hxxps://download[.]overwolf[.]com/install/Download?PartnerId=3762&utm_source=google&utm_medium=cpc&utm_campaign=21268940350&gclid=CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_content=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_term=

Resubmissions

19/10/2024, 00:35

241019-axkpjaycmr 7

19/10/2024, 00:24

19/10/2024, 00:06

18/10/2024, 23:48

18/10/2024, 23:42

Analysis

max time kernel
234s
max time network
237s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.overwolf.com/install/Download?PartnerId=3762&utm_source=google&utm_medium=cpc&utm_campaign=21268940350&gclid=CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_content=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_term=

Score

8^/10

discovery persistence privilege_escalation upx

Malware Config

Signatures

Downloads MZ/PE file

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0007000000023ec7-737.dat	acprotect

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	OWinstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	OWinstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	OWinstaller.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 36 IoCs

pid	Process
4224	Buff Achievement Tracker - Installer.exe
4780	Buff Achievement Tracker - Installer.exe
5384	Buff Achievement Tracker - Installer.exe
5676	OWinstaller.exe
5656	OWinstaller.exe
5564	OWinstaller.exe
5540	Buff Achievement Tracker - Installer.exe
6028	Buff Achievement Tracker - Installer.exe
6084	OWinstaller.exe
5408	OWinstaller.exe
5404	Buff Achievement Tracker - Installer.exe
6556	OWinstaller.exe
5792	Buff Achievement Tracker - Installer.exe
7056	OWinstaller.exe
4300	Buff Achievement Tracker - Installer.exe
6000	OWinstaller.exe
5296	Buff Achievement Tracker - Installer (1).exe
5816	Buff Achievement Tracker - Installer (1).exe
6604	OWinstaller.exe
6300	OWinstaller.exe
5352	Buff Achievement Tracker - Installer (2).exe
6028	Buff Achievement Tracker - Installer (2).exe
6452	OWinstaller.exe
1172	OWinstaller.exe
2836	Buff Achievement Tracker - Installer.exe
6408	OWinstaller.exe
1704	Buff Achievement Tracker - Installer (1).exe
6412	OWinstaller.exe
6288	Buff Achievement Tracker - Installer (2).exe
6804	Buff Achievement Tracker - Installer (3).exe
6612	OWinstaller.exe
1892	OWinstaller.exe
6288	Buff Achievement Tracker - Installer (4).exe
5332	Buff Achievement Tracker - Installer (4).exe
5960	OWinstaller.exe
1592	OWinstaller.exe

Loads dropped DLL 64 IoCs

pid	Process
4780	Buff Achievement Tracker - Installer.exe
4780	Buff Achievement Tracker - Installer.exe
4224	Buff Achievement Tracker - Installer.exe
4780	Buff Achievement Tracker - Installer.exe
4780	Buff Achievement Tracker - Installer.exe
4224	Buff Achievement Tracker - Installer.exe
4224	Buff Achievement Tracker - Installer.exe
4224	Buff Achievement Tracker - Installer.exe
5384	Buff Achievement Tracker - Installer.exe
5384	Buff Achievement Tracker - Installer.exe
5384	Buff Achievement Tracker - Installer.exe
5384	Buff Achievement Tracker - Installer.exe
4780	Buff Achievement Tracker - Installer.exe
4780	Buff Achievement Tracker - Installer.exe
4780	Buff Achievement Tracker - Installer.exe
4224	Buff Achievement Tracker - Installer.exe
4224	Buff Achievement Tracker - Installer.exe
4224	Buff Achievement Tracker - Installer.exe
5384	Buff Achievement Tracker - Installer.exe
5384	Buff Achievement Tracker - Installer.exe
5384	Buff Achievement Tracker - Installer.exe
5676	OWinstaller.exe
5676	OWinstaller.exe
5656	OWinstaller.exe
5656	OWinstaller.exe
5564	OWinstaller.exe
5564	OWinstaller.exe
5656	OWinstaller.exe
5656	OWinstaller.exe
5564	OWinstaller.exe
5564	OWinstaller.exe
5676	OWinstaller.exe
5676	OWinstaller.exe
5540	Buff Achievement Tracker - Installer.exe
5540	Buff Achievement Tracker - Installer.exe
5540	Buff Achievement Tracker - Installer.exe
5540	Buff Achievement Tracker - Installer.exe
6028	Buff Achievement Tracker - Installer.exe
6028	Buff Achievement Tracker - Installer.exe
6028	Buff Achievement Tracker - Installer.exe
6028	Buff Achievement Tracker - Installer.exe
5540	Buff Achievement Tracker - Installer.exe
5540	Buff Achievement Tracker - Installer.exe
5540	Buff Achievement Tracker - Installer.exe
6028	Buff Achievement Tracker - Installer.exe
6028	Buff Achievement Tracker - Installer.exe
6028	Buff Achievement Tracker - Installer.exe
6084	OWinstaller.exe
6084	OWinstaller.exe
5408	OWinstaller.exe
5408	OWinstaller.exe
6084	OWinstaller.exe
6084	OWinstaller.exe
5408	OWinstaller.exe
5408	OWinstaller.exe
5404	Buff Achievement Tracker - Installer.exe
5404	Buff Achievement Tracker - Installer.exe
5404	Buff Achievement Tracker - Installer.exe
5404	Buff Achievement Tracker - Installer.exe
5404	Buff Achievement Tracker - Installer.exe
5404	Buff Achievement Tracker - Installer.exe
5404	Buff Achievement Tracker - Installer.exe
6556	OWinstaller.exe
6556	OWinstaller.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
174	ipapi.co
193	ipapi.co

Drops file in System32 directory 24 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF	DxDiag.exe
File created	C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF	DxDiag.exe
File created	\??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF	DxDiag.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023ec7-737.dat	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer (3).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer (2).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer (2).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer (4).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer (2).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Buff Achievement Tracker - Installer (1).exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DxDiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DxDiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DxDiag.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DxDiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DxDiag.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DxDiag.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID	DxDiag.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{FD092E5A-A723-40AA-8B6F-6A6389A5D085}	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	DxDiag.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{5763DA63-5A6C-4DEA-A867-7E822D7558CE}	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject	DxDiag.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{725AC2A3-A24B-40C1-A3E9-81CCAA6EC743}	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\System32\\dxdiagn.dll"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject"	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class"	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove	DxDiag.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}	DxDiag.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment"	DxDiag.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 628453.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 205271.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 269190.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 920076.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 289782.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
624	msedge.exe
624	msedge.exe
8	msedge.exe
8	msedge.exe
3116	identity_helper.exe
3116	identity_helper.exe
756	msedge.exe
756	msedge.exe
5564	OWinstaller.exe
5564	OWinstaller.exe
5676	OWinstaller.exe
5676	OWinstaller.exe
5656	OWinstaller.exe
5656	OWinstaller.exe
5212	DxDiag.exe
5212	DxDiag.exe
6084	OWinstaller.exe
6084	OWinstaller.exe
5408	OWinstaller.exe
5408	OWinstaller.exe
5408	OWinstaller.exe
5408	OWinstaller.exe
6092	msedge.exe
6092	msedge.exe
6604	OWinstaller.exe
6604	OWinstaller.exe
3396	msedge.exe
3396	msedge.exe
6532	msedge.exe
6532	msedge.exe
6532	msedge.exe
6532	msedge.exe
5332	msedge.exe
5332	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeDebugPrivilege	5564	OWinstaller.exe
Token: SeDebugPrivilege	5676	OWinstaller.exe
Token: SeDebugPrivilege	5656	OWinstaller.exe
Token: SeDebugPrivilege	6084	OWinstaller.exe
Token: SeDebugPrivilege	5408	OWinstaller.exe
Token: SeDebugPrivilege	6556	OWinstaller.exe
Token: SeDebugPrivilege	7056	OWinstaller.exe
Token: SeDebugPrivilege	6000	OWinstaller.exe
Token: SeDebugPrivilege	6300	OWinstaller.exe
Token: SeDebugPrivilege	6604	OWinstaller.exe
Token: SeDebugPrivilege	6452	OWinstaller.exe
Token: SeDebugPrivilege	1172	OWinstaller.exe
Token: SeDebugPrivilege	6408	OWinstaller.exe
Token: SeDebugPrivilege	6412	OWinstaller.exe
Token: SeDebugPrivilege	6612	OWinstaller.exe
Token: SeDebugPrivilege	1892	OWinstaller.exe
Token: SeDebugPrivilege	5960	OWinstaller.exe
Token: SeDebugPrivilege	1592	OWinstaller.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious use of SetWindowsHookEx 56 IoCs

pid	Process
5676	OWinstaller.exe
5676	OWinstaller.exe
5564	OWinstaller.exe
5564	OWinstaller.exe
5656	OWinstaller.exe
5656	OWinstaller.exe
5564	OWinstaller.exe
5676	OWinstaller.exe
5656	OWinstaller.exe
5204	DxDiag.exe
5408	OWinstaller.exe
5408	OWinstaller.exe
6084	OWinstaller.exe
6084	OWinstaller.exe
5408	OWinstaller.exe
6084	OWinstaller.exe
5212	DxDiag.exe
6556	OWinstaller.exe
6556	OWinstaller.exe
6556	OWinstaller.exe
7056	OWinstaller.exe
7056	OWinstaller.exe
7056	OWinstaller.exe
6000	OWinstaller.exe
6000	OWinstaller.exe
6000	OWinstaller.exe
6300	OWinstaller.exe
6300	OWinstaller.exe
6604	OWinstaller.exe
6604	OWinstaller.exe
6300	OWinstaller.exe
6604	OWinstaller.exe
6452	OWinstaller.exe
6452	OWinstaller.exe
1172	OWinstaller.exe
1172	OWinstaller.exe
6452	OWinstaller.exe
1172	OWinstaller.exe
6408	OWinstaller.exe
6408	OWinstaller.exe
6408	OWinstaller.exe
6412	OWinstaller.exe
6412	OWinstaller.exe
6412	OWinstaller.exe
6612	OWinstaller.exe
6612	OWinstaller.exe
1892	OWinstaller.exe
1892	OWinstaller.exe
1892	OWinstaller.exe
6612	OWinstaller.exe
5960	OWinstaller.exe
5960	OWinstaller.exe
1592	OWinstaller.exe
1592	OWinstaller.exe
1592	OWinstaller.exe
5960	OWinstaller.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 1548	8	msedge.exe	84
PID 8 wrote to memory of 1548	8	msedge.exe	84
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 4208	8	msedge.exe	85
PID 8 wrote to memory of 624	8	msedge.exe	86
PID 8 wrote to memory of 624	8	msedge.exe	86
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87
PID 8 wrote to memory of 4856	8	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.overwolf.com/install/Download?PartnerId=3762&utm_source=google&utm_medium=cpc&utm_campaign=21268940350&gclid=CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_content=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&utm_term=
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdce0346f8,0x7ffdce034708,0x7ffdce034718
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
  "C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4224
- - C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmSource=google&UtmMedium=cpc&UtmCampaign=21268940350&UtmContent=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5656
  - - C:\Windows\System32\DxDiag.exe
      "C:\Windows\System32\DxDiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
      4⤵
      Modifies registry class
      PID:5220
- C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
  "C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4780
- - C:\Users\Admin\AppData\Local\Temp\nsaBA29.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsaBA29.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmSource=google&UtmMedium=cpc&UtmCampaign=21268940350&UtmContent=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5676
  - - C:\Windows\System32\DxDiag.exe
      "C:\Windows\System32\DxDiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
      4⤵
      Drops file in System32 directory
      Checks SCSI registry key(s)
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:5212
- C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
  "C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5384
- - C:\Users\Admin\AppData\Local\Temp\nsgBAE5.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsgBAE5.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmSource=google&UtmMedium=cpc&UtmCampaign=21268940350&UtmContent=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5564
  - - C:\Windows\System32\DxDiag.exe
      "C:\Windows\System32\DxDiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
      4⤵
      Drops file in System32 directory
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:5204
- C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
  "C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5540
- - C:\Users\Admin\AppData\Local\Temp\nsjC3BE.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsjC3BE.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmSource=google&UtmMedium=cpc&UtmCampaign=21268940350&UtmContent=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:6084
- C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
  "C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6028
- - C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmSource=google&UtmMedium=cpc&UtmCampaign=21268940350&UtmContent=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:7060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:7008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:6148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:6156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:6520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:6636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2932 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7240 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6092
- C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (1).exe
  "C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5296
- - C:\Users\Admin\AppData\Local\Temp\nssB03.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nssB03.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&Referer=www.buff.game&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (1).exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:6604
- C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (1).exe
  "C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5816
- - C:\Users\Admin\AppData\Local\Temp\nsnB80.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsnB80.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&Referer=www.buff.game&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (1).exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:6300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7408 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7416 /prefetch:8
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396
- C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (2).exe
  "C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (2).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5352
- - C:\Users\Admin\AppData\Local\Temp\nsq4379.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsq4379.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmContent=exitpop90&Referer=www.buff.game&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (2).exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:6452
- C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (2).exe
  "C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (2).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6028
- - C:\Users\Admin\AppData\Local\Temp\nsl43F6.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsl43F6.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmContent=exitpop90&Referer=www.buff.game&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (2).exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7488 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2732 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:6196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:6312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7644 /prefetch:8
  2⤵
  PID:6728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,6175930544927864293,9299926299459277744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (4).exe
  "C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (4).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6288
- - C:\Users\Admin\AppData\Local\Temp\nsq80DB.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsq80DB.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&Referer=www.buff.game&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (4).exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5960
- C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (4).exe
  "C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (4).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5332
- - C:\Users\Admin\AppData\Local\Temp\nsv8148.tmp\OWinstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\nsv8148.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&Referer=www.buff.game&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (4).exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4468

