General Info

File name

run_this_if_you_got_balls.exe

Full analysis
https://app.any.run/tasks/ea8b861e-816a-434f-ab73-c7cc8f7dd529
Verdict
Malicious activity
Analysis date
15/01/2022, 01:04:00
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5

e63bf69eccfebfcf7580f4f770db555e

SHA1

65df3e86542a8a6a548c6facbf302213a9b26df7

SHA256

856564abe8d897b441e4a8e44384e8f895be65f32c456cf33f01d2ef34fb3a65

SSDEEP

24576:OpZYvRoNyaooMslvC4AVeJ3H6UaLDd6l0BUL+YDRUSOqgEhTB0m6aoOcn+Ds:UZOWNyovhAVG3Htyd804pXgS0POc+A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • run_this_if_you_got_balls.exe (PID: 3980)
  • run_this_if_you_got_balls.exe (PID: 2528)
  • OWinstaller.exe (PID: 2300)
Drops executable file immediately after starts
  • run_this_if_you_got_balls.exe (PID: 3980)
  • run_this_if_you_got_balls.exe (PID: 2528)
Changes settings of System certificates
  • OWinstaller.exe (PID: 2300)
Application was dropped or rewritten from another process
  • OWinstaller.exe (PID: 2300)
Reads the computer name
  • run_this_if_you_got_balls.exe (PID: 3980)
  • run_this_if_you_got_balls.exe (PID: 2528)
  • OWinstaller.exe (PID: 2300)
Checks supported languages
  • run_this_if_you_got_balls.exe (PID: 3980)
  • run_this_if_you_got_balls.exe (PID: 2528)
  • OWinstaller.exe (PID: 2300)
Application launched itself
  • run_this_if_you_got_balls.exe (PID: 3980)
Executable content was dropped or overwritten
  • run_this_if_you_got_balls.exe (PID: 3980)
  • run_this_if_you_got_balls.exe (PID: 2528)
  • OWinstaller.exe (PID: 2300)
Drops a file that was compiled in debug mode
  • run_this_if_you_got_balls.exe (PID: 2528)
  • OWinstaller.exe (PID: 2300)
Adds / modifies Windows certificates
  • OWinstaller.exe (PID: 2300)
Reads internet explorer settings
  • OWinstaller.exe (PID: 2300)
Reads Environment values
  • OWinstaller.exe (PID: 2300)
  • DxDiag.exe (PID: 2620)
Reads Microsoft Outlook installation path
  • OWinstaller.exe (PID: 2300)
Creates/Modifies COM task schedule object
  • DxDiag.exe (PID: 2620)
Reads settings of System Certificates
  • OWinstaller.exe (PID: 2300)
  • DxDiag.exe (PID: 2620)
Checks Windows Trust Settings
  • OWinstaller.exe (PID: 2300)
  • DxDiag.exe (PID: 2620)
Reads the computer name
  • DxDiag.exe (PID: 2620)
Checks supported languages
  • DxDiag.exe (PID: 2620)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (42.2%)
.exe
|   Win64 Executable (generic) (37.3%)
.dll
|   Win32 Dynamic Link Library (generic) (8.8%)
.exe
|   Win32 Executable (generic) (6%)
.exe
|   Generic Win/DOS Executable (2.7%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2013:12:25 06:01:44+01:00
PEType:
PE32
LinkerVersion:
6
CodeSize:
25088
InitializedDataSize:
186368
UninitializedDataSize:
2048
EntryPoint:
0x3229
OSVersion:
4
ImageVersion:
6
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
2.189.0.3
ProductVersionNumber:
2.189.0.3
FileFlagsMask:
0x0000
FileFlags:
(none)
FileOS:
Win32
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
Comments:
null
CompanyName:
Overwolf Ltd.
FileDescription:
Overwolf
FileVersion:
2.189.0.3
LegalCopyright:
Copyright (C) 2021 Overwolf Ltd. All Rights Reserved.
LegalTrademarks:
null
ProductName:
Overwolf
ProductVersion:
2.189.0.3
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
25-Dec-2013 05:01:44
Detected languages
English - United States
Comments:
null
CompanyName:
Overwolf Ltd.
FileDescription:
Overwolf
FileVersion:
2.189.0.3
LegalCopyright:
Copyright (C) 2021 Overwolf Ltd. All Rights Reserved.
LegalTrademarks:
null
ProductName:
Overwolf
ProductVersion:
2.189.0.3
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000C8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
25-Dec-2013 05:01:44
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_RELOCS_STRIPPED
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0000606C 0x00006200 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.45707
.rdata 0x00008000 0x00001460 0x00001600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.94596
.data 0x0000A000 0x0002AF98 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 3.79535
.ndata 0x00035000 0x00013000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 0
.rsrc 0x00048000 0x00003540 0x00003600 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.28573
Resources
1

2

3

4

103

105

106

111

Imports
    KERNEL32.dll

    USER32.dll

    GDI32.dll

    SHELL32.dll

    ADVAPI32.dll

    COMCTL32.dll

    ole32.dll

    VERSION.dll

Exports

    No exports.

Screenshots

Processes

Total processes
42
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

+
start drop and start run_this_if_you_got_balls.exe run_this_if_you_got_balls.exe owinstaller.exe dxdiag.exe
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3980
CMD
"C:\Users\admin\AppData\Local\Temp\run_this_if_you_got_balls.exe"
Path
C:\Users\admin\AppData\Local\Temp\run_this_if_you_got_balls.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1223
Version:
Company
Overwolf Ltd.
Description
Overwolf
Version
2.189.0.3
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\devobj.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\clbcatq.dll
c:\users\admin\appdata\local\temp\run_this_if_you_got_balls.exe
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msctf.dll
c:\windows\system32\propsys.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shfolder.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\users\admin\appdata\local\temp\nsxea06.tmp\userinfo.dll
c:\windows\system32\secur32.dll
c:\users\admin\appdata\local\temp\nsxea06.tmp\uac.dll
c:\users\admin\appdata\local\temp\nsxea06.tmp\system.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\temp\nsxea06.tmp\nsprocess.dll
c:\windows\system32\mpr.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll

PID
2528
CMD
"C:\Users\admin\AppData\Local\Temp\run_this_if_you_got_balls.exe" /UAC:901A8 /NCRC
Path
C:\Users\admin\AppData\Local\Temp\run_this_if_you_got_balls.exe
Indicators
Parent process
run_this_if_you_got_balls.exe
User
admin
Integrity Level
HIGH
Exit code
1223
Version:
Company
Overwolf Ltd.
Description
Overwolf
Version
2.189.0.3
Modules
Image
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\profapi.dll
c:\users\admin\appdata\local\temp\nsjec1a.tmp\userinfo.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\propsys.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\webio.dll
c:\windows\system32\user32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\users\admin\appdata\local\temp\nsjec1a.tmp\system.dll
c:\users\admin\appdata\local\temp\nsjec1a.tmp\inetc.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\nsjec1a.tmp\uac.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrtremote.dll
c:\users\admin\appdata\local\temp\run_this_if_you_got_balls.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshqos.dll
c:\users\admin\appdata\local\temp\nsjec1a.tmp\owinstaller.exe
c:\windows\system32\fwpuclnt.dll
c:\users\admin\appdata\local\temp\nsjec1a.tmp\utils.dll

PID
2300
CMD
"C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\OWinstaller.exe" Sel=1&Channel=web_dl_btn&Partner=4204&Extension=edoaelkdajnifpnkdfillhjpaimimibflhkhjngh&Name=U.GG&Thanks=https%3A%2F%2Fgo.overwolf.com%2Finstall-successful%2F&UtmSource=ugghome /UAC:901A8 /NCRC -partnerCustomizationLevel 0 -exepath C:\Users\admin\AppData\Local\Temp\run_this_if_you_got_balls.exe
Path
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\OWinstaller.exe
Indicators
Parent process
run_this_if_you_got_balls.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Overwolf
Description
Overwolf Installer
Version
2.187.0.5
Modules
Image
c:\windows\assembly\gac_msil\system.windows.forms\2.0.0.0__b77a5c561934e089\system.windows.forms.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorjit.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\msvcrt.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\mscorlib\23349d393ecff063c3152fcf5229b2ab\mscorlib.ni.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system\e10fc0c922927179f29b495cf47d62dc\system.ni.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\crypt32.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\riched20.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\uxtheme.dll
c:\users\admin\appdata\local\temp\nsjec1a.tmp\owinstaller.exe
c:\windows\system32\lpk.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.drawing\8f5842a3d4d666059db685b319e3a5b3\system.drawing.ni.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.windows.forms\91efd50cedcf22003233d52464c01816\system.windows.forms.ni.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\kernel32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorsec.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\samcli.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.configuration\94fe1557aab4bc059482da7d99e97641\system.configuration.ni.dll
c:\windows\system32\sysmain.dll
c:\windows\system32\tapiperf.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.web\8c2e7f1fa8f0ef49a3ae977b5dddeae5\system.web.ni.dll
c:\windows\system32\winsta.dll
c:\windows\system32\rasman.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\perfctrs.dll
c:\windows\system32\winspool.drv
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\devobj.dll
c:\windows\system32\rasctrs.dll
c:\windows\system32\usbperf.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\tquery.dll
c:\windows\system32\propsys.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.management\bda2113f273e7bf6eba84f3d0d1a66c3\system.management.ni.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\utildll.dll
c:\windows\system32\clbcatq.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.xml\992b101b45c1e2e5563fee65ab5fd691\system.xml.ni.dll
c:\windows\microsoft.net\framework\v2.0.50727\webengine.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\dxdiag.exe
c:\windows\system32\perfts.dll
c:\windows\system32\perfproc.dll
c:\windows\microsoft.net\framework\v2.0.50727\wminet_utils.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\wbem\wmiaprpl.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\ktmw32.dll
c:\program files\microsoft office\office14\olmapi32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\rtutils.dll
c:\windows\microsoft.net\framework\v2.0.50727\culture.dll
c:\windows\microsoft.net\framework\v4.0.30319\perfcounter.dll
c:\windows\system32\esentprf.dll
c:\windows\system32\aspnet_counters.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\system32\pdh.dll
c:\windows\system32\bitsperf.dll
c:\windows\system32\msdtcuiu.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\perfnet.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mtxclu.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\msscntrs.dll
c:\windows\system32\perfdisk.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\netutils.dll
c:\users\admin\appdata\local\overwolf\installercache\owresources.dll
c:\windows\system32\nsi.dll
c:\windows\system32\browcli.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msvcr120_clr0400.dll
c:\windows\system32\msdtcprx.dll
c:\windows\microsoft.net\framework\v4.0.30319\corperfmonext.dll
c:\windows\microsoft.net\framework\v4.0.30319\aspnet_perf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\resutils.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\netfxperf.dll
c:\windows\system32\perfos.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\webio.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\atl.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\assembly\gac_32\system.data\2.0.0.0__b77a5c561934e089\system.data.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\d3d11.dll
c:\windows\assembly\nativeimages_v2.0.50727_32\system.data\022128ba26e9262d96d2fd3645abcce3\system.data.ni.dll
c:\windows\system32\mlang.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\t2embed.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\d3d10warp.dll
c:\windows\assembly\gac\microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\microsoft.mshtml.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\audioses.dll
c:\windows\system32\avrt.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\windowscodecs.dll
c:\windows\system32\midimap.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\schannel.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\uianimation.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\oleacc.dll

