr.arpa

    • 8.8.8.8:53
      59.128.231.4.in-addr.arpa
      dns
      142 B
      314 B
      2
      2

      DNS Request

      59.128.231.4.in-addr.arpa

      DNS Request

      59.128.231.4.in-addr.arpa

    • 8.8.8.8:53
      86.23.85.13.in-addr.arpa
      dns
      140 B
      288 B
      2
      2

      DNS Request

      86.23.85.13.in-addr.arpa

      DNS Request

      86.23.85.13.in-addr.arpa

    • 8.8.8.8:53
      18.31.95.13.in-addr.arpa
      dns
      140 B
      288 B
      2
      2

      DNS Request

      18.31.95.13.in-addr.arpa

      DNS Request

      18.31.95.13.in-addr.arpa

    • 8.8.8.8:53
      8.195.19.2.in-addr.arpa
      dns
      138 B
      262 B
      2
      2

      DNS Request

      8.195.19.2.in-addr.arpa

      DNS Request

      8.195.19.2.in-addr.arpa

    • 8.8.8.8:53
      86.8.109.52.in-addr.arpa
      dns
      140 B
      288 B
      2
      2

      DNS Request

      86.8.109.52.in-addr.arpa

      DNS Request

      86.8.109.52.in-addr.arpa

    • 8.8.8.8:53
      9.228.82.20.in-addr.arpa
      dns
      140 B
      312 B
      2
      2

      DNS Request

      9.228.82.20.in-addr.arpa

      DNS Request

      9.228.82.20.in-addr.arpa

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml

      Filesize

      752B

      MD5

      2c7bfa3a5f989330e22d9b669462ec29

      SHA1

      55a2ced54c85ae07344db107f7573c611b8c9013

      SHA256

      b65fbac7019e1618969fab7dfa1a727d1ebd299ca8224f67334daae1963a4396

      SHA512

      8d1a1c3c06a983e1bdd81cea677c873d32fe386f5aafde507339415e8c47474a100bd765bf5c09e74cf3f993ae96e3a0e9c52d3f03a3cdb69ac24ac0c23107bb

    • C:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt

      Filesize

      83KB

      MD5

      a1bbef34e0ba9e80cc43a11197158ad9

      SHA1

      f606788f3da0a3b5b7b19515d7e32af742109eea

      SHA256

      3f87ce2e7fab29d5e38df4faf4fa8ee7decc6be3125d3b5848bc61ff0e3519ea

      SHA512

      429dbc54377266fed587f31cbc37018d99a0832aba0b403e97d2d33e444209ebbc078842998089020ba81a90615b044794f4f4dd6b468f8c553bd90b11b6fe5f

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\CommandLine.dll

      Filesize

      68KB

      MD5

      b6b6fa587b962aba564fde90f63b48f6

      SHA1

      a2075082c2d4b7ff4a8847e816c87939afdecb53

      SHA256

      39709617237429eff46f7557eff6af3ebe7ace49bde07fce0013ea5b4c99f2ca

      SHA512

      9e63d553b101b6f73fd60baed470165e8805b0f208020b0b44617a26c0d0b2ceed864a37b61543a61a01c7f6d2df57acefd02fc1fa1b953427d244a0b5c0edb7

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\INetC.dll

      Filesize

      24KB

      MD5

      640bff73a5f8e37b202d911e4749b2e9

      SHA1

      9588dd7561ab7de3bca392b084bec91f3521c879

      SHA256

      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

      SHA512

      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\INetC.dll

      Filesize

      24KB

      MD5

      640bff73a5f8e37b202d911e4749b2e9

      SHA1

      9588dd7561ab7de3bca392b084bec91f3521c879

      SHA256

      c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

      SHA512

      39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\Newtonsoft.Json.dll

      Filesize

      692KB

      MD5

      98cbb64f074dc600b23a2ee1a0f46448

      SHA1

      c5e5ec666eeb51ec15d69d27685fe50148893e34

      SHA256

      7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13

      SHA512

      eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWInstaller.exe

      Filesize

      325KB

      MD5

      d0634b4a81f6c061a2fb13f3978c41d5

      SHA1

      f24e2824d2482fb3fe59035ddd155d97bfbd11c9

      SHA256

      7d354f19a0dd1304aef29e1b106ba84faeb6b8f50b09b0443bd4f9dfb5b47111

      SHA512

      6f1c95850ee1e074dd46d618d125870bf46410af3913dadf9560648c759a9ca254e8043daac66faf591e169a74cb3b5ad035cd8e2d41de620ad1ad61d3099a47