C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
"C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5404
- C:\Users\Admin\AppData\Local\Temp\nskECE1.tmp\OWinstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nskECE1.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmSource=google&UtmMedium=cpc&UtmCampaign=21268940350&UtmContent=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:6556

C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
"C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5792
- C:\Users\Admin\AppData\Local\Temp\nsg5511.tmp\OWinstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsg5511.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmSource=google&UtmMedium=cpc&UtmCampaign=21268940350&UtmContent=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:7056

C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
"C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4300
- C:\Users\Admin\AppData\Local\Temp\nsqB821.tmp\OWinstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsqB821.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmSource=google&UtmMedium=cpc&UtmCampaign=21268940350&UtmContent=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:6000

C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
"C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2836
- C:\Users\Admin\AppData\Local\Temp\nsh7A48.tmp\OWinstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsh7A48.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmSource=google&UtmMedium=cpc&UtmCampaign=21268940350&UtmContent=Buff_AW_CjwKCAjwjsi4BhB5EiwAFAL0YL6pQ47jirruo-pmFEOkklOaNWWPQJGq6IhGBZ4Uv7pbnpQ20WgZQBoCZRMQAvD_BwE&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:6408

C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (1).exe
"C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (1).exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1704
- C:\Users\Admin\AppData\Local\Temp\nsd7D84.tmp\OWinstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsd7D84.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&Referer=www.buff.game&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (1).exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:6412

C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (2).exe
"C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (2).exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6288
- C:\Users\Admin\AppData\Local\Temp\nsz8072.tmp\OWinstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsz8072.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmContent=exitpop90&Referer=www.buff.game&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (2).exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:6612

C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (3).exe
"C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (3).exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6804
- C:\Users\Admin\AppData\Local\Temp\nsf8218.tmp\OWinstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\nsf8218.tmp\OWinstaller.exe" Sel=1&Partner=3762&Extension=caboggillkkpgkiokbjmgldfkedbfnpkgadakcdl&Name=Buff%20Achievement%20Tracker&Thanks=https%3A%2F%2Fbuff.game%2Fthank-you-page%2F&UtmContent=exitpop90&Referer=www.buff.game&Browser=microsoftedge -partnerCustomizationLevel 0 --app-name="Buff" -exepath C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (3).exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
16KB

MD5
732769f238a36cb44705f2d6a18312ee

SHA1
4145a129b7285ef794924619940d72db4c03f1a0

SHA256
ac450bc0f8f949594349262a4f1afccd1b1b2db4b8ae231beb3d23f673120035

SHA512
4ae2753606ac2dc30d53ddc78fe1d233adc8f2da8727629a73f8b28b9ea2b458511043f38acfa8ebefafbca2d92f9b3ee1b80761c1c892de6bfa2d0e19c375d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e366e39001cf0c93009b185075e8d578

SHA1
00eb308fa8dee472826ab9fc607b63e97758040d

SHA256
f501fbe704ed6dfd558cc8612ac53234f81f07b4e1f23e5992266347bc85d002

SHA512
f739ab664e5b05a22d72bd4f86d4e1f74b568313074f7b8f9865bf2158f6daac51cc0100ed5125c03f67b4c7e3afa8d56fb6cc8f5252b35b10529870cb560a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
66478b6f626c97dcf9cce9a58ab75aa4

SHA1
d366962b60932bec4135463949b3fdcb482189bc

SHA256
9b878811d68e09995da011a139ba2151a5d8fc1a51a56d2a5ed2278e8bb78134

SHA512
593c4ebcf06c45a9e466f9a829e17a7e4412dcb50db22acde8ac1ef2ae711b202482ffe626dfd92309267d4defc0615e92a8e8db631bc08e96b00f7beaeb814e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3c1eb16eb7b365fca1d21d67302c86be

SHA1
ebc3d70e9c69a1e6277e82a4201210eb8c012e44

SHA256
749068a4ca13a20c7d7e4374a7eea30dfb37b6cc81ad4de4dabaadd9b725e184

SHA512
1fd49d5fcc01ee5715d5d653b2353f90bd129fff6f2e6845ac5e1f6de5a65d1e1629de740dc3b18b21e827aeb692b53fb6629a84cca19bf4b55115e4ede904c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a3abb56769917e6c7f1cf392a9a312a0

SHA1
23606a2ba5872b3f67b72c1bea2ee28b4ffaad23

SHA256
2026a2c0546be461e92cd8de1e5c5a022f9f442e93c9ae06c50470637b468c0c

SHA512
682d8d45eb031239ea3ff1f9415e07804b53c31b717ea468b79ebae9ba182e8d52d0ff467aeb6edbbd628d5f1f8ee5843e2cdd8d80d561dbc34055e52817fb51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2a331f01d22b7232054f1c8ccc9d196d

SHA1
0b5acfe4b161e408031d0172c3aec12066bfc01f

SHA256
954507595de2a4e5b060e17bec3faeee6052135046d9d2761003a477f3134d22

SHA512
5a0da0d2bc75d2a39ad28a98cb96942303091c1b1337755edb1fb75c7fcf67a12df458b196991d38ab4529cb7ca3ee717d13974af5bc1ae798d7a0d6ff1ba7d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f3d12290cf74aca27cfd8683e7c13120

SHA1
3b48013477752caef4c051d1f6f1185611f28a62

SHA256
495cc8bd243ee4d957f08795c70106eacb28f914a3dbe6c710d2a64fb90556ba

SHA512
4632d5c5c3000dacb324da3dc942f4381bb48ef94d087a1cc739ef08990d9de49d9d409c0a6a26c9cd7a7511a62c057c96e661b16dee971298b25b03476ea883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
465c469899b9c938c8b46de5218ae594

SHA1
c1bc8c4023ede6126ad3c5ed7e99eb8660b485b3

SHA256
5b303f98c7bf461259a2d7935c1164b0372a6462b7dbe17dcca24eb217c7988e

SHA512
df4f66f5a5b80e68efb3dd033a8fbbfc051e316c51dde6c678878a96266b4a56c037e6278d714e4bcd665d4b340722a23421d8b9439ed1f43b75c9a8511f2ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
413d83d68ccc33203163dc4db96eea03

SHA1
14f4c6fb2197645807bb3f6fffed8414b97cd12b

SHA256
f34f3d1aa13a022acd777902f8d32b88e3b3ae1cf22858bba1465a3936e1dd1f

SHA512
fa04782cf02e0bdccfec7c604c3b5613139870228462c6464237afdd20a0202e5a267ec58e8a5e2c807ad40fef9a2e7064a3b723cf14b6926f773a0bafd6d979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
99e350bbd030b35f01fbfe00201cbc05

SHA1
eb2541624b716d8e59157c5dfca33367138393e9

SHA256
a1414896871196134eb01eee79572b572ffb498dfe734117d1a77da0876cd94d

SHA512
18a016ac91d6c0a2edfa4fe56691dd714105e3031476ba292459e125b2f604c739ac61cc2d42f179d365dff942c960a4529b0af3e687f6cd2e4ea43c83c05a5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8cf3bf4f13e1b0579e73b24fe0491ca

SHA1
64fb9d215069fc8dfd1aec971ccdd9eee1a68487

SHA256
66752e45fc91951d3dda714474b6f687e66acebda8843ed4a4f0510a2508fa01

SHA512
15f4a0dbd49f88eab0ea67f1cd2bc0437db8c31062f893b6391de99db39e730e7c1f6703ef53276ef2cd9708c4aebb9d44ba7e84082b578075fca5ca1e0a1bec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dded35097afd05c9bc5d8cf6e2b3a5a7

SHA1
db6f13d49e5cffa0b15593dc5726f9fb5b350494

SHA256
2685d506dabf59cd22f22994bd09a14b479c4a460baa37baf26379a6a4f72c4c

SHA512
6aa57b7b357ee2b5c85ec94c744d0334a26b77466469ec3731eb6a33c0ecfce90cf6d6deaa356a966db4bf335ede754bb98a9b989e02db4c726928a8ccf0fbd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8e9b4f9752a8f783fbf0a76d956d2ab2

SHA1
f272ec0b24d94d6b48ac2f961b220b9140e55843

SHA256
151524792e8e16bb66cb79c58e376c5603d7d85c9bde25f83c41c1e577a8a94a

SHA512
5e80cffe460f5adb7387f64bce57f48bb93a7efc93a87e7afba492983a960ac0c3b08ecdf5858ba82e7b09a1374e87a6b9d921493bd1b0ba9a324c469ffd0cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cf42edbfd5b9a6d3d0d4d5d50947e99f

SHA1
eba9cf7acc32b36d53e6ab3bd771496c121c896f

SHA256
1d530f4d805076dcb4890c6efa38282f50fe30f3404ac47fa55bf634f2b1a5f1

SHA512
b11023f3c901bd92d6f39612df5dcd780ccfe09a6acd465f225d2e9a54020fb29b60dfad82a9052037b9ebcc3a5315c512e73fb4718a18711386a5ac08e885d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c0a519679a8b1cec464d264aba745de7

SHA1
f0df95813ce62bd968aec762b1eec64da92d23e1

SHA256
073e3e7ab0c8cabad66931d0fa201e3b0c58bd143275dbc356b981a34339b4a0

SHA512
19bde0b9d68ff2d339a1c0dff1805ebf4495be39decd16b8a35c8750c70a06eaf795a8f85fe5da0cd06dfc901abacd51f5348c0ba400b2c1a6e6dbd2487640c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28c3122b63f09ea1bb54af4db375a348

SHA1
00ce4835a8c1bb2673dfe8653471c3f482833920

SHA256
fcb399a6f18666b1920cf3a0a47029c7dc0b1e433788ec002ab415c3558930fa

SHA512
f6af0e2023ba7a5a39f04f82b371bf96eef648b6f3883efa3291a894b1e8255132b84d8467ab225dd15c0f48ead86663adfbec9b6d2b9a8b409a074d6cdb539b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7c9459d4a608d827c39cfc9ec4c65c2b

SHA1
872c0ef69155e456a127da80bc884ae2234f3037

SHA256
41d58ad017ec4c8cad4aa500fd81709ddd401d8fc762c79d3b0ef7ca635e44d5

SHA512
14828c96e91e85d26e223e7ab197de2b13e166a0474f7edc9175fb1f17a47f5cfa51969f2f550c02c45646a78c3aa64f2d445f4767005f053eeb47e23a1b0176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593aae.TMP