PID
2620
CMD
"C:\Windows\System32\DxDiag.exe" /tC:\Users\admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
Path
C:\Windows\System32\DxDiag.exe
Indicators
Parent process
OWinstaller.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Microsoft DirectX Diagnostic Tool
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\d3d11.dll
c:\windows\system32\nsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\dxdiagn.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\dsound.dll
c:\windows\system32\dxdiag.exe
c:\windows\system32\version.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\d3d10_1core.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wbemcomn2.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\d3d10.dll
c:\windows\system32\d3d10_1.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imm32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\vga.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\userenv.dll
c:\windows\system32\mscat32.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\profapi.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\propsys.dll
c:\windows\system32\psapi.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\webio.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\drivers\rtkvac.sys
c:\windows\system32\winhttp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\dinput8.dll
c:\windows\system32\hid.dll
c:\windows\system32\spinf.dll
c:\windows\system32\drivers\i8042prt.sys
c:\windows\system32\wtsapi32.dll
c:\windows\system32\sysclass.dll
c:\windows\system32\drivers\usbd.sys
c:\windows\system32\spfileq.dll
c:\windows\system32\drivers\kbdclass.sys
c:\windows\system32\drivers\usbhub.sys
c:\windows\system32\drivers\mouhid.sys
c:\windows\system32\drivers\mouclass.sys
c:\windows\system32\drivers\termdd.sys
c:\windows\system32\drivers\sermouse.sys
c:\windows\system32\wmvsencd.dll
c:\windows\system32\wmvencod.dll
c:\windows\system32\cpfilters.dll
c:\windows\system32\msgsm32.acm
c:\windows\system32\qcap.dll
c:\windows\system32\wmspdmoe.dll
c:\windows\system32\msnp.ax
c:\windows\system32\vbicodec.ax
c:\windows\system32\msdvbnp.ax
c:\windows\system32\encdec.dll
c:\windows\system32\iccvid.dll
c:\windows\system32\qdv.dll
c:\windows\system32\wmvxencd.dll
c:\windows\system32\wmadmoe.dll
c:\windows\system32\imaadp32.acm
c:\windows\system32\msg711.acm
c:\windows\system32\l3codeca.acm
c:\windows\system32\msadp32.acm
c:\windows\system32\avicap32.dll
c:\windows\system32\msvfw32.dll
c:\windows\system32\psisrndr.ax
c:\windows\system32\mpeg2data.ax
c:\windows\system32\mp3dmod.dll
c:\windows\system32\wmvsdecd.dll
c:\windows\system32\mpg4decd.dll
c:\windows\system32\sbe.dll
c:\windows\ehome\mstvcapn.dll
c:\windows\system32\msmpeg2enc.dll
c:\windows\system32\itvdata.dll
c:\windows\system32\wmspdmod.dll
c:\windows\system32\wmadmod.dll
c:\windows\system32\devenum.dll
c:\windows\system32\msdmo.dll
c:\windows\system32\qasf.dll
c:\windows\system32\mp4sdecd.dll
c:\windows\system32\mp43decd.dll
c:\windows\system32\wmpsrcwp.dll
c:\windows\system32\msac3enc.dll
c:\windows\system32\qdvd.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\wstpager.ax
c:\windows\system32\quartz.dll
c:\windows\system32\mpg2splt.ax
c:\windows\ehome\netbridge.dll
c:\windows\system32\vidcap.ax
c:\windows\system32\msrle32.dll
c:\windows\system32\qedit.dll
c:\windows\system32\evr.dll
c:\windows\system32\ksproxy.ax
c:\windows\system32\tsbyuv.dll
c:\windows\system32\vbisurf.ax
c:\windows\ehome\mcx2filter.dll
c:\windows\system32\wmvdecod.dll
c:\windows\system32\cca.dll
c:\windows\ehome\cbva.dll
c:\windows\system32\msmpeg2adec.dll
c:\windows\system32\msyuv.dll
c:\windows\system32\iyuv_32.dll
c:\windows\system32\msvidc32.dll
c:\windows\system32\dispci.dll
c:\windows\system32\drivers\usbport.sys
c:\windows\system32\drivers\usbuhci.sys
c:\windows\system32\wdi.dll
c:\windows\system32\drivers\vgapnp.sys
c:\windows\system32\drivers\usbehci.sys
c:\windows\system32\drivers\servio.sys
c:\windows\system32\drivers\ivshmem.sys
c:\windows\system32\wdfcoinstaller01009.dll
c:\windows\system32\drivers\msisadrv.sys
c:\windows\system32\drivers\intelide.sys
c:\windows\system32\drivers\ataport.sys
c:\windows\system32\drivers\atapi.sys
c:\windows\system32\drivers\pciidex.sys
c:\windows\system32\sysfxui.dll
c:\windows\system32\rtlcpl.exe
c:\windows\system32\mmci.dll
c:\windows\system32\alsndmgr.cpl
c:\windows\system32\rtlcpapi.dll
c:\windows\alcrmv.exe
c:\windows\soundman.exe
c:\windows\system32\drivers\drmk.sys
c:\windows\system32\wmalfxgfxdsp.dll
c:\windows\system32\mmcico.dll
c:\windows\system32\rtkpgext.dll
c:\windows\system32\rtkcfg.dll
c:\windows\system32\rtkapo.dll
c:\windows\system32\drivers\portcls.sys