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWInstaller.exe

      Filesize

      325KB

      MD5

      d0634b4a81f6c061a2fb13f3978c41d5

      SHA1

      f24e2824d2482fb3fe59035ddd155d97bfbd11c9

      SHA256

      7d354f19a0dd1304aef29e1b106ba84faeb6b8f50b09b0443bd4f9dfb5b47111

      SHA512

      6f1c95850ee1e074dd46d618d125870bf46410af3913dadf9560648c759a9ca254e8043daac66faf591e169a74cb3b5ad035cd8e2d41de620ad1ad61d3099a47

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWInstaller.exe

      Filesize

      325KB

      MD5

      d0634b4a81f6c061a2fb13f3978c41d5

      SHA1

      f24e2824d2482fb3fe59035ddd155d97bfbd11c9

      SHA256

      7d354f19a0dd1304aef29e1b106ba84faeb6b8f50b09b0443bd4f9dfb5b47111

      SHA512

      6f1c95850ee1e074dd46d618d125870bf46410af3913dadf9560648c759a9ca254e8043daac66faf591e169a74cb3b5ad035cd8e2d41de620ad1ad61d3099a47

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWinstaller.exe

      Filesize

      325KB

      MD5

      d0634b4a81f6c061a2fb13f3978c41d5

      SHA1

      f24e2824d2482fb3fe59035ddd155d97bfbd11c9

      SHA256

      7d354f19a0dd1304aef29e1b106ba84faeb6b8f50b09b0443bd4f9dfb5b47111

      SHA512

      6f1c95850ee1e074dd46d618d125870bf46410af3913dadf9560648c759a9ca254e8043daac66faf591e169a74cb3b5ad035cd8e2d41de620ad1ad61d3099a47

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OWinstaller.exe.config

      Filesize

      632B

      MD5

      82d22e4e19e27e306317513b9bfa70ff

      SHA1

      ff3c7dd06b7fff9c12b1beaf0ca32517710ac161

      SHA256

      272e4c5364193e73633caa3793e07509a349b79314ea01808b24fdb12c51b827

      SHA512

      b0fb708f6bcab923f5b381b7f03b3220793eff69559e895d7cf0e33781358ec2159f9c8276bf8ba81302feda8721327d43607868de5caaa9015d7bb82060a0b9

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OverWolf.Client.CommonUtils.dll

      Filesize

      576KB

      MD5

      6f2cd11e22d645a9a96d0af7ef41e591

      SHA1

      262833b218889d6ceabe45993789df0c651720de

      SHA256

      e17992155fb558a778a09ff028c1bf084dfe7c7d8a3e713eb8ad8293d8e3c011

      SHA512

      e6728f8d4ea913ca3ffc221579a77f18a2c63ea39b8666f1a67b516c1d4c00cdd4d503002039bb40b77b4f6309b96a5b304c65c17fbf948e2520771959250de1

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OverWolf.Client.CommonUtils.dll

      Filesize

      576KB

      MD5

      6f2cd11e22d645a9a96d0af7ef41e591

      SHA1

      262833b218889d6ceabe45993789df0c651720de

      SHA256

      e17992155fb558a778a09ff028c1bf084dfe7c7d8a3e713eb8ad8293d8e3c011

      SHA512

      e6728f8d4ea913ca3ffc221579a77f18a2c63ea39b8666f1a67b516c1d4c00cdd4d503002039bb40b77b4f6309b96a5b304c65c17fbf948e2520771959250de1

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\OverWolf.Client.CommonUtils.dll

      Filesize

      576KB

      MD5

      6f2cd11e22d645a9a96d0af7ef41e591

      SHA1

      262833b218889d6ceabe45993789df0c651720de

      SHA256

      e17992155fb558a778a09ff028c1bf084dfe7c7d8a3e713eb8ad8293d8e3c011

      SHA512

      e6728f8d4ea913ca3ffc221579a77f18a2c63ea39b8666f1a67b516c1d4c00cdd4d503002039bb40b77b4f6309b96a5b304c65c17fbf948e2520771959250de1