Filesize
48B

MD5
26d51d5a3354b132242f5ae28ec79a05

SHA1
ee0a20f9f06900c40b5a6df1d65e1572764e4ed1

SHA256
b362f156912e2ec4c50a101ce97266a33b2012ba6d724748a1285dcc4524b562

SHA512
e032d3420201fd33cf7417f429d477a3d7f4b6ac45bd5490118396e3671edde6163f59ef3fd396e00708d1036d3b02f0497a5cacf75e807b67b54bd2180ddeeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f26b4937f14293b2794273133a645bb2

SHA1
ba227579f66269ebf9f7c9853a592daa98722620

SHA256
b767a3fda28837da53ecd03c2bfe94ad1431f3c61b347f90a4314e371a1241e2

SHA512
ea35182644ca5f04250fa77efb258890dcd9c59505511c571972acfa3a8178b976ed32ef097610a5078ad835f8e27f421e28e9ab2cc5fe33bec23902b6daeb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5059347e7a90d5604c056891f9ea41e4

SHA1
b46412b594743ddf63013de646b33133391d1287

SHA256
213bb3a3f6b73cd5dc4cc9274f11fc1391e1e092c5d1530fe7946b1c10f52b11

SHA512
5d7205770b491ab37b5c1334f713e98d1cd99c83cb315953e2f94748af41966abda9efaf23d0c8f1022dc93abeb4d2a306f716a12e2960107c32a7ec13ab04b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5e9eae63abccb10e95ef41a74388f8dd

SHA1
6a92f2d02219019286f866e4005af24408969bf2

SHA256
e1d0c2280676579fcee39569d620b7699dac4d1deffe9ea67a61d490694d0716

SHA512
b559d482cb7db7a431249cd428a99ff772cb5ebf3fb9a613d44d3190ddd634fad29a51b33a536c26900c0ffcbf93dbfd640b2f2e6af0f779683bfcc5f90d1c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0c90951c9223f8b452758c9aa5e85e43

SHA1
1af9dfd9e84f1e102146c13d16a1052a92baa561

SHA256
0d490bc61b5762284ed70867ae7752e990c73435ddfd59d2c2542c05e02beb91

SHA512
50c0f2a07884ad4aba5c1369c7a9586069c6e953702e958c547a600b46e555447d9fa8f3d7cfe216fdb49f5f62da6833a8290226025790578460e1c5f0e70c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2cb8c4952b07330ab54e0412a033836a

SHA1
43c4d65b0297bccc5716fea7d3f7a2ca8eecc03e

SHA256
67220e65038593f1bfb9530f5be25c5353da480b2f8f9ddf57f7e5f6ac38802b

SHA512
d4602258f417eb00a8d87b4902e0b384487a554f34b263d38b16d21451fbac66083319738c4968aefd8d7fdaaa862cd76e3fc8279e7e3430a82bfc80fe9cfad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
41e97199e4d804d99cd04232a0ce7b0d

SHA1
0644468b0204ce824109f7187309aa17d76d822e

SHA256
a6eae7726132de9200f4c648694b8322945f64588c5e7ead595eef9827dc938d

SHA512
941943a14aa488f543705c5b67ae989592d2505eaaba8809eed6803a91a6db728c69eb3d61e825d1a7970f6bd6bfefbda7a63085fe0a05ef1a66cc58d141f77f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a5a84003c41c3845ffc6e98a7e455415

SHA1
34a0501167cefc1839a15e84f61d8463511ef406

SHA256
54335b91d4e0f673ee8827f7f724ed02a26f7a22704404cc4beee3d12a6b2f4a

SHA512
69f9b51e4d32fe04832d68dc1ffd9d9706726fffc6e05352c15cea55941a06293404da34bad15bc3b0573aa2bb5e28e490b8c923807b812ae59314fc1b0509f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0646ebe04bc46fffcf16e0b5d7b44077

SHA1
1373a1f031e1cfa65c7b6a9e8d71ff2ee23a3743

SHA256
b54bae31e08b9db9da82fa44cd2127521c583cc69e049726ab13a1c9c2a10b8d

SHA512
78e94db71ada34fae09ebd78a199fee5277fae0508fdaeccde8366e2c90fbd44bad87beaee05283f570e975eeb16aaa161ea9e2729f267354f76599ab4b01ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e51bffad7bb54848fe64f95fd29cc6e7

SHA1
addc3041392f54e81c20abb594b94994bbd9f55e

SHA256
e1b21f132f715a21cfd63ec25fd2cabc38cbbbdebc13aae75ddd56c2eccaa837

SHA512
be63c9eedb1e3a9fd27de51229cc23f6bcaa9a63b23a4841b77fd93d719a00e17ccc3257cc65d0ceabc7641a80f3b0e2176c4d6d3f7aa0446c93f1ac5e34b544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5904d8.TMP

Filesize
538B

MD5
510e299ea6b41d9521c85229a941119f

SHA1
fb36b1b6d62fd22090d2f4bc037686bdfb6a98d5

SHA256
a4705a90f84a5c1492ad5377ccc39916ca416e5bc70768c9732ff43cda0bd381

SHA512
7da3812511c693f30c5845a551b51ff083fb0a43f7d5b7c1cc34ea3067e9a680af6897d393bde5f3f1e15e70d4983a79df05ec9ab7c8b3e6b476e8db16e87d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4755f9e2474929928d8c5a406af91bf7

SHA1
bb3940f545d1a70c8fd692aeefab3f6b38f46e76

SHA256
cea0e8e8c3a2fc0c87d6c70b0714e74616c85b35352178b9530b180c3d35763b

SHA512
51da104806175d9ce28f24ffaad1c441d91d29d6a8ed956c5e2941f74b7f4cdc8b476f5596d16aeffafb22669b91b4fb0023376e16692f311989f6e6657ffdbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2287f5e6e3aa2741f131fd444aa18159

SHA1
49a6000c03d52f4d343c64a3be8e815e45280e20

SHA256
1755759be09e996c7e218d8272685bfae36a7d190bb98a0493d15f94d3fd652d

SHA512
91d2e2020b0aec541915f52e7ee42cdd8096cc7cd44439873df5b35a1a9997f7d5016c06953483d7b1953cb695aee89d2f974bbb711770f1edc7a466465cfce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53ef4dbf44cf0f9b5d65ddafe8dea855

SHA1
7624fcb69521e6422d16707a84da27058dfa4d47

SHA256
1392470c2a2ec8cf3224e3bfb02a8b6ac7aabbda517dfb1471f5a994b60f1ff1

SHA512
37c4115511f6dffb3be3456f7833932cc903e8d020b9a14c98705b9ff682e0e91b98993634b0dc2c566c8735dab1be42bcce566a99dc9f2a73dc2a719f720050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0d5a11506a849f3818bf8d9b16267f2d

SHA1
0b1efac4573e8c1985bf0c2a55d8dd7d61edf28a

SHA256
44af32551d72a227e3dca05a16396e9a3db12e2ac66636bd7ec1e2a0a6c63aab

SHA512
d69a11393e8916a256a72b589da0fbfb0d1eabe0caea9eb6ae76b4fe5ee09f0317b31e2562f473aa5426dc380bb32149501b36174f1afeaeded206a81131d96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
34aaa0ba52b97c1a652ce84eaa047058

SHA1
2f4b7988004b4d3b1c87c0141302e7b36f1e1906

SHA256
6f77a5d438d135a813de8e582aa823a04626dd567a7563a853522fb8cff7bb43

SHA512
f0c2cfbb2370e8a10843bb775e1ea788deb82bad9e93a43b4dc2bc52aa9908c4ead550391383ce39ccaffacf7ebf0439a5d2db3b1f8aab59bee1e55e5d86c333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PGH3GSHW\Counter[1]

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-42_5408.log

Filesize
935B

MD5
b75995bd24c3f38ddd93d0b6920892eb

SHA1
7da17d16850d3ce5be4f8b59ebee59381974431e

SHA256
c5df39c24a9ea49f45e4c6772d0940d47fbc72def5c2d6e9453f4ff25fd00559

SHA512
016906a40ddf35a9cc10fe7d40253ca512913e138b2c3c2fb25e1cc91325736d7850a3ce0b91f3e7f14962b85fe58d7259310bf55c2d428a39d77e08d22bd9c7

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-42_5408.log

Filesize
4KB

MD5
cd0d16031c667ecbd33efe806c4f3f87

SHA1
61c9a2b674a6f78ccb503293a514a4e99662bbeb

SHA256
7dd32053a04a1f38ff81da5c5478adbfe9ec9cf7aec957c5ad22603969aaed0d

SHA512
660f4355ddc721ffa1d937a3fcfaac949922e66ed3e5df89fe951d293921adefc297e2f280d812874740d54a3bde10b44c585d73f3edc4595eb604879a283e62

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-42_5564.log

Filesize
935B

MD5
5141d5c887b097e366d69e2c370d3950

SHA1
cf23ffcd6ade88972dce2ae62ecccf518c84982f

SHA256
a359120b2270037ed5e540a0cca4de4c3320a6ef9ba0f9c27a6b3241b6e1de40

SHA512
c55a3944cff50238c958f838c10809327c4ff59c578f7498e0b304e636b1fb9bbc121a114166d809a5eabf4d06c6669140c498798133954b94de2c507c8cc0a7

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-42_5656.log

Filesize
935B

MD5
5e641cb363040cb9c6fe56b9e12d7974

SHA1
31a293f52896f51db31f671886d3f588302fea12

SHA256
1ab4bfb4b0b28995942ad5e04a8a53e33fb34a9f18b8cfc8f3d63678b489c661

SHA512
5070dce19b61953651294ee17027e71ac6f23eb1e22711a9c62d2d7b148e73f23f55b4c0309e1eeed54c64cab3c56546a97bc6f839147203a5446d4ef38e487c

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-42_6084.log

Filesize
935B

MD5
53a6520c45335e58cbe9937b2e09db0e

SHA1
5f96adb2a0fd3e2509b611849e6aaf9c3bf3a7f3

SHA256
f2f3e72009713340ecae813b686e17ee75850294e52cf6263edf50a3edefd101

SHA512
b9f425f6706623cb776a2d101f87e9344fe233fcdbe293d1a07fd72889d2c48fd31e7045ec8ec09e79b5ac69cd502e445b560c6187feb44c579d2d419da3e3cf

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-43_6000.log

Filesize
935B

MD5
6437cab48312a9b5717e852c9bec7397

SHA1
55a26afab4366b8211ff5e8f0afe06cf363a23c3

SHA256
84f98324fcc70269b65333116cbf53b01c79e7b01a3c432294a6d095f0292549

SHA512
de612962e65bd22ddea676ab9bbfd0deb014c3fee42b8beb03a84a0dbe47f57e3edcfbc9e0a6e40601145ed156d9b69f19d79b8ff040679a2f99cec518dc0a32

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-43_7056.log

Filesize
935B

MD5
dc12c4e070dcd07a9afc18b28eaa6551

SHA1
5563e6f94d25e174c5c09d28fb61d339fdadcaa9

SHA256
1bc81c8845759a91903265f1c513782470cf39c771fd0b94edd27b49eda65739

SHA512
deb8e352de132c714b29fe8be7e035aa691e551af2de778c57c63407c9eb7ce5aaf92d20ce4de7639d4d67e0efafb7e72e6dcffb4c36d1b8318f1850d8b48b9a

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-44_1172.log

Filesize
817B

MD5
4297bf814a16b44a5b681f01c0a7384d

SHA1
257a4edf4175200541a04ef7048e7bdeb7bc3a50

SHA256
8baede5c02bab9c680338d784cc70452cbc37445f23330f200176c3626ad3dee

SHA512
c8da095bef6cdb81a67bb4c0fb1de46525b8ed4b639405dd1254e673c91e12d08bb5473e391866c451bb0e3d0baf0a55793c51a5f878670170b7b971fbe4694e

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-44_1892.log

Filesize
817B

MD5
065184d946bc69b37ba336213a7a3f47

SHA1
81bd4e6e3e8765f27e2776d08c5d54223e3efb96

SHA256
4cc88638a0fd5ff34d19f7975bf8d71c3554be7c27d58f3665d028d581ccde84

SHA512
cc37397c795575a986127e5b9db851821a672bf94a37210a8d804ad59a2e01289d2b839eed0326c5afac8169846ab307fe35e3a7a4df523b3d4399a3eaacec49