Registry activity

Total events
22047
Read events
0
Write events
267
Delete events
4

Modification events

PID
Process
Operation
Key
Name
Value
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
187BB8CAAB09D801
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
187BB8CAAB09D801
2528
run_this_if_you_got_balls.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2528
run_this_if_you_got_balls.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\utils.dll
2300
OWinstaller.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0\Linkage
Export
Windows Workflow Foundation 4.0.0.0
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0\Linkage
Export
.NET Memory Cache 4.0
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0\Linkage
Export
MSDTC Bridge 4.0.0.0
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0\Linkage
Export
SMSvcHost 4.0.0.0
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS\Performance
1008
061332CBAB09D801
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl\Performance
1008
56BCDDCBAB09D801
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Overwolf
MUID
21859394-9b15-41ba-bda6-e12e02f6e7ed
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32
EnableConsoleTracing
0
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32
ConsoleTracingMask
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32
FileTracingMask
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32
EnableFileTracing
0
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32
MaxFileSize
1048576
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32
FileDirectory
%windir%\tracing
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASMANCS
FileTracingMask
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASMANCS
MaxFileSize
1048576
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASMANCS
FileDirectory
%windir%\tracing
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASMANCS
ConsoleTracingMask
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASMANCS
EnableConsoleTracing
0
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASMANCS
EnableFileTracing
0
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDetectedUrl
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
187BB8CAAB09D801
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003C010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A86410000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
AE14B9CCAB09D801
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
AE14B9CCAB09D801
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2300
OWinstaller.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1C950E6EF22F84C5645728B922060D7D5A7A3E8
Blob
5C00000001000000040000000010000009000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B060105050703080F0000000100000030000000E4C58A0A499480862DB093ADA2B299298D57D1C586BEE12C4B74D5E13DD4BCBDA6D57BE981EEE012E984E6B83D0B4C7B030000000100000014000000E1C950E6EF22F84C5645728B922060D7D5A7A3E81D0000000100000010000000AFEC13F04D331040C81E81D2B3EC2E24140000000100000014000000E4AF2B26711A2B4827852F52662CEFF08913713E0B0000000100000018000000470054005300200052006F006F00740020005200310000006200000001000000200000002A575471E31340BC21581CBD2CF13E158463203ECE94BCF9D3CC196BF09A5472190000000100000010000000E6FEE6521C735BC60C74EBB251DA3866040000000100000010000000821AEFD4D24AF29FE23D97061470728520000000010000005E0500003082055A30820342A00302010202106E47A9C54B470C0DEC33D089B91CF4E1300D06092A864886F70D01010C05003047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205231301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F7420523130820222300D06092A864886F70D01010105000382020F003082020A0282020100B611028B1EE3A1779B3BDCBF943EB795A7403CA1FD82F97D32068271F6F68C7FFBE8DBBC6A2E9797A38C4BF92BF6B1F9CE841DB1F9C597DEEFB9F2A3E9BC12895EA7AA52ABF82327CBA4B19C63DBD7997EF00A5EEB68A6F4C65A470D4D1033E34EB113A3C8186C4BECFC0990DF9D6429252307A1B4D23D2E60E0CFD20987BBCD48F04DC2C27A888ABBBACF5919D6AF8FB007B09E31F182C1C0DF2EA66D6C190EB5D87E261A45033DB079A49428AD0F7F26E5A808FE96E83C689453EE833A882B159609B2E07A8C2E75D69CEBA756648F964F68AE3D97C2848FC0BC40C00B5CBDF687B3356CAC18507F84E04CCD92D320E933BC5299AF32B529B3252AB448F972E1CA64F7E682108DE89DC28A88FA38668AFC63F901F978FD7B5C77FA7687FAECDFB10E799557B4BD26EFD601D1EB160ABB8E0BB5C5C58A55ABD3ACEA914B29CC19A432254E2AF16544D002CEAACE49B4EA9F7C83B0407BE743ABA76CA38F7D8981FA4CA5FFD58EC3CE4BE0B5D8B38E45CF76C0ED402BFD530FB0A7D53B0DB18AA203DE31ADCC77EA6F7B3ED6DF912212E6BEFAD832FC1063145172DE5DD61693BD296833EF3A66EC078A26DF13D757657827DE5E491400A2007F9AA821B6A9B195B0A5B90D1611DAC76C483C40E07E0D5ACD563CD19705B9CB4BED394B9CC43FD255136E24B0D671FAF4C1BACCED1BF5FE8141D800983D3AC8AE7A98371805950203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414E4AF2B26711A2B4827852F52662CEFF08913713E300D06092A864886F70D01010C0500038202010038960AEE3DB4961E5FEF9D9C0B339F2BE0CAFDD28E0A1F4174A57CAA84D4E5F21EE63752329C0BD1611DBF28C1B6442935757798B27CD9BD74AC8A68E3A9310929016073E3477C53A8904A27EF4BD79F93E78236CE9A680C82E7CFD410166F5F0E995CF61F717DEFEF7B2F7EEA36D697700B15EED75C566A33A5E349380CB87DFB8D85A4B1595EF46AE1DDA1F66444AEE651832166C6113EF3CE47EE9C281F25DAFFAC6695DD350F5CEF202C62FD91BAA9CCFC5A9C93818329974A7C5A72B439D0B777CB79FD693A9237ED6E3865467EE960BD7988975F3812F4EEAF5B82C886D5E1996D8C04F276BA49F66EE96D1E5FA0EF27827640F8A6D3585C0F2C42DA42C67B8834C7C1D8459BC13EC5611DD9635049F634856AE018C56E47AB4142299BF6600DD231D3639823935A008148B4EFCD8ACDC9CF99EED99EAA36E1684B71491436283A3D1DCE9A8F25E68071612BB57BCCF9251681E1315FA1A37E16A49C166A9718BD7672A50B9E1D36E62FA12FBE70910FA8E6DAF8C492406C257E7BB309DCB217AD8044F068A58F9475FF745AE8A8027C0C09E2A94B0BA0850B62B9EFA13192FBEFF65104896CE8A974A1BB17B3B5FD490F7C3CEC831820434ED593BAB434B11F16361F0CE66439164CDCE0FE1DC8A9623D40EACAC53402B4AE89883335DC2C1373D827F1D072EE753B22DE9868665BF1C66347551CBAA5085175A64825
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1C950E6EF22F84C5645728B922060D7D5A7A3E8
Blob
040000000100000010000000821AEFD4D24AF29FE23D970614707285190000000100000010000000E6FEE6521C735BC60C74EBB251DA38666200000001000000200000002A575471E31340BC21581CBD2CF13E158463203ECE94BCF9D3CC196BF09A54720B0000000100000018000000470054005300200052006F006F0074002000520031000000140000000100000014000000E4AF2B26711A2B4827852F52662CEFF08913713E1D0000000100000010000000AFEC13F04D331040C81E81D2B3EC2E24030000000100000014000000E1C950E6EF22F84C5645728B922060D7D5A7A3E80F0000000100000030000000E4C58A0A499480862DB093ADA2B299298D57D1C586BEE12C4B74D5E13DD4BCBDA6D57BE981EEE012E984E6B83D0B4C7B09000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B0601050507030820000000010000005E0500003082055A30820342A00302010202106E47A9C54B470C0DEC33D089B91CF4E1300D06092A864886F70D01010C05003047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205231301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F7420523130820222300D06092A864886F70D01010105000382020F003082020A0282020100B611028B1EE3A1779B3BDCBF943EB795A7403CA1FD82F97D32068271F6F68C7FFBE8DBBC6A2E9797A38C4BF92BF6B1F9CE841DB1F9C597DEEFB9F2A3E9BC12895EA7AA52ABF82327CBA4B19C63DBD7997EF00A5EEB68A6F4C65A470D4D1033E34EB113A3C8186C4BECFC0990DF9D6429252307A1B4D23D2E60E0CFD20987BBCD48F04DC2C27A888ABBBACF5919D6AF8FB007B09E31F182C1C0DF2EA66D6C190EB5D87E261A45033DB079A49428AD0F7F26E5A808FE96E83C689453EE833A882B159609B2E07A8C2E75D69CEBA756648F964F68AE3D97C2848FC0BC40C00B5CBDF687B3356CAC18507F84E04CCD92D320E933BC5299AF32B529B3252AB448F972E1CA64F7E682108DE89DC28A88FA38668AFC63F901F978FD7B5C77FA7687FAECDFB10E799557B4BD26EFD601D1EB160ABB8E0BB5C5C58A55ABD3ACEA914B29CC19A432254E2AF16544D002CEAACE49B4EA9F7C83B0407BE743ABA76CA38F7D8981FA4CA5FFD58EC3CE4BE0B5D8B38E45CF76C0ED402BFD530FB0A7D53B0DB18AA203DE31ADCC77EA6F7B3ED6DF912212E6BEFAD832FC1063145172DE5DD61693BD296833EF3A66EC078A26DF13D757657827DE5E491400A2007F9AA821B6A9B195B0A5B90D1611DAC76C483C40E07E0D5ACD563CD19705B9CB4BED394B9CC43FD255136E24B0D671FAF4C1BACCED1BF5FE8141D800983D3AC8AE7A98371805950203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414E4AF2B26711A2B4827852F52662CEFF08913713E300D06092A864886F70D01010C0500038202010038960AEE3DB4961E5FEF9D9C0B339F2BE0CAFDD28E0A1F4174A57CAA84D4E5F21EE63752329C0BD1611DBF28C1B6442935757798B27CD9BD74AC8A68E3A9310929016073E3477C53A8904A27EF4BD79F93E78236CE9A680C82E7CFD410166F5F0E995CF61F717DEFEF7B2F7EEA36D697700B15EED75C566A33A5E349380CB87DFB8D85A4B1595EF46AE1DDA1F66444AEE651832166C6113EF3CE47EE9C281F25DAFFAC6695DD350F5CEF202C62FD91BAA9CCFC5A9C93818329974A7C5A72B439D0B777CB79FD693A9237ED6E3865467EE960BD7988975F3812F4EEAF5B82C886D5E1996D8C04F276BA49F66EE96D1E5FA0EF27827640F8A6D3585C0F2C42DA42C67B8834C7C1D8459BC13EC5611DD9635049F634856AE018C56E47AB4142299BF6600DD231D3639823935A008148B4EFCD8ACDC9CF99EED99EAA36E1684B71491436283A3D1DCE9A8F25E68071612BB57BCCF9251681E1315FA1A37E16A49C166A9718BD7672A50B9E1D36E62FA12FBE70910FA8E6DAF8C492406C257E7BB309DCB217AD8044F068A58F9475FF745AE8A8027C0C09E2A94B0BA0850B62B9EFA13192FBEFF65104896CE8A974A1BB17B3B5FD490F7C3CEC831820434ED593BAB434B11F16361F0CE66439164CDCE0FE1DC8A9623D40EACAC53402B4AE89883335DC2C1373D827F1D072EE753B22DE9868665BF1C66347551CBAA5085175A64825
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54
Blob
5C000000010000000400000000080000090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B06010505070308190000000100000010000000AD6D6FF31B24013151F279E26A8C33240B000000010000006000000056006500720069005300690067006E00200055006E006900760065007200730061006C00200052006F006F0074002000430065007200740069006600690063006100740069006F006E00200041007500740068006F00720069007400790000006200000001000000200000002399561127A57125DE8CEFEA610DDF2FA078B5C8067F4E828290BFB860E84B3C140000000100000014000000B677FA6948479F5312D5C2EA07327607D19707191D0000000100000010000000439B4D52906DF7A01771D729528723B37F000000010000000C000000300A06082B060105050703017E00000001000000080000000040D0D1B0FFD4010300000001000000140000003679CA35668772304D30A5FB873B0FA77BB70D540F000000010000002000000017FE16F394EC70A5BB0C6784CAB40B1E61025AE9D50ECAA0531D6B4D997BBC5953000000010000004200000030403021060B6086480186F8450107170630123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C00400000001000000100000008EADB501AA4D81E48C1DD1E1140095192000000001000000BD040000308204B9308203A1A0030201020210401AC46421B31321030EBBE4121AC51D300D06092A864886F70D01010B05003081BD310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313A3038060355040B1331286329203230303820566572695369676E2C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79313830360603550403132F566572695369676E20556E6976657273616C20526F6F742043657274696669636174696F6E20417574686F72697479301E170D3038303430323030303030305A170D3337313230313233353935395A3081BD310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313A3038060355040B1331286329203230303820566572695369676E2C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79313830360603550403132F566572695369676E20556E6976657273616C20526F6F742043657274696669636174696F6E20417574686F7269747930820122300D06092A864886F70D01010105000382010F003082010A0282010100C761375EB10134DB62D7159BFF585A8C2323D6608E91D79098837AE65819388CC5F6E56485B4A271FBEDBDB9DACD4D00B4C82D73A5C76971951F393CB244079CE80EFA4D4AC421DF29618F32226182C5871F6E8C7C5F16205144D1704F57EAE31CE3CC79EE58D80EC2B34593C02CE79A172B7B00377A413378E133E2F3101A7F872CBEF6F5F742E2E5BF8762895F004BDFC5DDE4754432413A1E716E69CB0B754608D1CAD22B95D0CFFBB9406B648C574DFC13117984ED5E54F6349F0801F3102506174ADAF11D7A666B986066A4D9EFD22E82F1F0EF09EA44C9156AE2036E33D3AC9F5500C7F6086A94B95FDCE033F18460F95B2711B4FC16F2BB566A80258D0203010001A381B23081AF300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106306D06082B0601050507010C0461305FA15DA05B3059305730551609696D6167652F6769663021301F300706052B0E03021A04148FE5D31A86AC8D8E6BC3CF806AD448182C7B192E30251623687474703A2F2F6C6F676F2E766572697369676E2E636F6D2F76736C6F676F2E676966301D0603551D0E04160414B677FA6948479F5312D5C2EA07327607D1970719300D06092A864886F70D01010B050003820101004AF8F8B003E62C677BE4947763CC6E4CF97D0E0DDCC8B935B9704F63FA24FA6C838C479D3B63F39AF976329591B177BCAC9ABEB1E43121C68195565A0EB1C2D4B1A659ACF163CBB84C1D59904AEF9016281F5AAE10FB8150380C6CCCF13DC3F563E3B3E321C92439E9FD156646F41B11D04D73A37D46F93DEDA85F62D4F13FF8E074572B189D81B4C428DA9497A570EBAC1DBE0711F0D5DBDDE58CF0D532B083E657E28FBFBEA1AABF3D1DB5D438EAD7B05C3A4F6A3F8FC0666C63AAE9D9A416F481D195140E7DCD9534D9D28F7073817B9C7EBD9861D845879890C5EB8630C635BFF0FFC35588834BEF05920671F2B89893B7ECCD8261F138E64F97982A5A8D