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\SharpRaven.dll

      Filesize

      80KB

      MD5

      6a978f944cc4e39f66b1895336eb4301

      SHA1

      620ad5adeb12b9ef096c857486f937e288a03587

      SHA256

      154bf227f4a1f7a4a2ffdbe2cf5e7481b750652ce7ac31186efb3b9d163a294c

      SHA512

      f56a93af202cc832a4c718339ba871dc52bae734217c6694ed6eb09e4797aa8ea15f6e747fc7127e5770ef34ce5b959bb7482d812dba72b481f626284e9c4fec

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\System.dll

      Filesize

      11KB

      MD5

      7399323923e3946fe9140132ac388132

      SHA1

      728257d06c452449b1241769b459f091aabcffc5

      SHA256

      5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3

      SHA512

      d6f28ba761351f374ae007c780be27758aea7b9f998e2a88a542eede459d18700adffe71abcb52b8a8c00695efb7ccc280175b5eeb57ca9a645542edfabb64f1

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\UserInfo.dll

      Filesize

      4KB

      MD5

      9301577ff4d229347fe33259b43ef3b2

      SHA1

      5e39eb4f99920005a4b2303c8089d77f589c133d

      SHA256

      090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc

      SHA512

      77dc7a1dedaeb1fb2ccefaba0a526b8d40ea64b9b37af53c056b9428159b67d552e5e3861cbffc2149ec646fdfe9ce94f4fdca51703f79c93e5f45c085e52c79

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\_locales\en\messages.json

      Filesize

      10KB

      MD5

      e404a0ea1ac8d53b2efb0fda7f1f2795

      SHA1

      ec38cee96fce134fe9b08b83133e2a40c484db43

      SHA256

      448ea9ebb9ef609b852d78976708cd3d3c91674de3e60766704ff2d066f0de53

      SHA512

      8d9e10f2ba26be6bdc0e54b8e650c3f21543358b645bc9342964d258e8a1ca558e08225f3aaab5a19ad411c34fdfccc932d2cc51c6b5ced43415ef32cb9339f0

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\assets\fonts\lato\LatoLatin-Regular.eot

      Filesize

      66KB

      MD5

      6cfad5881181ae658a6efdd68889a690

      SHA1

      5b54f6ccc20ed3a078fbdf94d7a68ac80002624d

      SHA256

      c6c970b103b3c3aa83f7a45172619a4451ea5f015f9f3ef4fd08c9a4aa895cbc

      SHA512

      ddd3d43540eb3d4eef48d0834136de1e7bf23a52f286d0a666cf57c7d685aadf1cea6d37c88f9d7ce5ad6143d7c3213f54b16a11f616b7dce154bba50997bbe7

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\bottom-arrow.png

      Filesize

      279B

      MD5

      847fab99890ddd7460e758ad8d463ba9

      SHA1

      bdf8c1e45993ee33ee0bf9a2e43d6048df71cb8a

      SHA256

      46bfb08af2269108c681b78373c98e899b4234adce39394322c7dfd6d40dcdac

      SHA512

      0bd2075c61eafc2946a9431bd4fbbbb141f3743144782376874640e4aae1ee97a05844589661b3a0912b23dacdf57e0a667d8ffa8ccd0f4358e5802e653aef1c

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\close-hover.png

      Filesize

      399B

      MD5

      5b691eb1c6836563447358b108bc9f39

      SHA1

      14104e60754aa46034effcbdf21af44e13f3c4cb

      SHA256

      aaad22634eed5977eb3a690652f16f4efda3143dfb0c165cd391bd862de6eef0

      SHA512

      d239bba8ce1c22dcf6d8c830614c158290b1fd9f684f7eda86e959f5cfa86cc572fa01711e0d0850f48e13c654a9e69675d83148a3bf22f64de91f7a51eaa124

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\close-normal.png

      Filesize

      330B

      MD5

      1acb62ec3fa5a82347c330512f2259d6

      SHA1

      c81389f19687e791bc4ada896620b17471371c04

      SHA256

      e8bd82cb680ae552f587a3f0bdc1df18fc7624dffec501840cc508d327baeec3

      SHA512

      a6693f68c41f8a7c137f3129403b14144329c132b99956ff2c1cc5317b046eaec70aef82c7c05b9220c3c3a7f2a417718fb65bbbe486250c05191778456f602a