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-44_6300.log

Filesize
796B

MD5
31658fbb4ef28529307a03e14e7fc666

SHA1
05dde0501a615d060e383a070b516a0096741da5

SHA256
b75f56c8ca3ab5b2bbef71446364720640cc638757a1fad3a5b3e333b7abbf48

SHA512
a5419fbc4de0edd3baee4848f49ed321dafdfce00276493ac2f32b809559a33d835ffee0065643538dd74fd7ec56a177447e76ab895e550fd3ca3410e0ee08ef

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-44_6412.log

Filesize
796B

MD5
af5582e8adbad8f6248f9c9652fb2281

SHA1
022ea5ea121ce6feca53a935fcc994bc87e3f999

SHA256
12567da50f91a9c3bbdc83544513bffed08b2ba86e17b13a561aa8405d7ebbdc

SHA512
b25f54d9a5307fce919def9eb852f34c5cc45cf3e13fc1d6cdaf37020d7baa16c0077fb92fa845ac1a51233803a1595250863b87ca5e5da92cdc0d4909c4b73f

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-44_6452.log

Filesize
817B

MD5
c2f30f9e91ba57b5409ef80ebb4407c0

SHA1
8ff975760dbc1605125cf0637888a7a5b3ed2cfc

SHA256
59eeac78d77465d65fe73ad318b5449eb232a479094275a2eb454a7fd9bf733c

SHA512
cd9dfeccf018141c91c8b4f4fed9bb6b2d74a602d89c869cf0fcc0b8d9c40fdb6627d942a18fb35c48bebaaab5c9acf44bf193b951690e15568b3e35058c8377

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-44_6604.log

Filesize
796B

MD5
ca4e0682825270962773b18ae9f423b6

SHA1
572c2cc596a235fcb8fd5784546c9134280b0b72

SHA256
61b0083ce531722b99c17e1700baf42ccd78685144447c7d4145054025793a4d

SHA512
b133f10cf7f6ef9f8d99229f6c17e5467f0d4e447b19d04a9a0993c58b57dc444366fbaa3ef109fe73c0f8cd2fcf0c74fd85b0935abd67499782364f81e5f98b

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-44_6604.log

Filesize
2KB

MD5
40d8f6fc3d6b5e92f22893d78c94b243

SHA1
a38146b926384166969bba12e13ceda7a8f919bb

SHA256
f6f50fc67fd6469eb5bb0547cfa8bfe37e10483bc2a2fa85c34431934f56da1b

SHA512
2f32c014140f99befc1d325e49ef9a195b2a67b1fa92cec881680586a89f441f7bd406739acf0abef152b3a62e40e1cfa74e8c5f9584d74935367d2fa4ac19de

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-44_6612.log

Filesize
817B

MD5
9d9dd93557fad1a7dfff9aa883d6ce30

SHA1
773070812be39fbe66d50bf80e53e3eb8dc23ca5

SHA256
954a336150cb23aa15a475dd192cd67ffb94cf61cb8dfd9776912bd4b2b50b64

SHA512
6ea7503e47f27370308f1f6dd7fc46001d81fa9708092e35e8b3f9e6539e59078d7d6b2eec08566bbbc9bde05480ca85e4928afca1a47302ba477058d123edd3

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-45_1592.log

Filesize
796B

MD5
84caf7e83862c9edcfc716af68d0b01a

SHA1
fe52ca4007c71a2620bb618f3c4cf3d524035e95

SHA256
3041d55182bf0c61076fdcbac14e68457ab187fda64e708e505e8344fbd8e265

SHA512
a454955af947b0bfcbb2e3267c329bb896b7c3ed7f1cb469c96f53fe6396f44b31f30c9148a66cd4fa217b5f977b6e686cdfa44bb77ad394553819b1fcef43bd

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Log\InstallerTrace_2024-10-18_23-45_5960.log

Filesize
796B

MD5
d3139ac1a3bfe96744f2d4c990e0c099

SHA1
14ede6e5edf899c810193e193e75cfe61d64c0a1

SHA256
c040108ab5ef30bd08734ccd2d8af6976398701ac713a2be2adbd794b1c1ff49

SHA512
c4ce52b6d97e9697e00129e38428df80e1fe8e7a87e001908609014d2bb45d612824682810dbd72cbd21a76f783c05e134c4dcb4c7e72a798f1a71c4e77217fa

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\OWInstall.log

Filesize
18B

MD5
07e605d2d7609cf336ea1708e86b5a0c

SHA1
e7454461893e305ecdb72556e16e001617d718f9

SHA256
c69ad6c6a1d6d89336e18db86a6c852ab60c0ceb367c79922807e55de7be49dd

SHA512
5a8933d0b2e3441b6cc6e1881bd513d0f5fec939f0108b46d3578a6315283d44af65b60329e5cd528bac308dd21f1ea71daa618a9553a06b77ccba278d23496d

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml

Filesize
752B

MD5
e9c73ab4df1797a929dfb30917c50c5b

SHA1
4ab77c1e143483b0de1f59ae03aef837b25279a7

SHA256
e3bb193ed0728e19fe988a16909f3c5254d8eaf04ae931cb4659b67f5657c4de

SHA512
d4bed1037b6f16eb55c00beb85e278a884772023db50e879de714c41b979da13ea7a6fc64eb9459ce6a6e2e6588b723bce0de65f6d9e2729afb3eb7b95a6e709

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml

Filesize
752B

MD5
025894510855e5246a2d3f094b3df18f

SHA1
77635722001241f055c96a219753908b812b7fe9

SHA256
adbb117f2ac8aaa7e0702c3d8fef98cee5d238bc83c5982d4aab29f2bfa6886c

SHA512
4d28bdb47824e024a2902ce30f5f0896b4b0efb5c112bdf06cf7260033deecb999532e36e7545710205d5d1cfeeea14cad5cb6328d28b0151f2e979c4d649a34

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Settings\bak\SettingsPageBasic.xml.bak

Filesize
807B

MD5
4528693a06732906bb9d8b630387d75c

SHA1
7e32deaac2ce4aa9a5aa30ae8c6c8ae15c907d8a

SHA256
1f1530e343bcf1a1abf6afc4d98de1da60de566d3637ff7e14776d380747e826

SHA512
502fc5749af0b7d5a373806ffe386ecfab9f3162a0860416f7c167b494b1db1eb76a9a1324e10613fae8cbc2187b4f39dd81d9f09a80b5b225ec4012fc359c1d

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Settings\bak\SettingsPageBasic.xml.bak

Filesize
807B

MD5
0202d2df67fea799c045eda65dfe154a

SHA1
99aad5e0999041e8f34d2639a654d2ef8e4f624b

SHA256
37c8dfdf78243d155aa6660b12da8862edc5770882d5251a17538bb72dab11f1

SHA512
242b3bc1e353036148c0204593fd754a7932d97e1e6e5f49a45767584acdba916cacd937fd8711faf24e5097bf3a4e933d7cea2bcfab26c2ef54f1bbd1e232a3

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Temp\57003f0f25664bd4846d510a8550e1a1

Filesize
86KB

MD5
1578b79f76607834b2cd5b9a007073b9

SHA1
41adeef0758441c5e4bd3efca5bd1428ce2e74fb

SHA256
51b19eb07bf519ae16b1b89a432d91df16645335e29ee09e6c03dcc2df061a1a

SHA512
ad7c7bdb5f4bdf86412c136a847fe04025c6295f93522bf6c41c0e32d7c7421d716d06e8f225c2e1041b8934405bb2e32044847d957cb73f793b7d287796fc63

Download Submit
C:\Users\Admin\AppData\Local\Overwolf\Temp\8b4078f8f7a449a092e7637f47110635

Filesize
80KB

MD5
ec101f26a3d62957d3c73d2d00012f95

SHA1
784d072f9b4814483df7fcad5f79dd021ca06342

SHA256
c16c81c78dd33c9cbb94f2ebd4583dfa0e09581d55cdf447d1bda1b69b9a422a

SHA512
7e00b93a62060b8224e2fdc2055c63f9985ace23671d424774aa7fa3c7ee30534349072561024e14b2274c1bec99636b964394370ba337328269f24889800b64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA29.tmp\DotNetZip.dll

Filesize
467KB

MD5
190e712f2e3b065ba3d5f63cb9b7725e

SHA1
75c1c8dd93c7c8a4b3719bb77c6e1d1a1620ae12

SHA256
6c512d9943a225d686b26fc832589e4c8bef7c4dd0a8bdfd557d5d27fe5bba0f

SHA512
2b4898d2d6982917612d04442807bd58c37739b2e4b302c94f41e03e685e24b9183b12de2057b3b303483698ad95e3a37795e6eb6d2d3b71e332b59deeca7d02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA29.tmp\INetC.dll

Filesize
34KB

MD5
87050902acf23fa5aa6d6aa61703db97

SHA1
d5555e17151540095a8681cd892b79bce8246832

SHA256
0ecf8b76a413726d2a9c10213ad6e406211330e9e79cfde5024968eedc64a750

SHA512
d75d3fc84a61887ee63bad3e5e38f6df32446fd5c17bedce3edca785030b723b13134b09a9bbbbaca86d5ea07405b8c4afd524cc156a8c1d78f044a22dee9eab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA29.tmp\OWInstaller.exe

Filesize
304KB

MD5
9a23bb798fc16ce5f186b74ec5af5401

SHA1
d01a17ee2ff38198aea27e3e822fb1e7aba53d7a

SHA256
777ef66bc748ad4e07e858664552b58a21caa1f8fce7a9f6d918ada41d617d0e

SHA512
f4aecbc9e3b73ecadc43d0d7663cc54c71eef9741e844c57bfd106d7d516b80d6b782c18757d5481b39c859cb22615811637055921129abb5f906db147380040

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA29.tmp\System.dll

Filesize
21KB

MD5
51bd16a2ea23ae1e7a92cedc6785c82e

SHA1
a9fbaeb9a695b9f2ba8a3ed8f0d95d2bf6a3d36c

SHA256
4dbc79d2b1c7987cc64bb5d014db81bb5108bdd6d8bf3a5f820fac1ded62be33

SHA512
66ffc18b2daf6c4cba01aef0e4af2f006a51aa218eab0f21dc66e47eea0389d2b1748ef0e30d2ec9f0123fd7f38ed3aee964dd6bde5779aaee19ebf55369af79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA29.tmp\UserInfo.dll

Filesize
14KB

MD5
1dd4ca0f4a94155f8d46ec95a20ada4a

SHA1
5869f0d89e5422c5c4ad411e0a6a8d5b2321ff81

SHA256
a27dc3069793535cb64123c27dca8748983d133c8fa5aaddee8cdbc83f16986d

SHA512
f4914edc0357af44ed2855d5807c99c8168b305e6b7904dc865771ad0ee90756038612fe69c67b459c468396d1d39875395b1c8ec69e6da559fb92859204763e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA29.tmp\uac.dll

Filesize
24KB

MD5
861f7e800bb28f68927e65719869409c

SHA1
a12bfcd2b9950e758ead281a9afbf1895bf10539

SHA256
10a0e8cf46038ab3b2c3cf5dce407b9a043a631cbde9a5c8bcf0a54b2566c010

SHA512
f2bf24a0da69bbe4b4a0f0b1bfc5af175a66b8bcc4f5cc379ed0b89166fa9ffe1e16206b41fca7260ac7f8b86f8695b76f016bb371d7642aa71e61e29a3976eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\CommandLine.dll

Filesize
71KB

MD5
29d9046304542e1ce30eba022c49dfcc

SHA1
b93d5a7adae25e6a0bdbb53cc86e39684effa70b

SHA256
dd954bc5c2f8ead7580ee492a242ea3f09dc07b601bfadd1ab5ac804fc54da01

SHA512
ecb1c1317e2c8b7681944b0ebc289da68564166c9b4d4a90897b5788893f03406977265ce4c745315d73562bd5523d02195b095ac055b791ff4a39da81edebb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\Microsoft.Win32.TaskScheduler.dll

Filesize
126KB

MD5
25802e743767fdc032480ce80725ef21

SHA1
d4feac2ad599e6d0a419092b6e771f68c5027c25

SHA256
495a72c7ea5f479b3bc4a9a2782e73a1cd3fc398c6598c0f3c0bb2e57c30b482

SHA512
08a5692cf826f361af45bd4153044c84a2bfd803375c69df6181a8865531f69477fd1244f6e28362c093382f850636495f8ee257267ea76c9b9a4bfe1bb55376