2300
OWinstaller.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54
Blob
0400000001000000100000008EADB501AA4D81E48C1DD1E11400951953000000010000004200000030403021060B6086480186F8450107170630123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C00F000000010000002000000017FE16F394EC70A5BB0C6784CAB40B1E61025AE9D50ECAA0531D6B4D997BBC590300000001000000140000003679CA35668772304D30A5FB873B0FA77BB70D547E00000001000000080000000040D0D1B0FFD4017F000000010000000C000000300A06082B060105050703011D0000000100000010000000439B4D52906DF7A01771D729528723B3140000000100000014000000B677FA6948479F5312D5C2EA07327607D19707196200000001000000200000002399561127A57125DE8CEFEA610DDF2FA078B5C8067F4E828290BFB860E84B3C0B000000010000006000000056006500720069005300690067006E00200055006E006900760065007200730061006C00200052006F006F0074002000430065007200740069006600690063006100740069006F006E00200041007500740068006F0072006900740079000000190000000100000010000000AD6D6FF31B24013151F279E26A8C3324090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B060105050703082000000001000000BD040000308204B9308203A1A0030201020210401AC46421B31321030EBBE4121AC51D300D06092A864886F70D01010B05003081BD310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313A3038060355040B1331286329203230303820566572695369676E2C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79313830360603550403132F566572695369676E20556E6976657273616C20526F6F742043657274696669636174696F6E20417574686F72697479301E170D3038303430323030303030305A170D3337313230313233353935395A3081BD310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313A3038060355040B1331286329203230303820566572695369676E2C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79313830360603550403132F566572695369676E20556E6976657273616C20526F6F742043657274696669636174696F6E20417574686F7269747930820122300D06092A864886F70D01010105000382010F003082010A0282010100C761375EB10134DB62D7159BFF585A8C2323D6608E91D79098837AE65819388CC5F6E56485B4A271FBEDBDB9DACD4D00B4C82D73A5C76971951F393CB244079CE80EFA4D4AC421DF29618F32226182C5871F6E8C7C5F16205144D1704F57EAE31CE3CC79EE58D80EC2B34593C02CE79A172B7B00377A413378E133E2F3101A7F872CBEF6F5F742E2E5BF8762895F004BDFC5DDE4754432413A1E716E69CB0B754608D1CAD22B95D0CFFBB9406B648C574DFC13117984ED5E54F6349F0801F3102506174ADAF11D7A666B986066A4D9EFD22E82F1F0EF09EA44C9156AE2036E33D3AC9F5500C7F6086A94B95FDCE033F18460F95B2711B4FC16F2BB566A80258D0203010001A381B23081AF300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106306D06082B0601050507010C0461305FA15DA05B3059305730551609696D6167652F6769663021301F300706052B0E03021A04148FE5D31A86AC8D8E6BC3CF806AD448182C7B192E30251623687474703A2F2F6C6F676F2E766572697369676E2E636F6D2F76736C6F676F2E676966301D0603551D0E04160414B677FA6948479F5312D5C2EA07327607D1970719300D06092A864886F70D01010B050003820101004AF8F8B003E62C677BE4947763CC6E4CF97D0E0DDCC8B935B9704F63FA24FA6C838C479D3B63F39AF976329591B177BCAC9ABEB1E43121C68195565A0EB1C2D4B1A659ACF163CBB84C1D59904AEF9016281F5AAE10FB8150380C6CCCF13DC3F563E3B3E321C92439E9FD156646F41B11D04D73A37D46F93DEDA85F62D4F13FF8E074572B189D81B4C428DA9497A570EBAC1DBE0711F0D5DBDDE58CF0D532B083E657E28FBFBEA1AABF3D1DB5D438EAD7B05C3A4F6A3F8FC0666C63AAE9D9A416F481D195140E7DCD9534D9D28F7073817B9C7EBD9861D845879890C5EB8630C635BFF0FFC35588834BEF05920671F2B89893B7ECCD8261F138E64F97982A5A8D
2620
DxDiag.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}
(default)
2620
DxDiag.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device
(default)
2620
DxDiag.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device
(default)
2620
DxDiag.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}
(default)
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}
(default)
DxDiagClassObject Class
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider
(default)
DxDiagProvider Class
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer
(default)
DxDiag.DxDiagClassObject.1
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID
(default)
{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1
(default)
DxDiagClassObject Class
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID
(default)
{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject
(default)
DxDiagClassObject Class
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32
(default)
C:\Windows\System32\dxdiagn.dll
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1
(default)
DxDiagProvider Class
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove
(default)
Programmable
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32
ThreadingModel
Apartment
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID
(default)
DxDiag.DxDiagClassObject.1
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer
(default)
DxDiag.DxDiagClassObject.1
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID
(default)
DxDiag.DxDiagClassObject
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectX Diagnostic Tool
DxDiag In SystemInfo
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectX Diagnostic Tool
DxDiag In DirectDraw
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectX Diagnostic Tool
DxDiag In DirectSound
1
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\DirectSound\Speaker Configuration
Speaker Configuration
4
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectX Diagnostic Tool
DxDiag In DirectSound
3
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
ID
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Name
DxDiag.exe
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectX Diagnostic Tool
DxDiag In DirectSound
2
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
Name
DxDiag.exe
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectX Diagnostic Tool
DxDiag In DirectDraw
3
2620
DxDiag.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectX Diagnostic Tool
DxDiag In DirectDraw
2
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
setupapi.app.log
4096
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectX Diagnostic Tool
DxDiag In DirectShow
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yuy2
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000007669647300001000800000AA00389B71000000000000000000000000000000007975793200001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
FriendlyName
Microsoft RLE
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
CLSID
{D76E2820-1563-11CF-AC98-00AA004C0FA9}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
FriendlyName
Intel IYUV codec
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
ClassManagerFlags
0
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000007669647300001000800000AA00389B71000000000000000000000000000000006D726C6500001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000007669647300001000800000AA00389B71000000000000000000000000000000006979757600001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\uyvy
FriendlyName
Microsoft YUV
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yuy2
ClassManagerFlags
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvyu
ClassManagerFlags
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
FccHandler
iyuv
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\uyvy
ClassManagerFlags
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yuy2
FccHandler
yuy2
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
CLSID
{D76E2820-1563-11CF-AC98-00AA004C0FA9}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
ClassManagerFlags
0
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\msvc
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000007669647300001000800000AA00389B71000000000000000000000000000000006D73766300001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\msvc
FccHandler
msvc
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvyu
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000007669647300001000800000AA00389B71000000000000000000000000000000007976797500001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\msvc
ClassManagerFlags
0
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\uyvy
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000007669647300001000800000AA00389B71000000000000000000000000000000007579767900001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvyu
FriendlyName
Microsoft YUV
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvyu
FccHandler
yvyu
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yuy2
CLSID
{D76E2820-1563-11CF-AC98-00AA004C0FA9}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\uyvy
CLSID
{D76E2820-1563-11CF-AC98-00AA004C0FA9}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
FccHandler
mrle
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\msvc
FriendlyName
Microsoft Video 1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\uyvy
FccHandler
uyvy
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yuy2
FriendlyName
Microsoft YUV
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvyu
CLSID
{D76E2820-1563-11CF-AC98-00AA004C0FA9}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\msvc
CLSID
{D76E2820-1563-11CF-AC98-00AA004C0FA9}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
FriendlyName
Intel IYUV codec
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000007669647300001000800000AA00389B71000000000000000000000000000000006934323000001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvu9
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000007669647300001000800000AA00389B71000000000000000000000000000000007976753900001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvu9
ClassManagerFlags
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
FccHandler
i420
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvu9
CLSID
{D76E2820-1563-11CF-AC98-00AA004C0FA9}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvu9
FriendlyName
Toshiba YUV Codec
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
CLSID
{D76E2820-1563-11CF-AC98-00AA004C0FA9}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
ClassManagerFlags
0
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvu9
FccHandler
yvu9
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\17IMA ADPCM
FriendlyName
IMA ADPCM
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\7CCITT u-Law
CLSID
{6A08CF80-0E18-11CF-A24D-0020AFD79767}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\85MPEG Layer-3
FriendlyName
MPEG Layer-3
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Speakers (Realtek AC'97 Audio)
FriendlyName
Speakers (Realtek AC'97 Audio)
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default WaveOut Device
CLSID
{E30629D1-27E5-11CE-875D-00608CB78066}
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711
aFormatTagCache
010000001000000006000000120000000700000012000000
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711
cFilterTags
0
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\2Microsoft ADPCM
CLSID
{6A08CF80-0E18-11CF-A24D-0020AFD79767}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Microphone (Realtek AC'97 Audio
CLSID
{E30629D2-27E5-11CE-875D-00608CB78066}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Speakers (Realtek AC'97 Audio)
CLSID
{E30629D1-27E5-11CE-875D-00608CB78066}
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711
cFormatTags
3
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm
fdwSupport
1
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm
cFormatTags
2
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\1PCM
CLSID
{6A08CF80-0E18-11CF-A24D-0020AFD79767}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\1PCM