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\icon.ico

      Filesize

      21KB

      MD5

      51e75bda8d67975d112b9e3676cfee94

      SHA1

      681691af738cd40573219a5cb53f0e898f8f81a9

      SHA256

      2d57121ff4e34cf983bc91b41fdb974883b41efe213bb149e3e81d7d4d10d41e

      SHA512

      405a4d29e081ff0bffa081ae4f527ebf9c850fcebca9f1a75af05077289bbdb0dd34d1636734b456767df71e06c7d23ac5d5dd364d2f57e970f72aa476088195

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\minimize-hover.png

      Filesize

      171B

      MD5

      f4b8851b9ef5a55b0d45392baceb31fb

      SHA1

      03a87a04dc75579a8568543d40db963b6e9f4051

      SHA256

      d84b877f7a2d601b1d71cf878b33ff78c94c2d144a0f4d72436a7dcf64e712c2

      SHA512

      a849659d4ba4e40b924108cd567a58f4b1569afc5c7517a10c26fd6d64422fa61812683292da1c3b19dbe91c63aacd5cd1c5b342ccce98b6815e94b55767ce4f

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\minimize-normal.png

      Filesize

      150B

      MD5

      1bcfd10e50ab56ac335a463ec19b8d33

      SHA1

      b5054dd1cdd714a6771bc11e43291df361a16ccc

      SHA256

      aa2b021cd0dd9563705503dad48866eac926c7ace608ff8d00f755afc509f39b

      SHA512

      7257c401db826ed1f4a549b1b899d0fb4a5bcc3c599ced49b07a64fc308b08fb208dc378a32d9c3cd193b4d603ae76f82bb297334998ca6abb790081a5467edf

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\images\welcome-logo.png

      Filesize

      995B

      MD5

      860785e1633b7a170ec443f4d36551c7

      SHA1

      f5a3401fdb22bffabbaae7f912f93cddbb7ea148

      SHA256

      2e3dced384fe419468973dcb074794b1444f48bce8f96217aa5e3a98c34e4c01

      SHA512

      217b2177b9f990ee27d1e169dca9f99da18e9bd41fc6d7a5ce7d01cf9e35a23f343763835424125b3fa73de196579054e56542e5885327c6922deeb34fd78e16

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\index.html

      Filesize

      18KB

      MD5

      d367bf95bb13abbb839927ef76618253

      SHA1

      95b95767ec022a74f4c9a6b74895557439817ac9

      SHA256

      a7db7133613735b6b5c96d4ee3eb8a1630ee783dd41a81260f2461a66c3728d8

      SHA512

      98fa35e39b3dc54d410c7b4af0efe31845e195473843d2ce0e25ad4b892784a2fba6a9e99964b47a4c3c1d49bc9e839c210a73c7cc788643ef36abe8a1966952

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\app.js

      Filesize

      21KB

      MD5

      7c15ecdc0a6c4894af1ebf28e32aed6f

      SHA1

      db55a0d8935fb49b9be45da4bb4ee88a5277b7db

      SHA256

      5e67c50e827ad0e651d58646ffeae6a22d6c048e34e33b5e8f1fa98a21f40eab

      SHA512

      792a28a59330c60f8769d46eb32d1e0c0ff25b27b338288eb6c6e4c7278d3c4dacd44d58bf8c5006e4b8fa5dc313ee23581d0c33e2b0696632dafd7223893472

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\block_inputs.js

      Filesize

      789B

      MD5

      b5b52c92b90f4283a761cb8a40860c75

      SHA1

      7212e7e566795017e179e7b9c9bf223b0cdb9ec2

      SHA256

      f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544

      SHA512

      16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\libs\cmp.bundle.js

      Filesize

      296KB

      MD5

      c3dbbd4cfe15de60c8c3606ddf9c8784

      SHA1

      ef44afa8b6fb172b04aa62242b78d90b7ff34a3f

      SHA256

      a1d99c498fb84e20aeffcb22e7b473fa88e2909f2b9eacdc63d8e09aa56b5aec

      SHA512

      849a71028e2db8a14178c14c05de413d23282fa49b59befddbc5279d203f27e0d2b21ee9ef43d0aa15b2c81c17d42301d52760c894b9f7ee78ddad258f31a5f9