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\Newtonsoft.Json.dll

Filesize
692KB

MD5
98cbb64f074dc600b23a2ee1a0f46448

SHA1
c5e5ec666eeb51ec15d69d27685fe50148893e34

SHA256
7b44639cbfbc8ddac8c7a3de8ffa97a7460bebb0d54e9ff2e1ccdc3a742c2b13

SHA512
eb9eabee5494f5eb1062a33cc605b66d051da6c6990860fe4fd20e5b137458277a636cf27c4f133012d7e0efaa5feb6f48f1e2f342008482c951a6d61feec147

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\OverWolf.Client.CommonUtils.dll

Filesize
650KB

MD5
f927b95203a3d1d253938ead1f8143c6

SHA1
271c063b1d5aaf64ae05677ed765781a4a43e8e7

SHA256
ac480a104d0ec21bb96ec6e5ea3418a3118ea80a07426dcd2e1e01ff41147f40

SHA512
c71e6870b5f9a381e896d870efe2cb0226f02624d62e180a3878e4d1353727da08044eee44ef7ec4ebd692eb5bd4639b0b7d48ff174ff50f51cf32c585d9a8c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\SharpRaven.dll

Filesize
82KB

MD5
551a0903c6598fb93777fb10fcd11e3e

SHA1
2970874eebf32677338f619e77ce8901b4ef96a8

SHA256
cd53520a046058fd26cf0051bff47051948d3b7932234a90a60e3e59e57d6361

SHA512
1186e6c3ae3ff9d392fda5b517d3962357c78af872a7a457b553cd2b84ccf8a399fdaebbb3d3ca60e130b04825e1a1663dc6931644b0a7f1de5fba6b07ec5e5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\log4net.dll

Filesize
247KB

MD5
dc231ea2d0281ba991cb7b16fb89c8e0

SHA1
4f67160e71c27bad9515a8feacd9531de3ca456d

SHA256
a836c425540443be0996b4081deec62b8ce7d0a66bf055e706bba5481af05735

SHA512
d68d513a267bb3500efc45d026262e8061fa4801c7a009abd0aec2a699a553420368a89b02d7463d7dc6418a7f3f1e2a08eaba63286e3c4d9cd1a20b928ad018

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\log4net.dll

Filesize
270KB

MD5
f15c8a9e2876568b3910189b2d493706

SHA1
32634db97e7c1705286cb1ac5ce20bc4e0ec17af

SHA256
ae9c8073c3357c490f5d1c64101362918357c568f6b9380a60b09a4a4c1ff309

SHA512
805cd0a70aba2f1cf66e557d51ad30d42b32fbafcfbc6685ec204bc69847619479f653f4f33a4e466055707880d982eb1574ddab8edfa3c641e51cda950e2a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\nsis7z64.dll

Filesize
514KB

MD5
284c46af1fd2ec3a60ee0c28f276f2a4

SHA1
4d4d41c0af12d928e4e553ab6b80e6b4ab8007bc

SHA256
2368be6d8b21e0047146d3f61f90966a71d0737eed0146bc692b59f3cac97793

SHA512
ca9e4ef79c9c7c5f2282ddeee34ec39a51cddf26dcad4e9f2e42230499b0b898ac2dfd33f25438aa995741d23037fa01a0269823c283b234ecec0f155d3c05ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\utils.dll

Filesize
58KB

MD5
c6b46a5fcdccbf3aeff930b1e5b383d4

SHA1
6d5a8e08de862b283610bad2f6ce44936f439821

SHA256
251ab3e2690562dcfcd510642607f206e6dcf626d06d94b74e1fa8297b1050a0

SHA512
97616475ef425421959489b650810b185488fcb02a1e90406b3014e948e66e5101df583815fd2be26d9c4d293a46b02ba4025426f743e682ed15d228f027f55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaBA2A.tmp\websocket-sharp.dll

Filesize
270KB

MD5
7d7b21a6c7bad831559fe4e5e58cf44b

SHA1
550d610642a99deb6ee22482ce9ea25356b4edd4

SHA256
b93affd08edb54fe4e88be626a95eca78897fb874dc0aab214782b5d27cff7f5

SHA512
19483586da7022077e88672b1a17fa196fb425a4f4f3840ed2cd7a45354de506cafd3b193b881be844909bdea3ba6362e0226b0e485df9442d55b83c37100423

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgBAE5.tmp\OWinstaller.exe.config

Filesize
632B

MD5
82d22e4e19e27e306317513b9bfa70ff

SHA1
ff3c7dd06b7fff9c12b1beaf0ca32517710ac161

SHA256
272e4c5364193e73633caa3793e07509a349b79314ea01808b24fdb12c51b827

SHA512
b0fb708f6bcab923f5b381b7f03b3220793eff69559e895d7cf0e33781358ec2159f9c8276bf8ba81302feda8721327d43607868de5caaa9015d7bb82060a0b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\de\messages.json

Filesize
12KB

MD5
9ad7bb13a28acd7b7be3d35adf80de99

SHA1
0fabddcfd82faed51bb071fcfaa213db2583cb37

SHA256
4442ce287dfadf8d2019e4e975ee1c876d57d847c04715fd215ce03b24d36225

SHA512
9af9d5a66c4d9f39027eec20288bfac7170b43944fc58d6a05359624827a3847c4d90b232d3f1f621eaf3f5dd35172efcc96e763b1ca733dfedf02d4df084951

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\en\messages.json

Filesize
11KB

MD5
02b3d4da2acbe118b1c7752cbc73c563

SHA1
f4dea02036c91100d1d8b641259bf1c261ba795d

SHA256
dad27dea69e2e18dad4489ca8ad16c2dffa6448919ad857375f54463740ffae4

SHA512
bd37a83255fedbaff54e2bc9abcf220e8daf0ba7e76f7874e0415420b6ed3543f29f7e1c3370048af10400fabfe6c061ddddf726ab4ec906793c02ebf852690d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\es\messages.json

Filesize
12KB

MD5
424b1b7afc6cea984341e80a1d5ee07c

SHA1
af56baa273442a6336acf7ef873a1f64423534f3

SHA256
382e9709edcbe0faa5509ec6891beb1063840ff0a6cbbd04c9aa94a376ba4503

SHA512
2347b5e2d5b1f95be3c59461c01b6a3f9d52741510d790a812d61ddbeea5b05f01a67e918862790cf1697a106f9aad65d8035626880c7cba1e1c87456ed473f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\fr\messages.json

Filesize
11KB

MD5
418a72fba9141b5fad2daa67eac89ee9

SHA1
c0e931a1e76543dde2350b2a93fb7adcef49b194

SHA256
d10d6f0c35af598decd2bddb3945ad5987cc8da310446b16a63e9856fb635999

SHA512
1e756322ae19c9a82d66ff74fb48daaad3ec8d873aaaa63103cefc51e4db0c3de4f593f067606641e6027c4b5c256c7e558d4fb1684dc8241ce96c8696fbf000

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\it\messages.json

Filesize
12KB

MD5
14684a817dabf05025d1a8b33b0ec04e

SHA1
fa838b38356c26a345292786df9d868331dd5aae

SHA256
71df04a26c171ee7ed4e13ce7b8d0a7a8e50fe1d554d2297ea96f7371e4179c7

SHA512
194aa1dcec2c50fdfd7431699da3080977bf59198b404e6ffc96f06628fee01d0db127ce041a4be0fe22568760b9fd2da517cb67ed5efc283ac28838f5e7bd23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\ja\messages.json

Filesize
13KB

MD5
d9dd8119873d6e831fbfd768343805f6

SHA1
c4b2c24b8bba9238c10616ac9c01cef088cab092

SHA256
20467128e0afab919e9874dcd7e2d5dd94fcc16f33aa50d0d8243e81d6c089f2

SHA512
b5c456f7655bc3ec23aa733e91940f25cd5f42284e97fb51a95b96b927c75a96ea163628486cb4b890b24ebd6277295fedc79bcd14a2ce7b19471490d9b32a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\ko\messages.json

Filesize
12KB

MD5
17387fe103d0789991d057984b130284

SHA1
1a847b2f82a002a3e3567f4dacf39632b1e2ba35

SHA256
0d483128b1714e8df8d61a3396ea4ffa6e1f6865ad7b5306214d811a2028ea0a

SHA512
123a84497ac56dfde0cb4d52c7c778b1210132662164e1553be98fba06d4b49941b8e11c105749aac1b140b6886a33bd2647d0fcfd7bacbbbfd136ea4ab2cfd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\pl\messages.json

Filesize
12KB

MD5
5ba0db597f102d2b7560631095128f1f

SHA1
10de6855b2c26d00bce493ad5049d030eb7c22f9

SHA256
b8c9eec03aac551f33de55f0be7d5b915d64730b11f0574fed1666e656f2118b

SHA512
e74fd3ad2853f4cffe3bc188d535b86ee5ce81b3a884ddf0c51ee823fb91b30b3d62dc3bd4d38db080d97bee73fbd48102896d76c3153e307461aa82d5e0017a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\pt\messages.json

Filesize
11KB

MD5
3159b26555d81ef9c9d0d153e775c708

SHA1
b855ba4a1f25e6dff65da71b407df1a91180435a

SHA256
7c09f5f4f909d30e1a45b92a517432d296859825876d4e9852a8f509f96d2480

SHA512
ad1c74542a4177fc8e200d2e7943308025a2d691b0b421ffcb580c88cbdc925ef50c43d17bb665a2a59c168e1fd21897d8fb000a71695036533bec4d907c7184

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\ru\messages.json

Filesize
15KB

MD5
c22702df74eb2c41ed92cd3f1fc46cff

SHA1
ba8b25078d053f44c5bf58f8b761baf7984de527

SHA256
764419019b8da2bc3fd0af5ec8ce8899b3a24d90c1abf69087b71fb55acc0515

SHA512
facc5db35301ef8e405561d09dd1e4353ffd665d0577678d63d33a45362277556fcf2ffd930377bbf7631fcb6a32371dd658b45916d990fff3abacf2856632c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\tr\messages.json

Filesize
11KB

MD5
b7695e795776ecf9ac9299c0f30f87f9

SHA1
00361bc0899720beeff341282f2aff5ac43899f5

SHA256
7840b3b78294030927731f914a64e17a2010cb0699447339c2fcd47e909e7d4d

SHA512
a8574f7cc659694ed585580a135baec7faca82162e6fc9c19a88ebde15cb952878d74e43b32012f7f7dcf63b67b097fe62d68db8eb6753ebf353bff8ed07315e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\vi\messages.json

Filesize
13KB

MD5
ff03f3797fcdc074fd32a57f8ab36d4f

SHA1
07d382fa4558607d502aa6a6d2de797a0269b4e6

SHA256
231a647e4ac1fcc53c008c7a07af4ddbf6e7faad38cf6eb593974ad9cda444b4

SHA512
7e85fccec49f0e3df37c410a49f689293abadfebc55b9ac3f5a47b7a868503175c0efe957e7ea422bb0d58eb6a200422a394f530724d0fcb6e5d7b5643a12df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\zh-tw\messages.json

Filesize
11KB

MD5
363616514628c643de23e2b9b596c2a9

SHA1
4cd78e19d704d3eb470ebe0b4789bce6cdee64ec

SHA256
d10b26d1cb08ba5b4c9ac17439a641f82b7404823f4ab8bc3d793c0c4bf01117

SHA512
d1609f3a4ffc45b3003056e6a66ea39be43ee73aaf1d6488b4fa86f37e176388191d3cbdb30506c0472c3d98d3c1c5b3f62de028dc495b23abfa57f84015614d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\_locales\zh\messages.json

Filesize
10KB

MD5
6bfb7e28c38ce417f9ae53b9282a3e90

SHA1
5e7723fc7e5e965fe84a1fb8fc22fc07eb19bea7

SHA256
28ec01002632aa8e3a46078d590c4cd707faf2a2f0e4071d6f8572d4b90a4ea2

SHA512
126ad8f28af186b9a7868497ec1789b85031373c0ab3e9f7df84d7a6773064e490ab1fdbb94c3bec19626080bb455a2231ec4a45de2a24e041d4478a52bb4055