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000AA00389B71000000000000000000000000000000000100000000001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\6CCITT A-Law
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000AA00389B71000000000000000000000000000000000600000000001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\2Microsoft ADPCM
AcmId
2
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default WaveOut Device
FilterData
02000000000020000100000000000000307069330200000000000000010000000000000000000000307479330000000038000000480000006175647300001000800000AA00389B7100000000000000000000000000000000
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default WaveOut Device
WaveOutId
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\17IMA ADPCM
AcmId
17
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default WaveOut Device
FriendlyName
Default WaveOut Device
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device
FriendlyName
Default DirectSound Device
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\6CCITT A-Law
CLSID
{6A08CF80-0E18-11CF-A24D-0020AFD79767}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\49GSM 6.10
CLSID
{6A08CF80-0E18-11CF-A24D-0020AFD79767}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Speakers (Realtek AC'97 Audio)
WaveOutId
0
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Realtek AC'97 Audio)
FilterData
0200000000002000010000000000000030706933020000000000000013000000000000000000000030747933000000005801000068010000317479330000000058010000780100003274793300000000580100008801000033747933000000005801000098010000347479330000000058010000A8010000357479330000000058010000B8010000367479330000000058010000C8010000377479330000000058010000D8010000387479330000000058010000E8010000397479330000000058010000F80100003A7479330000000058010000080200003B7479330000000058010000180200003C7479330000000058010000280200003D7479330000000058010000380200003E7479330000000058010000480200003F7479330000000058010000580200004074793300000000580100006802000041747933000000005801000078020000427479330000000058010000880200006175647300001000800000AA00389B710100000000001000800000AA00389B710900000000001000800000AA00389B710300000000001000800000AA00389B714902000000001000800000AA00389B714002000000001000800000AA00389B714102000000001000800000AA00389B7103000000EA0C1000800000AA00389B7104000000EA0C1000800000AA00389B7105000000EA0C1000800000AA00389B7106000000EA0C1000800000AA00389B7108000000EA0C1000800000AA00389B7109000000EA0C1000800000AA00389B710A000000EA0C1000800000AA00389B710B000000EA0C1000800000AA00389B710C000000EA0C1000800000AA00389B710D000000EA0C1000800000AA00389B710800000000001000800000AA00389B719200000000001000800000AA00389B716401000000001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610
cFilterTags
0
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Microphone (Realtek AC'97 Audio
FilterData
02000000000020000000000000000000
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Line In (Realtek AC'97 Audio)
FriendlyName
Line In (Realtek AC'97 Audio)
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Line In (Realtek AC'97 Audio)
CLSID
{E30629D2-27E5-11CE-875D-00608CB78066}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Speakers (Realtek AC'97 Audio)
ClassManagerFlags
2
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Realtek AC'97 Audio)
CLSID
{79376820-07D0-11CF-A24D-0020AFD79767}
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm
fdwSupport
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\17IMA ADPCM
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000AA00389B71000000000000000000000000000000001100000000001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm
cFilterTags
0
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Microsoft GS Wavetable Synth
FilterData
02000000000020000100000000000000307069330200000000000000010000000000000000000000307479330000000038000000480000006D69647300001000800000AA00389B7100000000000000000000000000000000
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm
aFormatTagCache
01000000100000001100000014000000
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm
cFilterTags
0
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\6CCITT A-Law
AcmId
6
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Microsoft GS Wavetable Synth
CLSID
{07B65360-C445-11CE-AFDE-00AA006C14F4}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device
FriendlyName
Default MidiOut Device
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device
MidiOutId
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Speakers (Realtek AC'97 Audio)
FilterData
02000000000020000100000000000000307069330200000000000000010000000000000000000000307479330000000038000000480000006175647300001000800000AA00389B7100000000000000000000000000000000
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Realtek AC'97 Audio)
FriendlyName
DirectSound: Speakers (Realtek AC'97 Audio)
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\1PCM
FriendlyName
PCM
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\2Microsoft ADPCM
FriendlyName
Microsoft ADPCM
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device
FilterData
02000000000080000100000000000000307069330200000000000000010000000000000000000000307479330000000038000000480000006D69647300001000800000AA00389B7100000000000000000000000000000000
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm
aFormatTagCache
01000000100000000200000032000000
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\85MPEG Layer-3
AcmId
85
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Line In (Realtek AC'97 Audio)
WaveInId
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Microsoft GS Wavetable Synth
FriendlyName
Microsoft GS Wavetable Synth
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device
FilterData
0200000000008000010000000000000030706933020000000000000013000000000000000000000030747933000000005801000068010000317479330000000058010000780100003274793300000000580100008801000033747933000000005801000098010000347479330000000058010000A8010000357479330000000058010000B8010000367479330000000058010000C8010000377479330000000058010000D8010000387479330000000058010000E8010000397479330000000058010000F80100003A7479330000000058010000080200003B7479330000000058010000180200003C7479330000000058010000280200003D7479330000000058010000380200003E7479330000000058010000480200003F7479330000000058010000580200004074793300000000580100006802000041747933000000005801000078020000427479330000000058010000880200006175647300001000800000AA00389B710100000000001000800000AA00389B710900000000001000800000AA00389B710300000000001000800000AA00389B714902000000001000800000AA00389B714002000000001000800000AA00389B714102000000001000800000AA00389B7103000000EA0C1000800000AA00389B7104000000EA0C1000800000AA00389B7105000000EA0C1000800000AA00389B7106000000EA0C1000800000AA00389B7108000000EA0C1000800000AA00389B7109000000EA0C1000800000AA00389B710A000000EA0C1000800000AA00389B710B000000EA0C1000800000AA00389B710C000000EA0C1000800000AA00389B710D000000EA0C1000800000AA00389B710800000000001000800000AA00389B719200000000001000800000AA00389B716401000000001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectX Diagnostic Tool
DxDiag In SystemInfo
3
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\cvid
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000007669647300001000800000AA00389B71000000000000000000000000000000006376696400001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm
cFormatTags
2
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\49GSM 6.10
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000AA00389B71000000000000000000000000000000003100000000001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\2Microsoft ADPCM
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000AA00389B71000000000000000000000000000000000200000000001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\cvid
CLSID
{D76E2820-1563-11CF-AC98-00AA004C0FA9}
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm
cFormatTags
2
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\17IMA ADPCM
CLSID
{6A08CF80-0E18-11CF-A24D-0020AFD79767}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\6CCITT A-Law
FriendlyName
CCITT A-Law
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\7CCITT u-Law
FriendlyName
CCITT u-Law
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Microsoft GS Wavetable Synth
MidiOutId
0
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device
CLSID
{79376820-07D0-11CF-A24D-0020AFD79767}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device
DSGuid
{00000000-0000-0000-0000-000000000000}
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610
cFormatTags
2
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610
aFormatTagCache
01000000100000003100000014000000
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm
aFormatTagCache
0100000010000000550000001E000000
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\1PCM
AcmId
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\7CCITT u-Law
AcmId
7
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\85MPEG Layer-3
CLSID
{6A08CF80-0E18-11CF-A24D-0020AFD79767}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\cvid
FriendlyName
Cinepak Codec by Radius
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\cvid
FccHandler
cvid
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\cvid
ClassManagerFlags
0
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711
fdwSupport
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\7CCITT u-Law
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000AA00389B71000000000000000000000000000000000700000000001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\49GSM 6.10
AcmId
49
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\85MPEG Layer-3
FilterData
0200000000002000020000000000000030706933000000000000000001000000000000000000000030747933000000006000000070000000317069330800000000000000010000000000000000000000307479330000000060000000800000006175647300001000800000AA00389B71000000000000000000000000000000005500000000001000800000AA00389B71
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Line In (Realtek AC'97 Audio)
FilterData
02000000000020000000000000000000
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610
fdwSupport
1
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm
cFilterTags
0
2620
DxDiag.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm
fdwSupport
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\49GSM 6.10
FriendlyName
GSM 6.10
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Microphone (Realtek AC'97 Audio
FriendlyName
Microphone (Realtek AC'97 Audio
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Microphone (Realtek AC'97 Audio
WaveInId
0
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{33D9A762-90C8-11D0-BD43-00A0C911CE86}\Microphone (Realtek AC'97 Audio
ClassManagerFlags
2
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device
CLSID
{07B65360-C445-11CE-AFDE-00AA006C14F4}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\ActiveMovie\devenum\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\DirectSound: Speakers (Realtek AC'97 Audio)
DSGuid
{E602C5A2-9378-42F9-9806-A74C065977F6}
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectX Diagnostic Tool
DxDiag In SystemInfo
4
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication
Name
DXDIAG.EXE
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication
MostRecentStart
44BC4FCFAB09D801
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication
Id
DXDIAG.EXE4A5BC31000040A00
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectInput\MostRecentApplication
Version
00080000
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectX Diagnostic Tool
DxDiag In DirectInput
1
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectInput\DXDIAG.EXE4A5BC31000040A00
Name
DXDIAG.EXE
2620
DxDiag.exe
write
HKEY_CURRENT_USER\Software\Microsoft\DirectInput\DXDIAG.EXE4A5BC31000040A00
UsesMapper
00000000