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\libs\jquery-1.10.2.min.js

      Filesize

      90KB

      MD5

      44e3f0db3e4ab6fedc5758c05cf27591

      SHA1

      2d408aa1d35661019c95adcc60b78c0727ed25b4

      SHA256

      bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144

      SHA512

      4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\libs\mixpanel.js

      Filesize

      1KB

      MD5

      344e4265b3d4e1fecfd81c561293edab

      SHA1

      51dbcac23b839e64362d11763bbe64538ad80bb8

      SHA256

      88872b5b01a8d1dfee124333aba630ceb8535390130833dd2a312c461ac52217

      SHA512

      dcda17cb89861c4cd0be4b7cd93b58283cd1acc3c7a4a2176add3ea6403079c8567bcf88d878aa2e91e96c43b15a7ce668299c3d015c6dc4db5b15cddbe4ea7d

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\models\notifications.js

      Filesize

      4KB

      MD5

      a94dbd9bd18433d3bdc6c9efa61cba7e

      SHA1

      16260be72ae3101010b34b7f721edb72d0550dbf

      SHA256

      4eb5c8f6679df6f4a23455fe20230e1dac155324709dc8e5cb97b7ede46614bc

      SHA512

      6ea99466ad1252d203ba4c9a13baf6874b5603422676036aac9a03d4145529747e35b9819ce5fc35182fca78985daa4856c1d621be566b5e86e3e161135b6b61

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\analytics.js

      Filesize

      3KB

      MD5

      00da91079bba7d8b219376f9a9b20961

      SHA1

      fcaeffa5cc73a667c8ef69442ba62964fddeba5a

      SHA256

      15f8b8bd605296723e1322465f220e173c750da0745bdf39ec400ab6215c28c7

      SHA512

      d906ae32a0e2d5b65a030ac6a20a95bdba63cb86ded7d48a6f9d809fe000631c309eb81a5445fa68b45e16f06fe5d282827c026208429297f78be1e7d9ed9961

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\commands.js

      Filesize

      12KB

      MD5

      8077c868435c2ab49cc70683489d229b

      SHA1

      31dfe51f87ec33073b2209e60de7ecd647007c7b

      SHA256

      72947e14b9e17653b7557c7083a39e453d05f3ef529ddab77c6d6099a95cc881

      SHA512

      a9f0247a0e1242c02928567f5e9d71564af930446a2be9bcaf51b415a4d30e3a064b1bcaf2c7115a268b01597f2b57905f49f42bd1989398213c262abbafe2ca

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\cookies.js

      Filesize

      1KB

      MD5

      6c60e675f8c8c68c0174b644d3a63a2a

      SHA1

      3635a3fe07ccc4a6f33a986ddb690522d0611abb

      SHA256

      9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287

      SHA512

      1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\modal-events-delegate.js

      Filesize

      1KB

      MD5

      117e4fdbdb0ecf211c8bd909efd337d1

      SHA1

      9f8684d856b7c95bdffb139217dfd89f41373187

      SHA256

      267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857

      SHA512

      f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\strings-loader.js

      Filesize

      5KB

      MD5

      9c94eb933d8a43dd3825e67a7e30c980

      SHA1

      7ec7b16af6f399219209ba5967d377040486a11b

      SHA256

      96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf

      SHA512

      a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\utils\utils.js

      Filesize

      118B

      MD5

      a0952ebeab701c05c75710c33d725e7e

      SHA1

      1da8a2e889f1213d481ae3cd5571670c01e64adc

      SHA256

      b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246

      SHA512

      5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\cri\cri-controller.js

      Filesize

      5KB

      MD5

      d222c95a2ef0b75ad6c96a3abe20fdc5

      SHA1

      641c39f92a169f0ca435ed12d2a4d276eb415642

      SHA256

      aafb56625ec30b24035baafff7bc20215e8ec7e4be4ea58a90aa5b46bdd14a6e

      SHA512

      e9e66abf6d95fc15a6ffe46cf85c3c9d3b80f3884ca4c8cbb5d2b024fa1dcc46a5e2f39041a4a120a8b8b881d07b3d70b18b552332180aa08c4a67577ea6242b