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\assets\fonts\klavika\KlavikaWebBasicMedium.eot

Filesize
27KB

MD5
ddd851603ecdbf74a113ae2e741fb487

SHA1
36449c0d56578c22df9c6918840d808aebd3e97e

SHA256
41146279fcb503008ab14c89e3e9a1737dc92499b07e36f9bbbd40b82dc3a793

SHA512
67b84413462158a114018c413bc8a32731d00f439d6998ec1577fb7d27df4316edd9acf9c94dededb918fc7ce6fb8523af85e03dae0b94e5a2b505e6998e0053

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\assets\fonts\klavika\KlavikaWebBasicRegular.eot

Filesize
30KB

MD5
8c176ec2a2ccf48958f8cbfc5114818f

SHA1
dd93db072bfb8ade37da99c8e56bda5c4259feb8

SHA256
83f615ecdb758eb2fd5357b89a9e0424bba9ce66ba2f8ccd93986f7d03998b5b

SHA512
c2ea009102f1a47313ed3d85f391ea23a9bed3378f965f4450befc5347b086f752fdb5b41ef0f2f6dab674f3095e7dda2837294b4d21ea9268551bffbcac5c4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\assets\fonts\lato\LatoLatin-Regular.eot

Filesize
66KB

MD5
6cfad5881181ae658a6efdd68889a690

SHA1
5b54f6ccc20ed3a078fbdf94d7a68ac80002624d

SHA256
c6c970b103b3c3aa83f7a45172619a4451ea5f015f9f3ef4fd08c9a4aa895cbc

SHA512
ddd3d43540eb3d4eef48d0834136de1e7bf23a52f286d0a666cf57c7d685aadf1cea6d37c88f9d7ce5ad6143d7c3213f54b16a11f616b7dce154bba50997bbe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\cmp.html

Filesize
5KB

MD5
d7b8b31b190e552677589cfd4cbb5d8e

SHA1
09ffb3c63991d5c932c819393de489268bd3ab88

SHA256
6c21e8c07ce28327dca05f873d73fe85d5473f9b22a751a4d3d28931f5d0c74f

SHA512
32794507a4b9a12e52ceb583222cb93300e38c634a72ea3f51a0189127aba60cf476fb7918942355a4f826185d7071e876cb40348ba34cf5d1ca7e9546ccb310

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\css\styles.min.css

Filesize
14KB

MD5
a205363a8b123d65909896daf16a2eb2

SHA1
17d99f7889d61b56a44509e45465fe413ace29d0

SHA256
ef423e07b8a0ce201d438ffb8501899c6ae9d20fee079707b03b32bce8857591

SHA512
c65cd1f376838ef700a1826117c61d10151c06a8d1e869a2c5c2f0f282cf00a8dde4d6ee74df01a34824e6f84d9c694217af23354f490eafd5814493e4837521

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\game_detection_database.json

Filesize
27KB

MD5
336d26d3e0ab31e8dc102ea86c48fa26

SHA1
aa0a6a940ffcf7cdd9cfcc86a382890e18fff5c4

SHA256
f30b571b8bb396aa0bca9aa9b80638416ec638de5c4788bc281ac67d3d54ccaf

SHA512
ee1d4ae3236964e0e2aea7c33aa82f44b2b25d9fded16452e00ec09f867031df0539be19fe52c4d638332dc50698b526a7cb11056f5fbf765eb7e0cf832fb49e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\big-icon-fallback.png

Filesize
413B

MD5
435663128120e807ec9c33d5b277198a

SHA1
6de278d5f8850da54405fc3a444cfdf8054f6a05

SHA256
46b318ffab431aa7f0559560632c0eca28a0527fe9ec766e947d3b49708e3de5

SHA512
97cd952ab6833cea217ea6b5f5a83624f4ae1311ac0c4d66f2bb7d61a6c224b7cfb6205074e008ea33aaa7b82474fed4230ec3f4f8f085e884b716ee992624e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\bottom-arrow-hover.png

Filesize
294B

MD5
f5d76b21fcab6cc89fd0ebc1089c2c26

SHA1
160645c02dcfdcd4d6d6a8339557a62b80493e40

SHA256
3b8043e64994a53126afe1250b80fa2934196c3305bf93fd3e7a6963867a6eb9

SHA512
4c4fd737cd771e8e0c025295c598aeb4ffb2d20df10658f7cb992aa49b4817be5d291c0c6530b4e9aaa241ab76df3c52e01a40a505e7b60d1d968a96fd4de991

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\bottom-arrow.png

Filesize
279B

MD5
847fab99890ddd7460e758ad8d463ba9

SHA1
bdf8c1e45993ee33ee0bf9a2e43d6048df71cb8a

SHA256
46bfb08af2269108c681b78373c98e899b4234adce39394322c7dfd6d40dcdac

SHA512
0bd2075c61eafc2946a9431bd4fbbbb141f3743144782376874640e4aae1ee97a05844589661b3a0912b23dacdf57e0a667d8ffa8ccd0f4358e5802e653aef1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\checkbox-checked.png

Filesize
161B

MD5
cb392a851c11a74c80c9a6b7a2804cba

SHA1
750b03afd6f6da79ae81164b5a64dd2c3f4937f1

SHA256
b0718ebac6a1666f75492e0807166ea1b257bbbeed87d64d574e45adaa768173

SHA512
ca3baf5ac8cc1008c3886d68501c49a750efea4c891d85615a8881ae604f1c9205ee71861a8bb615b5978b239aa4e3b8619a56a646ec4d812e0ee7c1dfe05af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\close-hover.png

Filesize
185B

MD5
d07493ccaf895ba1e5a1b230789b06a8

SHA1
c62f9f464db25969516ad57a706b222e100667a1

SHA256
5c95ffffdef5de89cc7b04ddacba9fa4c1280a192fda4138460c72433f0d0230

SHA512
ec5640f9b97ee9d22f8dbc1d685048acc6c67338eb701c42522a0e72edd3b180677405d458c49cd73ee23b8ebef85beabd66909a6572665abc1b25cb6d0f074a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\close-normal.png

Filesize
330B

MD5
1acb62ec3fa5a82347c330512f2259d6

SHA1
c81389f19687e791bc4ada896620b17471371c04

SHA256
e8bd82cb680ae552f587a3f0bdc1df18fc7624dffec501840cc508d327baeec3

SHA512
a6693f68c41f8a7c137f3129403b14144329c132b99956ff2c1cc5317b046eaec70aef82c7c05b9220c3c3a7f2a417718fb65bbbe486250c05191778456f602a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\header-logo.png

Filesize
1KB

MD5
b51f37fbd94cb7d7f45dab73fa5bcfb9

SHA1
2c3aae0f065216cfec01339da2c60282312079c0

SHA256
e83b38f1f699ed4df739fa632d55a422e6d35b19261081a5bfccd2bc4669c5de

SHA512
4a7c0a654c3d4da9b9b77aad46d68d2da370b8b54fef325e6ea8972b202541c134ee937db6d71dd549d405241fb15a043d2dce0734312f72222cf5a21e5827bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\icon-fallback.png

Filesize
213B

MD5
3880ad80fd07870118b0aeb8fff308d4

SHA1
37b30e87d89d3bc56eb5ca3f8ec6c7f22e5ee6a1

SHA256
772fe7450824cb84dbcbc9cdb401278dec1a511ca3ae2cceb073e8bf4dc8fa61

SHA512
3917e7b6623f284a0378702e489a5131c3ad328827a87e1332d24a89d6e54d68e7dca3e5bfeb0bb22fe54da1572d2d8a9107eec8f36b9ba7db1f50c0a5205d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\icon.ico

Filesize
21KB

MD5
51e75bda8d67975d112b9e3676cfee94

SHA1
681691af738cd40573219a5cb53f0e898f8f81a9

SHA256
2d57121ff4e34cf983bc91b41fdb974883b41efe213bb149e3e81d7d4d10d41e

SHA512
405a4d29e081ff0bffa081ae4f527ebf9c850fcebca9f1a75af05077289bbdb0dd34d1636734b456767df71e06c7d23ac5d5dd364d2f57e970f72aa476088195

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\large-logo.png

Filesize
486B

MD5
91c31a155e202e8ad2c033e61d0bf948

SHA1
3fc81f5f368f90e7104b65adf6b8780d71005f99

SHA256
1bfe389c41dc9897a4b1b5a0e495570a0f3671fad73d42307cbde1a82ae1be17

SHA512
ef89b9edabd3e1f3e9cb8e2ce919b4d29a31ab112297fa6b9c3be2cdd0df548307e3f800de2e027b907422ce87a5edf638d0a410e9afb6de85318ac0173f1e69

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\minimize-hover.png

Filesize
171B

MD5
f4b8851b9ef5a55b0d45392baceb31fb

SHA1
03a87a04dc75579a8568543d40db963b6e9f4051

SHA256
d84b877f7a2d601b1d71cf878b33ff78c94c2d144a0f4d72436a7dcf64e712c2

SHA512
a849659d4ba4e40b924108cd567a58f4b1569afc5c7517a10c26fd6d64422fa61812683292da1c3b19dbe91c63aacd5cd1c5b342ccce98b6815e94b55767ce4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\minimize-normal.png

Filesize
150B

MD5
1bcfd10e50ab56ac335a463ec19b8d33

SHA1
b5054dd1cdd714a6771bc11e43291df361a16ccc

SHA256
aa2b021cd0dd9563705503dad48866eac926c7ace608ff8d00f755afc509f39b

SHA512
7257c401db826ed1f4a549b1b899d0fb4a5bcc3c599ced49b07a64fc308b08fb208dc378a32d9c3cd193b4d603ae76f82bb297334998ca6abb790081a5467edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\more-info.png

Filesize
539B

MD5
c6911391ca719b6ece307854f40d02be

SHA1
451936edbab150559e38a81ec88c75de052bb14b

SHA256
b110d583d920fb1065fc7eb587e4f2a256f99d55eb8a562924e088d9b7a971aa

SHA512
9728920dd81f2554a37119aae1755751e08ce8d22be5df21ad1b8205d3e37f027cbcb32c25193faa6fa6e270574c7d4eff529ca08bf57565b764b338ea8b1c75

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\plus.png

Filesize
178B

MD5
28a150c80834701792d39b58fe16e741

SHA1
f7fa88204163ee7a0df768eb6759bc02b8e1c030

SHA256
d25235a308d7b16b6a8694a3eb8935393d124dd3c58380a6c67d4e4f3382e47f

SHA512
8222a493bae3316a851b66573886b3c63f8d63b68e4da56ba25f37fb46cdc27ac7dc4e10ca1c3912352812eae5ce4492591fbce09ff7ba1a228ecfb2a49f0c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\progress-01-overwolf.png

Filesize
12KB

MD5
3d98876bb3f09090568aa3ef90a84dc0

SHA1
5f98121ef031920b8c8ecab21435cc64bd531c19

SHA256
4da28ba55f43cc1d03d5cf1eeb040985d3bb5fd2a7230667c871254f006c512e

SHA512
2bfb612a6aa0061f123e8d342ab4d049e2f38b2c111f2662d4da8c8a22a73893c5d9743a337766ff2e6346cb04ef2b4c63ea72e5e749b34593fd372889033d6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\progress-02.png

Filesize
9KB

MD5
3781b597e18900a6b779ab588d8a8e21

SHA1
0fd2084a62f507ec802646f7423c9714ba547d7f

SHA256
130eafc5dc7ef993134d0bcff40bfbf11b99d41c63a5c6ad1d70c7ad4db2a5e7

SHA512
22f2cdc6cdd81503d48f8f23c84abbd23c6c9e3a137b7e4e91846823d957abeee348f4e3cff88667a263503ca310d80253187d699f733975133d08b5729e647d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\progress-app-image-01.png

Filesize
2KB

MD5
6276c4f73df3a91718a12878c63dcf24

SHA1
a86fe5338c78dc396f680e489766f8186e6cbe81

SHA256
032335dca37195df73cef1fc5f019bc8705284c3226dbdd54f81d61b714c4915

SHA512
11a4e465614e65a04e72b5d6b80f0c5643d51757a06595168894d3e0a419bd68ad31152221a22ec1fd6db03c5c159d31aa5054f1f4d8c633099477afd6f92607