Files activity

Executable files
12
Suspicious files
29
Text files
86
Unknown types
12

Dropped files

PID
Process
Filename
Type
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Overwolf\InstallerCache\OWResources.dll
executable
MD5: 06607cc3495360d486a09f4e32e6c6c5
SHA256: 22f5f56dccf35a7ca5fb5a138a538f78738eb8fdd2e6f4fdec1c980e2160e8d2
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\OWInstaller.exe
executable
MD5: 437bd6f8a674d7f60b9a6c49f3f40edc
SHA256: 409b1d25faadd555d4eebef970378641eae347e06f36e2b82e33009c49eeb178
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\nsis7z.dll
executable
MD5: 8bc34305598f5fabed471a86a0133642
SHA256: ae7f725d7d37ca8b6639060c2bb4ea0bacfb59d281523411ebd048af67393fbd
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\utils.dll
executable
MD5: aad3f2ecc74ddf65e84dcb62cf6a77cd
SHA256: 1cc004fcce92824fa27565b31299b532733c976671ac6cf5dbd1e0465c0e47e8
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\INetC.dll
executable
MD5: 640bff73a5f8e37b202d911e4749b2e9
SHA256: c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\uac.dll
executable
MD5: adb29e6b186daa765dc750128649b63d
SHA256: 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\System.dll
executable
MD5: 7399323923e3946fe9140132ac388132
SHA256: 5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
3980
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsxEA06.tmp\System.dll
executable
MD5: 7399323923e3946fe9140132ac388132
SHA256: 5a1c20a3e2e2eb182976977669f2c5d9f3104477e98f74d69d2434e79b92fdc3
3980
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsxEA06.tmp\UserInfo.dll
executable
MD5: 9301577ff4d229347fe33259b43ef3b2
SHA256: 090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\UserInfo.dll
executable
MD5: 9301577ff4d229347fe33259b43ef3b2
SHA256: 090c4bc8dc534e97b3877bd5115eb58b3e181495f29f231479f540bab5c01edc
3980
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsxEA06.tmp\uac.dll
executable
MD5: adb29e6b186daa765dc750128649b63d
SHA256: 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
3980
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsxEA06.tmp\nsProcess.dll
executable
MD5: f0438a894f3a7e01a4aae8d1b5dd0289
SHA256: 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
2620
DxDiag.exe
C:\Users\admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
text
MD5: 376d9fe720b7797b9d76853cbaa3cd5c
SHA256: 38b1e45a6b8324cb46c8180f7278294c7d7bd5b83d2247110e84105029dbf938
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Overwolf\Temp\e7b36957b5e442208ed533a108d95d00
text
MD5: 376d9fe720b7797b9d76853cbaa3cd5c
SHA256: 38b1e45a6b8324cb46c8180f7278294c7d7bd5b83d2247110e84105029dbf938
2620
DxDiag.exe
C:\Windows\INF\setupapi.app.log
ini
MD5: 2301d5ad16b157fa9bfd5f21a041d704
SHA256: 263601edea5c321f220c24398eacc18e2d19d66a2cb9b8b53231ceaeec878bb9
2620
DxDiag.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
compressed
MD5: acaeda60c79c6bcac925eeb3653f45e0
SHA256: 6b0ceccf0103afd89844761417c1d23acc41f8aebf3b7230765209b61eee5658
2620
DxDiag.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
binary
MD5: ac45c30be0b50ce398a3becddef1cade
SHA256: 98ea88fb6c3305bf844ef6e19e3233fa40ef2b887923d406c36141749d26ecd2
2620
DxDiag.exe
C:\Users\admin\AppData\Local\Temp\Cab926.tmp
compressed
MD5: acaeda60c79c6bcac925eeb3653f45e0
SHA256: 6b0ceccf0103afd89844761417c1d23acc41f8aebf3b7230765209b61eee5658
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\block_inputs[1].js
text
MD5: 78958110509900367e8bd8f6fe554e70
SHA256: b2a763b225eee36970d4525500d538ed2efb00cfb2fed01b13ccc4d98beeab57
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\progress-app-image-02[1].png
image
MD5: 9626ec7a1330f4fa65abb37f08ff6421
SHA256: 9363bf7bf35a32278d95b8410bda989c63d9cd09fa17fdcb04d93aef1d433b3c
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\Outplayed_Inc.-U.GG_Iconb4a70186-13cc-4ee8-985c-46150bb4f580[1].png
image
MD5: 70fb10354e2441312edab5cd4b4a9db2
SHA256: 34679afc37472b6f09c1ed9fd38a52ebda4a8165179dbad988821dd1cd03bc9a
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\progress-app-image-01[1].png
image
MD5: 6276c4f73df3a91718a12878c63dcf24
SHA256: 032335dca37195df73cef1fc5f019bc8705284c3226dbdd54f81d61b714c4915
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Lato-Regular[1].eot
binary
MD5: 8ab18d934cfa1e51dc8273cd8585387e
SHA256: e735410675eacc363b257112f39eb819a854b03077d7b1f0caa6e7660ffbd8b3
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\progress-app-image-03[1].png
image
MD5: 38ead88ccac4d4f8077e265aafc186bc
SHA256: 827f9bd53d624da1397e0f8d3a68fa96bbe7146b74f6ea8af5cd6acfc3839cd5
2620
DxDiag.exe
C:\Users\admin\AppData\Local\Temp\Tar927.tmp
cat
MD5: d99661d0893a52a0700b8ae68457351a
SHA256: bdd5111162a6fa25682e18fa74e37e676d49cafcb5b7207e98e5256d1ef0d003
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\jquery-1.10.2.min[1].js
text
MD5: f5181545817b45e967869df84ad33f49
SHA256: a881c47a88411a1c65c5107537c9253d4d4db16b57db5cf0201bee1a9f2f30b2
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\fonts[1].css
text
MD5: 2778c70161bb0aec49f4207e1430bf63
SHA256: 086aa3af6429d74fcf04ec1f5e870145cc6309a6c4c0c22c2d46f3560d7d587d
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\progress[1].css
text
MD5: 1d66bac6d892d75acd1ca5fe4fd39974
SHA256: be69261940925377fede26433a0431e2fc1521f107525f68fbc3af3ff2818044
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\progress[1].htm
html
MD5: 8fe162483b4326f4c8ca4c1fe8840607
SHA256: 130ca6bf6c0b02c38daaf818fceb078617cf6e5f2f582fdcaa47134899fff3e0
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\S6uyw4BMUTPHvxg[1].eot
obj
MD5: 5a156ccb6a29e18244ce2c3a47bab428
SHA256: ecdef1f56bd7144250b1cdb5b8c1be73b038ce73cb6eb167b6801e141f973437
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\reset[1].css
text
MD5: d29f1cfab4739a8757e86b90ee9a745f
SHA256: a5d4254113dc8ec027bc30da0df9dde7c39583b024660fccca1e949d1db70f90
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\style[1].css
text
MD5: bde238bc90d90deecbdfebadafbac483
SHA256: 06fa8be623a7a52f8a45976fae5209b9d539b1e849755d50de9a3d2de0b9881b
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_1160E11B9377D569BC114C731E94B72F
der
MD5: 16d3f9ab9906795a97d054c743d7e35f
SHA256: 35eab9b4604650214054008310c2665f30fb12bc3fc3865a1277318786f67a3b
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_1160E11B9377D569BC114C731E94B72F
binary
MD5: b37bb82952f6d77332301b14410b86c4
SHA256: e5216411b3d37463d9359db69189d9330493ea5e3113ec2c020ee938faa004f2
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FC5A820A001B41D68902E051F36A5282_A0C68A8EAF42436B55AC3E40D5B98086
der
MD5: 720e9e190fbc61dd9bbac2cb7f252934
SHA256: 58ddee420fcf45ac807cca5afd09f29b876ad334700ac6d35f914052cf6b40f4
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
der
MD5: 2663bed1f902bed00647b84fabbf8dea
SHA256: 7a3c6a8be401f6de91999c00919ea0f3bdcf80d06eb0e8a15d801f8f9a465de9
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FC5A820A001B41D68902E051F36A5282_A0C68A8EAF42436B55AC3E40D5B98086
binary
MD5: baf6a8e74d3589140cecacf7808814a4
SHA256: 567a87126783e4f6cf945eafaccadf13f016ebf8db7dfa03b3832b16ac24909a
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\vendor-list[1].json
text
MD5: 5cadc9e0e7cb78fa03d2d312211c7243
SHA256: f8845dfbc0e20f22fc59d875d267c2d1bdb41b59c7e0f04807ea7ca4c44f7880
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Outplayed_Inc.-U.GG_Tileb4a70186-13cc-4ee8-985c-46150bb4f580[1].jpg
image
MD5: a9867d9965a76b0e97cb12d4db81554b
SHA256: cbf62d2b52526389cd018a9253a63579b45ff5d03b5e65277a9f020a75bcb7ef
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
der
MD5: c4815bbdddd37a45a6df78b6c330d07c
SHA256: 29e78bf056e19e529bd143d9c325ae9ff506c0b25b5b8c477171575d5d081186
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
binary
MD5: 614eb67b06e57a346e3459bc5ab430fe
SHA256: 9173e1203ac0f290c8ac70151efa4632247cf0b8b1437832da72ec7af283ce63
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
binary
MD5: 907fb430cda9be26113d2a7055e40e89
SHA256: 266d52074cd5d363a4c698a5448632968d6fdbf0d7779247253b7172084fe171
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
binary
MD5: 800e8d114a8784da7193a7faf2bdfd78
SHA256: 7dfc27ef16eef1031f8a715d0d19e29375a87b382a411d412d1bacc725ce1eda
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
binary
MD5: 95b2e55663e301152429794ab7d996d7
SHA256: 5e4fcab987b0399926aa5f1e87d6a19e7697b92b5339588d76727de8bffb7a97
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
der
MD5: 64e9b8bb98e2303717538ce259bec57d
SHA256: 76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
binary
MD5: 4777630066572f72b674353cfe4db6c3
SHA256: 2cd85d7224d57653d2dfbb5bc22ddb12944d2618ae87a382b62dd39c01ab7d31
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
der
MD5: 029fb7dd858601813ae129d575d2b242
SHA256: 98dba01c5b1a4c1dd4abe3819dbb8a9846fecc746bee19bc15b4626d4c7b62de
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\vendor-list[1].json
text
MD5: 5cadc9e0e7cb78fa03d2d312211c7243
SHA256: f8845dfbc0e20f22fc59d875d267c2d1bdb41b59c7e0f04807ea7ca4c44f7880
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
der
MD5: 9b980225c891790166a8a8535bb4e178
SHA256: eefabcf46b58056a1447b6a084046fafdbe7d8f512415eff473544202fe1e047
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E5B132B41B26E2FD23A912C0CB5FBCBA
binary
MD5: 3825dcb3bb6e0a1314f6e6552ccda976
SHA256: b06ea32cb9714da1c3fb9b8b5752b9dbddb356a5c2e8ed31336d4439f85ab7f9
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
der
MD5: 1ba78c901bf35f9710be47ae2a6b3d25
SHA256: 7e96651546ae845fcfeb2a1b3149e6b9edb3198cfb4e6a8155c60951c1874585
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\css2[1].css
text
MD5: ef2da293eb453412d551e2aacf87f597
SHA256: ad01895d843b51a32b648f2055ed27b5ca052a1fd2a0cb6269c0f46eaf723f0b
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Overwolf\Settings\bak\SettingsPageBasic.xml.bak
xml
MD5: 51cf29042d6f3f64a7511c3d356c030f
SHA256: 74c6b6383cbb7e95543d9dd4bdb313988cefa5d144241e043c9d91cb19d0a3f9
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
binary
MD5: 200ff4a153c308e343226569fb46b51a
SHA256: 13a674cfb1db026ab33bae8c776f2cb043afe9953c822573a21b383db50f8165
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\privacy\template.js
text
MD5: cf8d2c26520d7c84e560dfa79e31dcd3
SHA256: 95c459eae0edccdb94702aea603a097e461daa0e5f37dcd0e30de7df665433a8
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\privacy\privacy-controller.js
text
MD5: e259df5bd8240ba0d8a24d619e37e588
SHA256: 2c6860f179b9bd2b872c7241d55f949a8bf31cd06dce1adc48c3ff66ab577428
2300
OWinstaller.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
compressed
MD5: f7dcb24540769805e5bb30d193944dce
SHA256: 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\progress\template.js
text
MD5: 92b145e6649ba0add3dee9a69d3fa91e
SHA256: a7128a08bca53dd919cab3e5cb4dab31ded7ae2dafc957209b9fdd23f3b944ab
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\utils\utils.js
text
MD5: a0952ebeab701c05c75710c33d725e7e
SHA256: b4f0c48cbfeaf8141fd44b12031e3f0410cb0cdc313888ffdb14fdf1d2341246
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\settings\template.js
text
MD5: bd2c8bb825b8a10cafea10a03351814c
SHA256: d2a588ff365af6c5c66efaecf3d7592f6e8130f8f0fb974ab4f80e20c63e3c4e
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\settings\settings-controller.js
text
MD5: afb2d2867098374317b703953484f36c
SHA256: b51264009794361db841122ebcdac5cf0d88dd48e64206a3802f7e9b2fe90757
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\progress\progress-1-controller.js
text
MD5: d557ab7af5766c6fbce0120179b7daf1
SHA256: adda31d8cb17ca8018bbe0a51bb837957cb9236c10f011c8203d4eff9c5e112c
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\welcome\template.js
text
MD5: 17f54fca6723b983875d940d931e0afb
SHA256: 42c546e9da748ef76fdab56b96fd511eb607617a9ba37b3dc420148b769d8acb
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Overwolf\Log\InstallerTrace_2300_2022-01-15_01-04.log
text
MD5: ecaa88f7fa0bf610a5a26cf545dcd3aa
SHA256: f1945cd6c19e56b3c1c78943ef5ec18116907a4ca1efc40a57d48ab1db7adfc5
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\cri\template.js
text
MD5: 28decc051786aa95f9eaa105e501c1ad
SHA256: 251a2a256702e0311d74880d94f1dad12faa50522fe574f8cb773347f578f193
2300
OWinstaller.exe
C:\Users\admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml
xml
MD5: 35290ab2f12b9fe5db96a5d2af1c1400
SHA256: 744f22f27f4efe0140672e6f516487baf86f71aef9d1f278a2ec930c061b553a
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\welcome\welcome-controller.js
text
MD5: c85cc870329df47991e4dc4a0ce45346
SHA256: b5b815308ea6421acfce3d03c92f14af1aa78b71c54314a048f051cd16818f19
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\cri\cri-controller.js
text
MD5: 72526c949ff77810c4d74d43e08c238a
SHA256: 8692994ddd20ba435a1999b86f9a2d14070a459b0f2d3746fe221d9de4bd6a94
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\finish-with-recommended-app\finish-with-recommended-app-controller.js