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\cri\template.js

      Filesize

      1KB

      MD5

      76c1ef0cb437db144c2bed53a5a8a5d7

      SHA1

      aaab8fff649f8e46d1e9510018118ee9abe01498

      SHA256

      505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e

      SHA512

      822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js

      Filesize

      1KB

      MD5

      01878b1f0f27ba2af34f89c648f3e16f

      SHA1

      b45e04411d06052772b4645d1feb7a594b722067

      SHA256

      4c96454e5b0493676af666aa5716ba12209aa72fb30e8dbde8e85ab000a4350a

      SHA512

      5a7860c8df74ad9dd2eea3bd0927dbfa1fff1de7b9a093a6d727ecc2abb7139d721cbf76c55a7ade24ade5e08e6547321a62e3a1440eb202b7a8569305dfa782

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\finish-with-recommended-app\template.js

      Filesize

      681B

      MD5

      d1cb34b57cef7e28b9286454b197b712

      SHA1

      f3a964b319bab82d4eda07e126bbfd6dec35c349

      SHA256

      b61dfc304b46e8cd95d7b15bb93c6160b30523a1a093397a84fc8b8bed00ac42

      SHA512

      3a07de9c58134edbb7998f85e6d037a0cd066e32c4daa07594a949a7574f5693153bbcdb59739e1a92e847ab1128e2369fb30ba76a7b9cdfa9a37a409db691c1

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\finish\finish-controller.js

      Filesize

      2KB

      MD5

      cbdfd75bb47bda0ae536b3d45958b615

      SHA1

      9a69d440e1d8ba1976b2880964f7041c46e8bdf9

      SHA256

      b4221b80fbbc4ef93b3a1f668d8a3445353db9f3e1ec77c9b6520a7312ac46f9

      SHA512

      e78272fcd6af8656cd054c91b97508603792dcc75c4f7a123880671ff6ed126e03cd19ec13d005f655e8281a1e90f6b190be650ddf07522fa613a940148dd475

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\finish\template.js

      Filesize

      1KB

      MD5

      f092de7ea66d8e920b345f38537fa35d

      SHA1

      82d107a409f18878307ae0cefe24074db64937c4

      SHA256

      b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f

      SHA512

      14942c0122f216c07595cbaae498f9c4d37a2d0fd95f262c332502befdf4566c7a042c4d85702c1d82a111123dde677096195e9efeb1d74eb1dfd4df84d01a23

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\main\main-controller.js

      Filesize

      11KB

      MD5

      15b665a5c915004e1aa7e9e11a710f7e

      SHA1

      7821924e42bb19d60c572ff80bbaaa04d7aaeefb

      SHA256

      84dc33e2eb3118fc77a38b0ca53af42c53f6eb85cfb1e8737dbe39fa03515653

      SHA512

      dd47f7bac0dbaac714e6d2fc91b4c24756ca4acb70bdbc4b54cd5216552d6bb85ba2e1c3c8445c5fb40d116dfab6569945cd74730bb7c8f3cf46e8d08f8afa02

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\main\template.js

      Filesize

      3KB

      MD5

      a118c7724c208f12083240cafccfd10b

      SHA1

      f89c676a215b869626737862a08c9eb07d440211

      SHA256

      63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc

      SHA512

      9fede79044ae5de7baf5bfba0d5a515ce462a25420026ff45bcf1751e57510023cb40df42d08e880114f62b38ddb218355d5357b725df32a41ae4e6a18414cb3

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\modal\modal-controller.js

      Filesize

      2KB

      MD5

      995aa365976d4166ec6de5fe212b0255

      SHA1

      0d0e8c6aabfc8c967d5af224f66045314c0564b1

      SHA256

      cff5f7519eb05899df67ae1d79c9318ea344b068d95b565ae8dafacb70a1c52b

      SHA512

      71a51e34e92e2c478397e70ade9b33e39f4fb9a6da14f04a27997dfd9149978f4d90f0cb6d35e9ede116a2f6ed7f3c6f291383ef84d10994050893c1741f3de6

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\privacy\privacy-controller.js

      Filesize

      2KB

      MD5

      9caf44e466f9dc19ea102980da4ae5d5

      SHA1

      da7e0fa627f6f3d2d9f0ec091ba19aa81e66332f

      SHA256

      f0b55a937f0bdc60394c4259dc226562b552a6eaaac61950fa29400200f5380a

      SHA512

      e88b1e18b14e0abb6f625c4210196609f8f8c001dd3ff66b1807d66113df471468d6c8548bd1af1e1f5c25faf759517c4eb93108394ff1f9abc7b36a8b6ad11f