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\progress-app-image-02.png

Filesize
2KB

MD5
9626ec7a1330f4fa65abb37f08ff6421

SHA1
914801589106fec21ff3d7f5673aa035bb5bf129

SHA256
9363bf7bf35a32278d95b8410bda989c63d9cd09fa17fdcb04d93aef1d433b3c

SHA512
f43caa916f385158cb3a3fb20193a80ce8ee84f1063e6497fa0a9265dd28b8983750d0c44006936aefb9d6b16230d92105bd344707bda8d55e3283b344ec792f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\progress-app-image-03.png

Filesize
1KB

MD5
38ead88ccac4d4f8077e265aafc186bc

SHA1
eb3c2de5065ab597c8e9799a3c31487545ce4828

SHA256
827f9bd53d624da1397e0f8d3a68fa96bbe7146b74f6ea8af5cd6acfc3839cd5

SHA512
a473af7f5d1dd87a670b1d7f1c9e34d66d7bbc77647dc72d540acf97e1d296bbaa59469663354ae4223423688142d6d828e35f571d37bd7ae813274ccfcec519

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\small-logo.png

Filesize
523B

MD5
ef0803e881fe7bba90e5e9ec1678d950

SHA1
43e9ac35b2f4bc22e404bb2362eaa7bfef24f9bf

SHA256
0ee19b8f79232886f6234cc6dc21c0327e90df94a189c5effe1d8a6444543726

SHA512
11c6126429f4fc3ea32edf6132dbad840a1df35f58237c8730f5171c491588425190897f4370545bcc4ed4d42838dd95a2789a3b6ca20cf8cbc7bef78472f253

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\tile-fallback.png

Filesize
935B

MD5
0148cc4040f730247ce079e723fc030b

SHA1
ee316fdbaa54a7cb5cd350adc4919787e7edb63c

SHA256
d173d88df0d31e3d4f83b299cba4ec031dd286dff2f963e58d747617649108a2

SHA512
a441046265ccbc2e8e25bba5e10a46d65f28d2a9100ee12742e0ef5da943461996cc036f57031ef6c21fb0929ebb941e27874a08e53677e46ea28c097136cc75

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\v-check.png

Filesize
885B

MD5
cdd7415f59e5c003dd5956b971a3cde1

SHA1
89a3cd6591cd66fde5fe389a216272cf11d7696f

SHA256
af10225db6ff7d4b67d00b12f37b211c1f368bb99ae900856b023ce5999dc9ae

SHA512
bf36f6ed5f9a5bd9da0bdcb0baa03ad73e12e4d30ef64752e14c307280825e994deee50c5436f683048711104634f0410684188d47f5698dfe5309ae4f55b2a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\images\welcome-logo.png

Filesize
995B

MD5
860785e1633b7a170ec443f4d36551c7

SHA1
f5a3401fdb22bffabbaae7f912f93cddbb7ea148

SHA256
2e3dced384fe419468973dcb074794b1444f48bce8f96217aa5e3a98c34e4c01

SHA512
217b2177b9f990ee27d1e169dca9f99da18e9bd41fc6d7a5ce7d01cf9e35a23f343763835424125b3fa73de196579054e56542e5885327c6922deeb34fd78e16

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\index.html

Filesize
20KB

MD5
c7b752acf6d1e10f3aca2c67b1ccf4d3

SHA1
ab793cb43e0c2b5af0fdcbf90d0d29d5d3e164f7

SHA256
69b9f99f6611f953d94984ac35bdaf9e9817f689e1e3614976bebe3465c613fc

SHA512
120addd79b7ade4f35b426c02631c8167d81080fde30a01b989453113f7547784e525d53bede41ede0c9b3caca8513060753ba51f75bf6936d32ee597d642576

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\app.js

Filesize
21KB

MD5
de88fce9253d26e0c61daa1783baa775

SHA1
07c5848354a247056baad369059aac9d3c940ecc

SHA256
993f140f9f4e5cdbdcc657a3c159328bf58b3483dbc27c451516a556763a79ba

SHA512
71ddd47ef7ed7c02fb31e8ffa2ea6d1b5178dbda2ab37bac208e088c8ba2127e0cf5eaa74ee7ad5809fa69e534853312c6c8775c68aeda63bf0e4a5caefa39b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\block_inputs.js

Filesize
789B

MD5
b5b52c92b90f4283a761cb8a40860c75

SHA1
7212e7e566795017e179e7b9c9bf223b0cdb9ec2

SHA256
f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544

SHA512
16ad53ede5424ca1384e3caea25225589e9eec9e80e2d845948802db90fad222f709a7b651cd7601a34ba67a0627433f25764638fd542cbd4612871308e7b353

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\libs\cmp.bundle.js

Filesize
347KB

MD5
deb60b40df89edecd35ea3d1410ef7a6

SHA1
9899f48d1b29c6a51e4b80ce0579ec4f51b72c74

SHA256
2eed337a035bfcba83bdf00686f236319bfdcdc5c5b4d57541cf855bfe4fd67a

SHA512
484daa9e6423c4aa90b310f7c957f850109afd4ef30ff0dc57e05d7ea30f9ae12dbed862197ac9f1ee99b26a7204ba14d1a95d8a8a6f5064a825e5d861fb8705

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\libs\jquery-1.10.2.min.js

Filesize
90KB

MD5
44e3f0db3e4ab6fedc5758c05cf27591

SHA1
2d408aa1d35661019c95adcc60b78c0727ed25b4

SHA256
bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144

SHA512
4d4844e53e686fc59a52e86588f328dca3ed6fdad7195c58942a98c51755a24981b903ee7c7b27785375eaad5a7d9501cf74b999674b79f214e66103bad9efdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\models\notifications.js

Filesize
5KB

MD5
85afdf9897bb1236eff3afa40d15ece6

SHA1
4362bdd139458eaf4a2dcb34294b43e2d53f4a26

SHA256
9dd03dfc92bcb74f3725aae60e904c0a56cc84f299bbb8e863a869719f6fdd32

SHA512
4ab86c6bafba18f53f01ca913ceaa80f14900107069a1d5f65b108d35690bd8b50b1a6cdf1563fc5775909f69208dabebd139f3cf3d8576269d560d57cf9994c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\utils\analytics.js

Filesize
4KB

MD5
525281e9959af4c1c0d11b9243c798a1

SHA1
237a84c5b57bd132f48446d718b20640cb28c263

SHA256
c37f0699cf8ba7d9e3e0f73f1b2af65f4bdc2a31f44594ffc8c73e98b6c2fd1d

SHA512
fe5bafda7773e69c65dd63270e0306abcd39cb2d886b675ab8c714ae0833efde963b69623d468551a1ab37f1db1a1d457f1568f7a29d9cf0bb23bb0edcab5fc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\utils\commands.js

Filesize
13KB

MD5
a25b49d085333ece9aadd1f285795925

SHA1
53341dcca297a969a8ff37265935488f1790307e

SHA256
acbf59ce6aa668880f65aab2bfe62305415c76301b40bc7f72777f0b08840b71

SHA512
0a2cb6f4e1af0c4205e38ba1e12c208e6ea4f8f8e3956c9d10b312aa9a6929b99ec967aee7aa1f54da97ca6ea354f8bd7f624359cfd05c6241a5f4bf59843b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\utils\cookies.js

Filesize
1KB

MD5
6c60e675f8c8c68c0174b644d3a63a2a

SHA1
3635a3fe07ccc4a6f33a986ddb690522d0611abb

SHA256
9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287

SHA512
1dc9ec7b139bcf37107ecd673c01e4fcc606332ea1645a4a1b4e5d95f817d4c99d5964cd3d941a6a526689341d9623b17b4efc002cdf4c73404299d52b1be452

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\utils\modal-events-delegate.js

Filesize
1KB

MD5
117e4fdbdb0ecf211c8bd909efd337d1

SHA1
9f8684d856b7c95bdffb139217dfd89f41373187

SHA256
267661f932a2ea78d8c7a98cc03d1b18d7cb8132deb84636772ecd1fcfbe4857

SHA512
f474ee20b59d3d0c11f9f6aee6b6e2b66f7025beaec9841f88455e60533dc96cb4e27910be0dae92b0028c5578932b7f459fdb91d594ad010f72a3b3af6addb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\utils\strings-loader.js

Filesize
5KB

MD5
9c94eb933d8a43dd3825e67a7e30c980

SHA1
7ec7b16af6f399219209ba5967d377040486a11b

SHA256
96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf

SHA512
a662a299e31633f71a9b9675970359430fdac06dcc284fd7ce92919f244c7f921639f97a42356e993a95865e6c9f198dcba82c126f82065bf2009a31ec9b02f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\utils\utils.js

Filesize
118B

MD5
a0952ebeab701c05c75710c33d725e7e

SHA1
1da8a2e889f1213d481ae3cd5571670c01e64adc

SHA256
b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246

SHA512
5e5ae616d3fded7d2bf47a326242c4477ca3119fb52897bfb41de0be230ccbd6c3da2c00268b3973e9bf7b4f2886aba64fd9719b448662e4130ee66d87913389

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\cri\cri-controller.js

Filesize
3KB

MD5
4e4b4a9e2d86ae3c108105078db6d730

SHA1
826946be793c999316af6c1db10523950b18ea2c

SHA256
cee7fc5a36a01a439125be031923d7e7415ec56194255048098169a0108034b7

SHA512
1420065cd000ce9b9c39d27b5dc5f4055f67146e06573a03184649851c9745f0c0af2b5e35b41b5923703dd74e32f9ed95fc59a43db25f854584e319950beffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\cri\template.js

Filesize
1KB

MD5
76c1ef0cb437db144c2bed53a5a8a5d7

SHA1
aaab8fff649f8e46d1e9510018118ee9abe01498

SHA256
505d3c4de7d9cf8f0155b5b1a3c8792bc0ca2eda6781b441bd85455f144be22e

SHA512
822bf9feda91c89539d263c6c9053163e8dfa3c511195bc61a9b608b4687fb4048733323f03dd30a7ab661a4be4acf6c8d8ae7bb6723771122540a9551899c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js

Filesize
1KB

MD5
eb6d6bd7e05d4477e2704dd87b57ca35

SHA1
f42672ec1e23a3f4bcc2952746d87ba8deff44be

SHA256
5ca97132a258ed1f36e401d70ccb95be2c9e18395e6010c40f61172914477de5

SHA512
1402d611f910cf5078e804175fa4693b591348d3e7cf6d0a6bbe026c259eb9e0bc285233c80cb2f4690674c3e927bc72fbdcbe758826b98fd02ecb3ed82e339a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\finish-with-recommended-app\template.js

Filesize
681B

MD5
d1cb34b57cef7e28b9286454b197b712

SHA1
f3a964b319bab82d4eda07e126bbfd6dec35c349

SHA256
b61dfc304b46e8cd95d7b15bb93c6160b30523a1a093397a84fc8b8bed00ac42

SHA512
3a07de9c58134edbb7998f85e6d037a0cd066e32c4daa07594a949a7574f5693153bbcdb59739e1a92e847ab1128e2369fb30ba76a7b9cdfa9a37a409db691c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\finish\finish-controller.js

Filesize
1KB

MD5
138240ea22084428e9e25583e9156568

SHA1
e8bef7eab5b6e7040b996ec9504436e073444bd9

SHA256
4cb4e1aa25c15ae5f2e63fa4658a8acff0ce63e0f59cb6eb634df2dfe336e2ec

SHA512
e97b81b0ecd964e6e909019353efe4f5582f65763ac4197d754f1c4eea19cfc249900ae597fd33e29f531bb0d1c7e0f010793c59a2b0099fa75ad0b7d01ce8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\finish\template.js

Filesize
1KB

MD5
f092de7ea66d8e920b345f38537fa35d

SHA1
82d107a409f18878307ae0cefe24074db64937c4

SHA256
b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f

SHA512
14942c0122f216c07595cbaae498f9c4d37a2d0fd95f262c332502befdf4566c7a042c4d85702c1d82a111123dde677096195e9efeb1d74eb1dfd4df84d01a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\main\main-controller.js