text
MD5: b21fcd37b1c81aadc4dda525db185dd2
SHA256: f13b908106e9994e50288eeb36161819bc39ec36d7247821e2c6017411dc0940
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\finish-with-recommended-app\template.js
text
MD5: 062e24e6af49db893b179e3103217721
SHA256: 6b623c21042933b5dae9da12494dad7e6177173509ab44b13855a7da12c3ec2b
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\finish\template.js
text
MD5: f092de7ea66d8e920b345f38537fa35d
SHA256: b05f111369e12ecb4cdc6526dd554061eb31097aa0de4bd126ddc185b69d922f
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\libs\cmp.bundle.js
text
MD5: ab770f93a2c6d70141f50911b9729a44
SHA256: 0b37387945988a371be4df3f11bebba378b65e55e08b3ac189851dbbdceb1bca
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\main\main-controller.js
text
MD5: 97526b9a07626183532d238a2dda0524
SHA256: 6474221d541e1f20b841b8135ec8253914161bb9eeaa82f1ef338b12d9b52082
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\main\template.js
text
MD5: a118c7724c208f12083240cafccfd10b
SHA256: 63a43bb08403972d0f4b0e381bd264af14e826e0035242bc1baa9a815956b8fc
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\utils\cookies.js
text
MD5: 6c60e675f8c8c68c0174b644d3a63a2a
SHA256: 9d3cb3822e20d6f5157faa02dc69bdaef44576c3fb5523e00aa152107ce30287
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\app.js
text
MD5: 5d61fe70cf5cc2c5fa1ff8a5de745b2c
SHA256: dcd05165e51e6f74fd2a3a844e05ccd84a794f6b35267c6d429843ecb093d651
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\utils\commands.js
text
MD5: 689062672819512a6cc7de16700ba20f
SHA256: c5eb4e0e8f16d4a7bd117eedd947cf26500cc682f0bd0be71c75fa9a0de3a7c2
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\finish\finish-controller.js
text
MD5: af8a66c367387fbf507e029516c1fcce
SHA256: 1e88f053c4981a95db7f20896ef7d517efaa2943263175bd45abf7453e3ebd88
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\models\notifications.js
text
MD5: 750cbb88cd1fab13bd2711671e3b412c
SHA256: 2201a3f04d7372f80e635e5f5012fbd6e9bf5cb9f492e0ca509470aed9626cfe
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\welcome-logo.png
image
MD5: 860785e1633b7a170ec443f4d36551c7
SHA256: 2e3dced384fe419468973dcb074794b1444f48bce8f96217aa5e3a98c34e4c01
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\block_inputs.js
text
MD5: b5b52c92b90f4283a761cb8a40860c75
SHA256: f8dbd6793b35f7a26806f4dabad157aaafdf6d66fad094b50c77d60f223fd544
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\utils\strings-loader.js
text
MD5: 9c94eb933d8a43dd3825e67a7e30c980
SHA256: 96445709fde2613af50f4b8908296d4bfccdccb2d9db9febc34a9bf4dcc70ecf
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\v-check.png
image
MD5: cdd7415f59e5c003dd5956b971a3cde1
SHA256: af10225db6ff7d4b67d00b12f37b211c1f368bb99ae900856b023ce5999dc9ae
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\libs\jquery-1.10.2.min.js
text
MD5: 44e3f0db3e4ab6fedc5758c05cf27591
SHA256: bc44d3631ffef1df7960e359f02002d3ada45ee05205c2cf1edd85da2f518144
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\utils\analytics.js
text
MD5: f3d77a5a5a4958301fa44c42e8c5aa9f
SHA256: bbeef647776288f6cb7c7d209a3126a91958d1c6fdfc9df7a85607d197c421c0
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\windows\modal\modal-controller.js
text
MD5: 92b2c0922f0760ff0012d00288df6814
SHA256: 6f11aba68466ee449a8b20c9fe96a02a5801c1f039c2ae041e2d6b46bad76151
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\js\utils\modal-events-delegate.js
text
MD5: be8209120c313de506c26ace0acf2d28
SHA256: 31bb2794755a0cc7f1cc85cd2c428b78be7ff7d24978e55a2c1cad016bf01c39
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\gs-placeholder.png
image
MD5: a06e249908aea8c9dcbd1ef1416ca0ef
SHA256: dab36a8c711f5146fea8ce299654b06fd1f2599a276ec3dba62aa76d311698a3
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\tile-fallback.png
image
MD5: 0148cc4040f730247ce079e723fc030b
SHA256: d173d88df0d31e3d4f83b299cba4ec031dd286dff2f963e58d747617649108a2
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\icon-fallback.png
image
MD5: 3880ad80fd07870118b0aeb8fff308d4
SHA256: 772fe7450824cb84dbcbc9cdb401278dec1a511ca3ae2cceb073e8bf4dc8fa61
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\progress-01-overwolf.png
image
MD5: 3d98876bb3f09090568aa3ef90a84dc0
SHA256: 4da28ba55f43cc1d03d5cf1eeb040985d3bb5fd2a7230667c871254f006c512e
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\more-info.png
image
MD5: c6911391ca719b6ece307854f40d02be
SHA256: b110d583d920fb1065fc7eb587e4f2a256f99d55eb8a562924e088d9b7a971aa
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\minimize-normal.png
image
MD5: 1bcfd10e50ab56ac335a463ec19b8d33
SHA256: aa2b021cd0dd9563705503dad48866eac926c7ace608ff8d00f755afc509f39b
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\large-logo.png
image
MD5: 91c31a155e202e8ad2c033e61d0bf948
SHA256: 1bfe389c41dc9897a4b1b5a0e495570a0f3671fad73d42307cbde1a82ae1be17
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\progress-02.png
image
MD5: 3781b597e18900a6b779ab588d8a8e21
SHA256: 130eafc5dc7ef993134d0bcff40bfbf11b99d41c63a5c6ad1d70c7ad4db2a5e7
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\progress-app-image-02.png
image
MD5: 9626ec7a1330f4fa65abb37f08ff6421
SHA256: 9363bf7bf35a32278d95b8410bda989c63d9cd09fa17fdcb04d93aef1d433b3c
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\progress-app-image-03.png
image
MD5: 38ead88ccac4d4f8077e265aafc186bc
SHA256: 827f9bd53d624da1397e0f8d3a68fa96bbe7146b74f6ea8af5cd6acfc3839cd5
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\small-logo.png
image
MD5: ef0803e881fe7bba90e5e9ec1678d950
SHA256: 0ee19b8f79232886f6234cc6dc21c0327e90df94a189c5effe1d8a6444543726
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\progress-app-image-01.png
image
MD5: 6276c4f73df3a91718a12878c63dcf24
SHA256: 032335dca37195df73cef1fc5f019bc8705284c3226dbdd54f81d61b714c4915
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\game-summary-logo-48px.png
image
MD5: fd1e55014b976d8fbe95a163c5772321
SHA256: c7b90e011a59c680cdac653abc00253a5637f8da0da05fad1071439b498a4b97
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\icon.ico
image
MD5: b48ea7b5eab0cb7d27b0441ffee2eba2
SHA256: ab6c2f416a0a8f5a23d43c7d1e58c00fab46c039ab29192b80c90633e2746b2e
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\minimize-hover.png
image
MD5: f4b8851b9ef5a55b0d45392baceb31fb
SHA256: d84b877f7a2d601b1d71cf878b33ff78c94c2d144a0f4d72436a7dcf64e712c2
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\plus.png
image
MD5: 28a150c80834701792d39b58fe16e741
SHA256: d25235a308d7b16b6a8694a3eb8935393d124dd3c58380a6c67d4e4f3382e47f
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\header-logo.png
image
MD5: b51f37fbd94cb7d7f45dab73fa5bcfb9
SHA256: e83b38f1f699ed4df739fa632d55a422e6d35b19261081a5bfccd2bc4669c5de
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\game-summary-logo-55px.png
image
MD5: c2328071e081c385a4328c04a587ca18
SHA256: 67a8538695e939d8d141f43cc276b1300b536eedcced08fd7e75071c210ca05c
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\checkbox-checked.png
image
MD5: 6067f0ee8d785e960b2fa9e68b9f5321
SHA256: deb8825e21f9f0153bd769de7e8537c52df5bdda35c32a2e610078f8f0445581
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\bottom-arrow.png
image
MD5: 847fab99890ddd7460e758ad8d463ba9
SHA256: 46bfb08af2269108c681b78373c98e899b4234adce39394322c7dfd6d40dcdac
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\assets\fonts\klavika\KlavikaWebBasicRegular.eot
eot
MD5: 8c176ec2a2ccf48958f8cbfc5114818f
SHA256: 83f615ecdb758eb2fd5357b89a9e0424bba9ce66ba2f8ccd93986f7d03998b5b
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\assets\fonts\klavika\KlavikaWebBasicMedium.eot
eot
MD5: ddd851603ecdbf74a113ae2e741fb487
SHA256: 41146279fcb503008ab14c89e3e9a1737dc92499b07e36f9bbbd40b82dc3a793
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\css\styles.min.css
text
MD5: 078c3016623970a6e1094a8cdec0fbea
SHA256: bfc43568d6e660448151eb1c94f952b33f9635840d0d543a137a1f081a440434
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\pl\messages.json
binary
MD5: f9f4e5ce292e058531936ca97cb313b1
SHA256: a598e57e0abf994f844c74a619720d5df292ba56890e7c89e17e0e7e38ce7875
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\bottom-arrow-hover.png
image
MD5: f5d76b21fcab6cc89fd0ebc1089c2c26
SHA256: 3b8043e64994a53126afe1250b80fa2934196c3305bf93fd3e7a6963867a6eb9
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\close-normal.png
image
MD5: 1acb62ec3fa5a82347c330512f2259d6
SHA256: e8bd82cb680ae552f587a3f0bdc1df18fc7624dffec501840cc508d327baeec3
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\ko\messages.json
binary
MD5: c72bc3793d108b3e05a0e7944ef72e11
SHA256: 5c8d16bc1071f1f8d25156da61dcbbb387071c2ab8a1510f669ecb9e52924a8b
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\tr\messages.json
binary
MD5: 02dd714649f0ead8fd38df75279e90b0
SHA256: 47a9a7645965296904103e882f0e7c4e8694caeb83e13b6bddc5d3b04c63e714
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\big-icon-fallback.png
image
MD5: 435663128120e807ec9c33d5b277198a
SHA256: 46b318ffab431aa7f0559560632c0eca28a0527fe9ec766e947d3b49708e3de5
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\pt\messages.json
binary
MD5: 916e94cfce91101e20b118d80ccbd30c
SHA256: 5f2dddcb00c121f209e4d6f44ae55ac07532400c81a44e6e3810d247d4d893e4
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\zh\messages.json
binary
MD5: 8cb68c887a3376c48e55ee2a9d4d8c52
SHA256: d9acafed88c65dfc17dfde2c4f4db8e5ead7afca8c8cd9005fa319c0e68cea34
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\assets\fonts\lato\LatoLatin-Regular.eot
binary
MD5: 6cfad5881181ae658a6efdd68889a690
SHA256: c6c970b103b3c3aa83f7a45172619a4451ea5f015f9f3ef4fd08c9a4aa895cbc
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\ja\messages.json
binary
MD5: 5da481d053c7d3c0584f136cc6d474a5
SHA256: 30ed00f75a48829a374f94a332973cce073f8df0f137a06eba28ab4664db7916
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\close-hover.png
image
MD5: 5b691eb1c6836563447358b108bc9f39
SHA256: aaad22634eed5977eb3a690652f16f4efda3143dfb0c165cd391bd862de6eef0
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\images\game-summary-logo-40px.png
image
MD5: 37f173c89a2bf5a1a2c81ce36afa7f33
SHA256: 8d9659cea3b2b19c2f4f270c1d4ec5b202a397fe6ae8cd5aa22653b42e28d4b0
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\ru\messages.json
binary
MD5: c52d78c02da6914862c1cc59867b89a8
SHA256: 8a55096b5890d7b74b3b950b37d62a00886ddb22f6e093f3418070e6991d3abf
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\it\messages.json
binary
MD5: 6ed5bdd8865268f5eedb3b88be40c5ed
SHA256: fb4dacc873418a8fe8155948a76455d0f12e60bcd991bf6e0343b81f779f116e
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\fr\messages.json
binary
MD5: 10c1a379d043adb0ff48600d673eeeeb
SHA256: 6ffe01cb7482beebc1604ccd29ce2142d2ca172d996c2a954de72f8d21f0b2c8
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\es\messages.json
binary
MD5: 69d1e783b7214f452be272364e732cd5
SHA256: 21c2d92ed2552ec049cf4e039a9a425bf740893c6cec85f55a4e10e40e52ff2a
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\vi\messages.json
binary
MD5: ae6a5f6dd8233b5a561c9efb43e727b4
SHA256: 2994a35caa43c021dc239074b45ba15066ac1f2b67eae718469468b9a5bd61dd
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\de\messages.json
binary
MD5: 78ec264bf985b0393f3cf6f6c650eb23
SHA256: ac9dd27a1f4db976fb741514e7e4d70047f988b79422b6994e9469e1d9e7714f
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\_locales\en\messages.json
binary
MD5: e03e54e86696bca192775a64028a945c
SHA256: f745e941fa4d0651c3aea6c17023b94bb52bbc27dd0b3a15fccffe90e396f199
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\cmp.html
html
MD5: 7c4c64c1c57183740825417cab13824e
SHA256: 10fdd5b9288580da92318e5306c753a16d97463ce9c620d90b4fd0702ff27216
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\index.html
html
MD5: 7d3e8c3819dd12273bf0581a1293e4e8
SHA256: e0a21b254c77b39af6b9cd3208a8e9231f819dfe880864115ef571f3dbf367b5
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\OWInstaller.exe.config
xml
MD5: 4bf2a039cd2cf37cf37c19f2912996e0
SHA256: ec7c6bc4205712a0a78c68f7f0f762ac7e62276720a61a6877a94f6a573f0aa7
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Counter[1]
text
MD5: 99914b932bd37a50b983c5e7c90ae93b
SHA256: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\progress.html
html
MD5: 0cf09e9eb7f61390605084d09f2ae54c
SHA256: 7d12fc37c854707f57b19c0e1e49922dd1580638d02cd55ff466aadb0237484b
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Temp\nsjEC1A.tmp\app\manifest.json
binary
MD5: d13ac7acbad20d60dfa1dfec462ab375
SHA256: 7c351ecfc9d1646253eaed45e8260f67736b048cef316b00b7240e273eda4557
2528
run_this_if_you_got_balls.exe
C:\Users\admin\AppData\Local\Overwolf\OWInstall.log
text
MD5: 07e605d2d7609cf336ea1708e86b5a0c
SHA256: c69ad6c6a1d6d89336e18db86a6c852ab60c0ceb367c79922807e55de7be49dd