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\privacy\template.js

      Filesize

      655B

      MD5

      cf8d2c26520d7c84e560dfa79e31dcd3

      SHA1

      716f2ec17480d5cc9c145bc147833fbfc39d36f0

      SHA256

      95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8

      SHA512

      d466dcf7e86a4295857020feea281fc89f519f6bf1e79c3b5e1046d0745c9c9010377b1941e06c9a9b2c78a4173ed9909332d5d6c39b05f460e8a863086c895b

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\progress\progress-1-controller.js

      Filesize

      2KB

      MD5

      4bc723bda9cc718301f2533ca3196768

      SHA1

      7f78b74746762fd5007ea3fbce45349bb0ef7901

      SHA256

      164bbdea64ca671a04b91747191227a89992a34159f1578a2cbf0e16398af1ec

      SHA512

      920f898d1592ae8d713410ac3fb43e9d490d567f2bb70b8f8d2958a0899fb8bf6a0a735db63a8eb3e1bf2cb02be70354a0f7b92d12584b1ecbde2d5ec19f9a53

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\progress\template.js

      Filesize

      242B

      MD5

      92b145e6649ba0add3dee9a69d3fa91e

      SHA1

      4db1a45392ec973cc8a7eecf3a30a9a7ecc7a64d

      SHA256

      a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab

      SHA512

      747a087dffdba5c92d9f4c8923615d388b9c4c79d3b71d3cb90487aa37c132290a4f5107eef3055c03eadcb9614e20d4655393dc9251fab7e0ee2438f0d95751

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\settings\settings-controller.js

      Filesize

      6KB

      MD5

      7c30acb5d090c141185bf36c991c44ec

      SHA1

      59c12294a10835566e6ababc81ca6f66c0cfa984

      SHA256

      8928a80ed2c782ac5538cf7b2b5cbac05b5b70e03abb2e9c44cdf3061cf2f6ef

      SHA512

      9af7605aec15b76147060b592834568c023618ee9f1b6f375649c1a8f342476775f0b7b1fed1b015362dc481b1065a657f9a4b0aa8ae186a381acf6aef894ed3

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\settings\template.js

      Filesize

      2KB

      MD5

      aee08bbe8994d59ce5b0fd4611968394

      SHA1

      3533ee4e288625aefdf5b2cd2a17494e340fa097

      SHA256

      91bdc29c6bee6de168cec29912e46d8bfb53a2a7c3d5082e3933eff8db887ecf

      SHA512

      13462812b482f5bad79260ca1ae9f11db38d32c9ca01204f5b1fb5c512e11b963d070fc2c5ab88d40e0069144d9a96eec86990e4d05b3032085607dca3bc9b51

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\welcome\template.js

      Filesize

      1KB

      MD5

      17f54fca6723b983875d940d931e0afb

      SHA1

      01774cd5cea36bd74c80a708d6f77567e8091024

      SHA256

      42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb

      SHA512

      401df9a54cd14c19227d91bd08b4775a7b437644b4ca0d1d636d3e07b04591f9c5516e80040ae6a79ba400457d15e3d80aa148a63de870a64664fc5a02f7a038

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\js\windows\welcome\welcome-controller.js

      Filesize

      2KB

      MD5

      6127f0a4ee214776271ea6fce1fb58e9

      SHA1

      378cd32ccf043889de731fce6d96b6c21632a165

      SHA256

      aa42af897b154c05a5a5bdf5c9420e698bc943cf1a6fcd830aae7c5b8317f654

      SHA512

      f2b35ced730fb95b64dd72be81345788d1fb66d38f26f2ddeb205cbecfc767703a12c455d2bb8ba1dbada1a409e123aaf020a822321b8ad80947e67c53e83a9e

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\app\manifest.json

      Filesize

      691B

      MD5

      3a21806224b428d7edb8e5f50938aa5c

      SHA1

      dfe1eca9483849849bdd70a826bdb110d27de098

      SHA256

      8d407b22388304ec08a21c11450097343dd455155e4b6cd859c423b9d7b314fc

      SHA512

      d74de8210e5f52668790d549e3fd194feed9086f6839780d48cfd433724fbe89b660e86716e85ddad84b4b7a5e6d14efb7dbd4dca7c8cad1456637094e0c18f7