Filesize
11KB

MD5
15b665a5c915004e1aa7e9e11a710f7e

SHA1
7821924e42bb19d60c572ff80bbaaa04d7aaeefb

SHA256
84dc33e2eb3118fc77a38b0ca53af42c53f6eb85cfb1e8737dbe39fa03515653

SHA512
dd47f7bac0dbaac714e6d2fc91b4c24756ca4acb70bdbc4b54cd5216552d6bb85ba2e1c3c8445c5fb40d116dfab6569945cd74730bb7c8f3cf46e8d08f8afa02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\main\template.js

Filesize
3KB

MD5
a118c7724c208f12083240cafccfd10b

SHA1
f89c676a215b869626737862a08c9eb07d440211

SHA256
63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc

SHA512
9fede79044ae5de7baf5bfba0d5a515ce462a25420026ff45bcf1751e57510023cb40df42d08e880114f62b38ddb218355d5357b725df32a41ae4e6a18414cb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\modal\modal-controller.js

Filesize
2KB

MD5
b04bdfd1c7d09bdbdb94a2455fdd677b

SHA1
f000ba4866ff16d75bfd6cf446763498e19b12b1

SHA256
4565ee81ffe222b31982088b1c18850076e3acf59198ebce08118e12cbd87ea1

SHA512
3cb6ef0a16309046e7f407e7321eb12212b0eec09ec1a04b1d813f6c7a04546714865c3b398a93985041f598156ed905ebd23a64260801281b29ada9bc19ec5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\privacy\privacy-controller.js

Filesize
2KB

MD5
15bbec339f5046f525e3aa96d36c30ec

SHA1
f73d40bf06584737fe327f1eec6f4b0446545226

SHA256
14d9c60cd97f18e74fee2dd80b6a190eaccc526085991f356feb6b4d330a0fc3

SHA512
2b0edfd2d5efb3f739e56eb6f3bcfae4789af3e1639f5f8e5f7530f5af10eb1a61464d665c9d9b2f4eb3796f2445108599d8bea75f1709aa562feebee519da4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\privacy\template.js

Filesize
655B

MD5
cf8d2c26520d7c84e560dfa79e31dcd3

SHA1
716f2ec17480d5cc9c145bc147833fbfc39d36f0

SHA256
95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8

SHA512
d466dcf7e86a4295857020feea281fc89f519f6bf1e79c3b5e1046d0745c9c9010377b1941e06c9a9b2c78a4173ed9909332d5d6c39b05f460e8a863086c895b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\progress\progress-1-controller.js

Filesize
1KB

MD5
82f0b997ed552c52a510a9f2ab29dc3a

SHA1
92aec3a656053c71eccdde610130f5d8008fa96f

SHA256
838bab990ce38372dfedb50eb0a270db705811729630ab8557c08bd1e9e8e105

SHA512
ecf67f877002d746eff8af3a50155aa381513ddafd17b6bff0188c85f0765579fea0112e82e1371f962b1f5decc94b65e6120f21fb516533dac35a2d541065bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\progress\template.js

Filesize
242B

MD5
92b145e6649ba0add3dee9a69d3fa91e

SHA1
4db1a45392ec973cc8a7eecf3a30a9a7ecc7a64d

SHA256
a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab

SHA512
747a087dffdba5c92d9f4c8923615d388b9c4c79d3b71d3cb90487aa37c132290a4f5107eef3055c03eadcb9614e20d4655393dc9251fab7e0ee2438f0d95751

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\settings\settings-controller.js

Filesize
6KB

MD5
378c18dd7d5cee6ca7c4ddd0396b535b

SHA1
d5f81d4fab29201fd1629dc4d8e6f918c0c30479

SHA256
b5c5dc5e0684fd97eb4c45896dc1c2de8a6a6fdc63b6aa83a99103c15787ef35

SHA512
c29416b3f0245f4826d857dc8c52c969071d2410c945bda96f38f59a9bc7137ee534d84865e5ac55a1e3cea6bb705c5d592725af709cd97e7f38ff05dbaafe5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\settings\template.js

Filesize
4KB

MD5
28513de0830383a516028e4a6e7585a0

SHA1
d31fc3a6f4a3ce6c4afb82ff2342a1ed718809e5

SHA256
8014a7c919da249ba2f2196d9c9b62639d20851be426f3ffaef161cbe477c45f

SHA512
0f7321c2ae13145bb694368dae1b74e6fe20e6b09712da2178bc46e6aa65223ab84c38abbf0ed074c85b42dba1a238a5f3f8d1ae060a0af6df748c5befe11b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\welcome\template.js

Filesize
1KB

MD5
17f54fca6723b983875d940d931e0afb

SHA1
01774cd5cea36bd74c80a708d6f77567e8091024

SHA256
42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb

SHA512
401df9a54cd14c19227d91bd08b4775a7b437644b4ca0d1d636d3e07b04591f9c5516e80040ae6a79ba400457d15e3d80aa148a63de870a64664fc5a02f7a038

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\js\windows\welcome\welcome-controller.js

Filesize
2KB

MD5
50f676754862a2ab47a582dd4d79ecf3

SHA1
1cb2f4b11f9f8cfc8dc57ff29d0256dec4811158

SHA256
6155691dbdd66290109afb91617f9cf68af6bd912991d5d27b922f5faa7f530b

SHA512
ccfc89e08fd36f0a694fcda17efb84ca285b6c62afe2e3a794fdad19b6882a4b618645f4d9171673ba56fb4c55fce336d6b8d26dec3a5cc11293ae2b211f499f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\manifest.json

Filesize
691B

MD5
ffd488977307f71e9444b598d3a22e07

SHA1
1e4b34b1ff3a838ccb765089d904f9c9076f91f7

SHA256
37e4f5ecaa49a064560abd3b4d6b680c42715287a0140a8920d2bfb147ff1f38

SHA512
ab9b93a76090665ab03002dd448bc6542e6fa647f92f64703a618d34b4fa845b80ffd93038c825373f85eabcf0b6beb6bf436ac0feb872e9025d39daf4b0e1f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\app\progress.html

Filesize
20KB

MD5
359ae05967ebe29e7f7a3564f0fa3f53

SHA1
3c1a454e8f5445ec890c5c2c11fa9e24bbb8e4bc

SHA256
f2182497ffe118349d8a462cf0eef55f22798a17e91846b194b7298d860ae38b

SHA512
0b61dd5af6feef3e1361a9ddc32dfca2200af44507f8f4e2c0f73ebdcb79e690d1f7561d86bbcace1ba16c37f18d6d40670de2d3e16b88d710180665de51675f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspC4C8.tmp\nsis7z.dll

Filesize
96KB

MD5
f469bfbc7d7fd99facdf7816624fae45

SHA1
d8c90ceff83d211bd0a913ab21a5c90c0c83a301

SHA256
d3cd3d9ba9f8efa659bc142fd454160e5bd3a574002b058818e16132d79bdcd3

SHA512
20ba1dd19eb5c2cd66bc014da0915a16693486c7cea054923a6d1674f3a444b9ec4c3b149fac69498aaf5b54013915ab073180408a082b802110716e80a0b250

Download Submit
C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer (1).exe

Filesize
2.1MB

MD5
d53625b11a7d5f5a3ebb89a65cdb89a6

SHA1
26792e993f34a8d45b8a4ecb91d0d259f7683a72

SHA256
0a715ed1902dfc484122c9e70f501ad4af8333c82064175e8cde0956f7bfc27e

SHA512
4d832c4f36a3d5dd229a15095a70c2a4ea191abbb2105a64b19fcabf31db792f9cd5a2ed75523f84190fc4d972938818fe08e457a775d97e4850664bdb04791d

Download Submit
C:\Users\Admin\Downloads\Buff Achievement Tracker - Installer.exe

Filesize
2.1MB

MD5
63c63393ea418db9e962039d6257ae11

SHA1
e9a63192fea0fef70bd1d0c5d832b384ddbe0442

SHA256
badeee1c3099c7be0c6ea2047d1ae35ee0d4e207b420b9276574ebf1bc3dc9ea

SHA512
7c2e07c628fe2099d17e9e1c940657c041707128057c9cb7aa9d4d2e577fbf5ee35b24d501757f2c9d23e1292bc3e5dd7c47af86e50f8b9e02e814d0a1d867d7

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 205271.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 628453.crdownload

Filesize
2.1MB

MD5
6f681f368bacb360e5d7bbcd4c537cd9

SHA1
df15234ae98eb1b987996ff19758ba23d1c3ac4d

SHA256
93dc54c273a0999fa1adce47bc1e6a24f2853544d7fd8ae3b0a36d40555c9fc5

SHA512
a1c6ea5d1ff5e2de528f19cffed75b9039accbf92fdac9a4ea208123c95b91f8667254a1ccd243bae49386e5c45aefc97ae17f5e5038838b47c30da3f7dbeed0

Download Submit
memory/5212-1466-0x0000013243260000-0x0000013243261000-memory.dmp

Filesize
4KB

Download
memory/5212-1463-0x0000013243260000-0x0000013243261000-memory.dmp

Filesize
4KB

Download
memory/5212-1464-0x0000013243260000-0x0000013243261000-memory.dmp

Filesize
4KB

Download
memory/5212-1467-0x0000013243260000-0x0000013243261000-memory.dmp

Filesize
4KB

Download
memory/5212-1468-0x0000013243260000-0x0000013243261000-memory.dmp

Filesize
4KB

Download
memory/5212-1469-0x0000013243260000-0x0000013243261000-memory.dmp

Filesize
4KB

Download
memory/5212-1470-0x0000013243260000-0x0000013243261000-memory.dmp

Filesize
4KB

Download
memory/5212-1471-0x0000013243260000-0x0000013243261000-memory.dmp

Filesize
4KB

Download
memory/5212-1462-0x0000013243260000-0x0000013243261000-memory.dmp

Filesize
4KB

Download
memory/5220-865-0x00000203F2C10000-0x00000203F2C11000-memory.dmp

Filesize
4KB

Download
memory/5220-862-0x00000203F2C10000-0x00000203F2C11000-memory.dmp

Filesize
4KB

Download
memory/5220-861-0x00000203F2C10000-0x00000203F2C11000-memory.dmp

Filesize
4KB

Download
memory/5220-860-0x00000203F2C10000-0x00000203F2C11000-memory.dmp

Filesize
4KB

Download
memory/5220-859-0x00000203F2C10000-0x00000203F2C11000-memory.dmp

Filesize
4KB

Download
memory/5220-851-0x00000203F2C10000-0x00000203F2C11000-memory.dmp

Filesize
4KB

Download
memory/5220-852-0x00000203F2C10000-0x00000203F2C11000-memory.dmp

Filesize
4KB

Download
memory/5220-850-0x00000203F2C10000-0x00000203F2C11000-memory.dmp

Filesize
4KB

Download
memory/5220-864-0x00000203F2C10000-0x00000203F2C11000-memory.dmp

Filesize
4KB

Download
memory/5220-863-0x00000203F2C10000-0x00000203F2C11000-memory.dmp

Filesize
4KB

Download
memory/5564-868-0x0000025D5CDA0000-0x0000025D5D546000-memory.dmp

Filesize
7.6MB

Download
memory/5656-518-0x00000258327C0000-0x00000258327D8000-memory.dmp

Filesize
96KB

Download
memory/5676-536-0x000001B62AE20000-0x000001B62AED0000-memory.dmp

Filesize
704KB

Download
memory/5676-509-0x000001B62A840000-0x000001B62AD68000-memory.dmp

Filesize
5.2MB

Download
memory/5676-496-0x000001B62A1D0000-0x000001B62A274000-memory.dmp

Filesize
656KB

Download
memory/5676-499-0x000001B6100D0000-0x000001B6100E4000-memory.dmp

Filesize
80KB

Download
memory/5676-491-0x000001B60FCC0000-0x000001B60FD0C000-memory.dmp

Filesize
304KB

Download
memory/5676-512-0x000001B611A40000-0x000001B611A86000-memory.dmp

Filesize
280KB

Download
memory/5676-564-0x000001B62ADF0000-0x000001B62AE12000-memory.dmp

Filesize
136KB

Download