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
24
TCP/UDP connections
23
DNS requests
13
Threats
5

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2528 run_this_if_you_got_balls.exe GET 200 69.16.175.42:80 http://analyticsnew.overwolf.com/analytics/Counter?Name=installer_uac_action&Value=1&Extra=%5b%7b%22Name%22%3a%22installer_version%22%2c%22Value%22%3a%222.189.0.3%22%7d%5d US
text
malicious
2300 OWinstaller.exe GET 200 69.16.175.42:80 http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=2.187.0.5&PartnerID=4204&Name=Manual_Funnel2_Installer_Launched&Value=1&UserName=&GameSessionId=&owver=0.187.0.4&MUID=21859394-9b15-41ba-bda6-e12e02f6e7ed US
text
malicious
2300 OWinstaller.exe GET 200 142.250.185.174:80 http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=89541436&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=933112528&utmr=/&utmp=/&utmac=UA-80584726-1&utmcc=__utma%3D0.1426785178.1642208647.1642208647.1642208647.2%3B%2B__utmz%3D0.1642208647.1.1.utmcsr%3D(direct)%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5(Funnel2*Installer%20Launched*2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client)()&gaq=1&utmt=event US
image
shared
2300 OWinstaller.exe GET 200 142.250.185.174:80 http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=392705709&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=610439727&utmr=/&utmp=/&utmac=UA-18298709-8&utmcc=__utma%3D0.1426785178.1642208647.1642208647.1642208647.2%3B%2B__utmz%3D0.1642208647.1.1.utmcsr%3D(direct)%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5(Funnel2*Installer%20Launched*2.0.50727%20SP2%2C%203.0%20SP2%2C%203.5%20SP1%2C%204%20Client%2C%204%20Full%2C%204.0%20Client)()&gaq=1&utmt=event US
image
shared
2300 OWinstaller.exe GET 200 69.16.175.42:80 http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=2.187.0.5&PartnerID=4204&Name=Manual_Installer_Launched&Value=1&UserName=&GameSessionId=&owver=0.187.0.4&MUID=21859394-9b15-41ba-bda6-e12e02f6e7ed US
text
malicious
2300 OWinstaller.exe GET 200 69.16.175.42:80 http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=2.187.0.5&PartnerID=4204&Name=installer_webbrowser_init&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522ver%2522%252c%2522Value%2522%253a%252211.0.9600.19597%2522%257d%255d&owver=0.187.0.4&MUID=21859394-9b15-41ba-bda6-e12e02f6e7ed US
text
malicious
2300 OWinstaller.exe GET 200 69.16.175.42:80 http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=2.187.0.5&PartnerID=4204&Name=installer_error_message&Value=22012&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522state%2522%252c%2522Value%2522%253anull%257d%252c%257b%2522Name%2522%253a%2522sel_app%2522%252c%2522Value%2522%253a%2522edoaelkdajnifpnkdfillhjpaimimibflhkhjngh%2522%257d%252c%257b%2522Name%2522%253a%2522sel_app_channel%2522%252c%2522Value%2522%253a%2522%2522%257d%255d&owver=0.187.0.4&MUID=21859394-9b15-41ba-bda6-e12e02f6e7ed US
text
malicious
2300 OWinstaller.exe GET 200 41.63.96.0:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?98f83552be6cf29d ZA
compressed
whitelisted
2300 OWinstaller.exe GET 200 41.63.96.0:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?43a6774294a0ca58 ZA
compressed
whitelisted
2300 OWinstaller.exe GET 200 41.63.96.0:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?52a47d7c98ee5bcf ZA
compressed
whitelisted
2300 OWinstaller.exe GET 200 65.9.62.120:80 http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D US
der
shared
2300 OWinstaller.exe GET 200 99.86.3.68:80 http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D US
der
whitelisted
2300 OWinstaller.exe GET 200 99.86.3.143:80 http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D US
der
whitelisted
2300 OWinstaller.exe GET 200 142.250.186.67:80 http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D US
der
shared
2300 OWinstaller.exe GET 200 142.250.186.67:80 http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D US
der
shared
2300 OWinstaller.exe GET 200 142.250.186.67:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGmSmALa8169CgAAAAEn3NM%3D US
der
shared
2300 OWinstaller.exe GET 200 65.9.62.149:80 http://ocsp.sca1b.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQz9arGHWbnBV0DFzpNHz4YcTiFDQQUWaRmBlKge5WSPKOUByeWdFv5PdACEAIHhk7FOY2vN1bTEdS40NI%3D US
der
whitelisted
2300 OWinstaller.exe GET 200 142.250.186.67:80 http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEG9FXshPqpwWCgAAAAEn3MY%3D US
der
shared
2620 DxDiag.exe GET 200 41.63.96.0:80 http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?96f3b2bfaa4b7a2d ZA
compressed
whitelisted
2300 OWinstaller.exe GET 200 142.250.185.174:80 http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=19942067&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=549660094&utmr=/&utmp=/&utmac=UA-80584726-1&utmcc=__utma%3D0.1426785178.1642208647.1642208647.1642208647.2%3B%2B__utmz%3D0.1642208647.1.1.utmcsr%3D(direct)%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5(Installer*Installer%20Exit*Cancelled%20before%20download)()&gaq=1&utmt=event US
image
shared
2300 OWinstaller.exe GET 200 69.16.175.42:80 http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=2.187.0.5&PartnerID=4204&Name=Manual_Installer_Installer_Exit&Value=1&UserName=&GameSessionId=&owver=0.187.0.4&MUID=21859394-9b15-41ba-bda6-e12e02f6e7ed US
text
malicious
2300 OWinstaller.exe GET 200 69.16.175.42:80 http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=2.187.0.5&PartnerID=4204&Name=Manual_Finish_CancelBeforDownload&Value=1&UserName=&GameSessionId=&owver=0.187.0.4&MUID=21859394-9b15-41ba-bda6-e12e02f6e7ed US
text
malicious
2300 OWinstaller.exe GET 200 142.250.185.174:80 http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=378747094&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=244357975&utmr=/&utmp=/&utmac=UA-18298709-8&utmcc=__utma%3D0.1426785178.1642208647.1642208647.1642208647.2%3B%2B__utmz%3D0.1642208647.1.1.utmcsr%3D(direct)%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5(Installer*Installer%20Exit*Cancelled%20before%20download)()&gaq=1&utmt=event US
image
shared
2300 OWinstaller.exe GET 200 69.16.175.42:80 http://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=2.187.0.5&PartnerID=4204&Name=installer_cancel_before_download&Value=1&UserName=&GameSessionId=&owver=0.187.0.4&MUID=21859394-9b15-41ba-bda6-e12e02f6e7ed US
text
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2528 run_this_if_you_got_balls.exe 69.16.175.42:80 Highwinds Network Group, Inc. US malicious
2300 OWinstaller.exe 142.250.185.174:80 Google Inc. US whitelisted
2300 OWinstaller.exe 142.250.186.138:443 Google Inc. US whitelisted
2300 OWinstaller.exe 41.63.96.0:80 Limelight Networks, Inc. ZA suspicious
2300 OWinstaller.exe 65.9.62.120:80 AT&T Services, Inc. US unknown
2300 OWinstaller.exe 99.86.3.68:80 AT&T Services, Inc. US whitelisted
2300 OWinstaller.exe 142.250.186.67:80 Google Inc. US whitelisted
2300 OWinstaller.exe 99.86.3.143:80 AT&T Services, Inc. US whitelisted
2300 OWinstaller.exe 13.35.253.89:443 US suspicious
2300 OWinstaller.exe 65.9.62.149:80 AT&T Services, Inc. US whitelisted
2300 OWinstaller.exe 142.250.74.195:443 Google Inc. US whitelisted
2300 OWinstaller.exe 143.204.215.24:443 US malicious
2300 OWinstaller.exe 65.9.61.40:443 AT&T Services, Inc. US unknown
2620 DxDiag.exe 41.63.96.0:80 Limelight Networks, Inc. ZA suspicious
2300 OWinstaller.exe 69.16.175.42:80 Highwinds Network Group, Inc. US malicious

DNS requests

Domain IP Reputation
analyticsnew.overwolf.com 69.16.175.42
69.16.175.10
malicious
www.google-analytics.com 142.250.185.174
shared
storeapi.overwolf.com 143.204.215.24
143.204.215.107
143.204.215.67
143.204.215.30
shared
content.overwolf.com 65.9.61.40
65.9.61.96
65.9.61.77
65.9.61.114
whitelisted
ctldl.windowsupdate.com 41.63.96.0
whitelisted
fonts.googleapis.com 142.250.186.138
shared
o.ss2.us 65.9.62.120
65.9.62.115
65.9.62.74
65.9.62.53
shared
ocsp.rootg2.amazontrust.com 99.86.3.68
99.86.3.204
99.86.3.46
99.86.3.143
whitelisted
ocsp.pki.goog 142.250.186.67
shared
ocsp.rootca1.amazontrust.com 99.86.3.143
99.86.3.68
99.86.3.46
99.86.3.204
whitelisted
www.overwolf.com 13.35.253.89
13.35.253.50
13.35.253.113
13.35.253.13
whitelisted
ocsp.sca1b.amazontrust.com 65.9.62.149
65.9.62.128
65.9.62.109
65.9.62.56
whitelisted
fonts.gstatic.com 142.250.74.195
shared

Threats

PID Process Class Message
2528 run_this_if_you_got_balls.exe Potentially Bad Traffic ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))

4 ETPRO signatures available at the full report

Debug output strings

No debug info.