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\log4net.dll

      Filesize

      270KB

      MD5

      f15c8a9e2876568b3910189b2d493706

      SHA1

      32634db97e7c1705286cb1ac5ce20bc4e0ec17af

      SHA256

      ae9c8073c3357c490f5d1c64101362918357c568f6b9380a60b09a4a4c1ff309

      SHA512

      805cd0a70aba2f1cf66e557d51ad30d42b32fbafcfbc6685ec204bc69847619479f653f4f33a4e466055707880d982eb1574ddab8edfa3c641e51cda950e2a0e

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\uac.dll

      Filesize

      14KB

      MD5

      adb29e6b186daa765dc750128649b63d

      SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

      SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

      SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\uac.dll

      Filesize

      14KB

      MD5

      adb29e6b186daa765dc750128649b63d

      SHA1

      160cbdc4cb0ac2c142d361df138c537aa7e708c9

      SHA256

      2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

      SHA512

      b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

    • C:\Users\Admin\AppData\Local\Temp\nsc80BF.tmp\utils.dll

      Filesize

      55KB

      MD5

      aad3f2ecc74ddf65e84dcb62cf6a77cd

      SHA1

      1e153e0f4d7258cae75847dba32d0321864cf089

      SHA256

      1cc004fcce92824fa27565b31299b532733c976671ac6cf5dbd1e0465c0e47e8

      SHA512

      8e44b86c92c890d303448e25f091f1864946126343ee4665440de0dbeed1c89ff05e4f3f47d530781aa4db4a0d805b41899b57706b8eddfc95cfa64c073c26e2

    • memory/924-408-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

      Filesize

      4KB

    • memory/924-440-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

      Filesize

      4KB

    • memory/924-442-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

      Filesize

      4KB

    • memory/924-441-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

      Filesize

      4KB

    • memory/924-439-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

      Filesize

      4KB

    • memory/924-438-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

      Filesize

      4KB

    • memory/924-436-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

      Filesize

      4KB

    • memory/924-435-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

      Filesize

      4KB

    • memory/924-406-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

      Filesize

      4KB

    • memory/924-405-0x000002EA874B0000-0x000002EA874B1000-memory.dmp

      Filesize

      4KB

    • memory/1960-324-0x0000022E80080000-0x0000022E80090000-memory.dmp

      Filesize

      64KB

    • memory/1960-289-0x0000022EFFB80000-0x0000022EFFC30000-memory.dmp

      Filesize

      704KB

    • memory/1960-272-0x0000022EE5970000-0x0000022EE5984000-memory.dmp

      Filesize

      80KB

    • memory/1960-279-0x0000022EE59A0000-0x0000022EE59B8000-memory.dmp

      Filesize

      96KB

    • memory/1960-316-0x0000022EE5A60000-0x0000022EE5A82000-memory.dmp

      Filesize

      136KB

    • memory/1960-285-0x0000022E80080000-0x0000022E80090000-memory.dmp

      Filesize

      64KB

    • memory/1960-270-0x0000022EFFA20000-0x0000022EFFAB2000-memory.dmp

      Filesize

      584KB

    • memory/1960-326-0x0000022E80080000-0x0000022E80090000-memory.dmp

      Filesize

      64KB

    • memory/1960-275-0x0000022EE5A10000-0x0000022EE5A56000-memory.dmp

      Filesize

      280KB

    • memory/1960-357-0x00000237007B0000-0x0000023700F56000-memory.dmp

      Filesize

      7.6MB

    • memory/1960-273-0x0000022E80530000-0x0000022E80A58000-memory.dmp

      Filesize

      5.2MB

    • memory/1960-325-0x0000022E80080000-0x0000022E80090000-memory.dmp

      Filesize

      64KB

    • memory/1960-266-0x0000022EE55A0000-0x0000022EE55F2000-memory.dmp

      Filesize

      328KB

    • memory/1960-454-0x0000022E80080000-0x0000022E80090000-memory.dmp

      Filesize

      64KB

    • memory/1960-455-0x0000022E80080000-0x0000022E80090000-memory.dmp

      Filesize

      64KB

    • memory/1960-456-0x0000022E80080000-0x0000022E80090000-memory.dmp

      Filesize

      64KB

    • memory/1960-457-0x0000022E80080000-0x0000022E80090000-memory.dmp

      Filesize

      64KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.