| File name: | Sims 4 Mod Manager - Installer.exe |
| Full analysis: | https://app.any.run/tasks/4a9755b7-63af-4877-9a20-696fa47b52a9 |
| Verdict: | Malicious activity |
| Analysis date: | June 02, 2024, 14:49:19 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| MD5: | E80BA995B223C78E46F41805E8CAA02A |
| SHA1: | CB12B2735247842D1A654DA5C1345B1A2B0D17EF |
| SHA256: | A7F567082234F2B8ADA9F87C74AAD08C33AF605C1B564A9F39B831C1CF93553A |
| SSDEEP: | 98304:IVKm5bJ/A9nGcRa1xXcVsy3RxeLLCIJgap176MVhuhKrHVk2ENB0+o1QVNGRplIZ:v/ |
MALICIOUS
Drops the executable file immediately after the start
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
Scans artifacts that could help determine the target
- OWInstaller.exe (PID: 6476)
SUSPICIOUS
The process creates files with name similar to system file names
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
Malware-specific behavior (creating "System.dll" in Temp)
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
Executable content was dropped or overwritten
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
Drops 7-zip archiver for unpacking
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
Reads security settings of Internet Explorer
- OWInstaller.exe (PID: 6476)
Reads Microsoft Outlook installation path
- OWInstaller.exe (PID: 6476)
Reads Internet Explorer settings
- OWInstaller.exe (PID: 6476)
Checks Windows Trust Settings
- OWInstaller.exe (PID: 6476)
INFO
Create files in a temporary directory
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
- OWInstaller.exe (PID: 6476)
Checks supported languages
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
- OWInstaller.exe (PID: 6476)
- identity_helper.exe (PID: 1428)
Creates files or folders in the user directory
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
- OWInstaller.exe (PID: 6476)
Reads Environment values
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
- OWInstaller.exe (PID: 6476)
Reads the computer name
- OWInstaller.exe (PID: 6476)
- identity_helper.exe (PID: 1428)
Reads the machine GUID from the registry
- OWInstaller.exe (PID: 6476)
Disables trace logs
- OWInstaller.exe (PID: 6476)
Reads the software policy settings
- OWInstaller.exe (PID: 6476)
Checks proxy server information
- OWInstaller.exe (PID: 6476)
Process checks Internet Explorer phishing filters
- OWInstaller.exe (PID: 6476)
Reads Microsoft Office registry keys
- OWInstaller.exe (PID: 6476)
- msedge.exe (PID: 6968)
Application launched itself
- msedge.exe (PID: 6968)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable MS Visual C++ (generic) (67.4) |
|---|---|---|
| .dll | | | Win32 Dynamic Link Library (generic) (14.2) |
| .exe | | | Win32 Executable (generic) (9.7) |
| .exe | | | Generic Win/DOS Executable (4.3) |
| .exe | | | DOS Executable Generic (4.3) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2021:09:25 21:57:46+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 27136 |
| InitializedDataSize: | 186880 |
| UninitializedDataSize: | 2048 |
| EntryPoint: | 0x352d |
| OSVersion: | 4 |
| ImageVersion: | 6 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 2.250.0.2 |
| ProductVersionNumber: | 2.250.0.2 |
| FileFlagsMask: | 0x0000 |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Unicode |
| Comments: | - |
| CompanyName: | Overwolf Ltd. |
| FileDescription: | Sims 4 Mod Manager |
| FileVersion: | 2.250.0.2 |
| LegalCopyright: | Copyright (C) 2021 Overwolf Ltd. All Rights Reserved. |
| LegalTrademarks: | - |
| ProductName: | Sims 4 Mod Manager |
| ProductVersion: | 2.250.0.2 |
Total processes
159
Monitored processes
39
Malicious processes
2
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 920 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5520 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1428 | "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6112 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: PWA Identity Proxy Host Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1488 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=924 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1608 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=924 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1944 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4224 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1964 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5628 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 2308 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5740 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 2452 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6304 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 2620 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6116 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 3592 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3536 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 122.0.2365.59 Modules
| |||||||||||||||
Total events
16 694
Read events
16 582
Write events
109
Delete events
3
Modification events
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\OverwolfElectron |
| Operation: | write | Name: | MUID |
Value: bb926e54-e3ca-40fd-ae90-2764341e7792 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | EnableAutoFileTracing |
Value: 0 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | EnableConsoleTracing |
Value: 0 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | FileTracingMask |
Value: | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | ConsoleTracingMask |
Value: | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | MaxFileSize |
Value: 1048576 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | FileDirectory |
Value: %windir%\tracing | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASMANCS |
| Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASMANCS |
| Operation: | write | Name: | EnableAutoFileTracing |
Value: 0 | |||
Executable files
25
Suspicious files
150
Text files
120
Unknown types
3
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\UserInfo.dll | executable | |
MD5:9301577FF4D229347FE33259B43EF3B2 | SHA256:090C4BC8DC534E97B3877BD5115EB58B3E181495F29F231479F540BAB5C01EDC | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\OWInstaller.exe | executable | |
MD5:45E1C3413D990649CE56420A2E615C41 | SHA256:69C0BF488C36DB126D3DE1427C0BE5C257A15A8C74F7E230018A555063539B41 | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\Newtonsoft.Json.dll | executable | |
MD5:98CBB64F074DC600B23A2EE1A0F46448 | SHA256:7B44639CBFBC8DDAC8C7A3DE8FFA97A7460BEBB0D54E9FF2E1CCDC3A742C2B13 | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\log4net.dll | executable | |
MD5:F15C8A9E2876568B3910189B2D493706 | SHA256:AE9C8073C3357C490F5D1C64101362918357C568F6B9380A60B09A4A4C1FF309 | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\Microsoft.Win32.TaskScheduler.dll | executable | |
MD5:9F725BA6EB84F97A3A10D064ECAB70E3 | SHA256:94961A4D686FA65B85B9E56A2A47AA87122C7B4F4FF8A9E7EF881C2A142283EB | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\nsProcess.dll | executable | |
MD5:F0438A894F3A7E01A4AAE8D1B5DD0289 | SHA256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11 | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\utils.dll | executable | |
MD5:AAD3F2ECC74DDF65E84DCB62CF6A77CD | SHA256:1CC004FCCE92824FA27565B31299B532733C976671AC6CF5DBD1E0465C0E47E8 | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\CommandLine.dll | executable | |
MD5:1D859391711A062C5F48212686505A6A | SHA256:CEE8683C16CC43A542CFA1490894F555857EAF031FCDFB1ED7059E1538E21C8A | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\SharpRaven.dll | executable | |
MD5:8F6FF3176E7F0B58B033B3D3F1303DB3 | SHA256:0EA20361A01F8FC8EAB21AB5613E77D36A3506793D4487438C314DAF86E90630 | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\nsis7z.dll | executable | |
MD5:E4EA3296EDD193EA8D18E47E98AE24F1 | SHA256:42FB136E3AD068BFB05B39B97669BD66E5FBF560164CBA803F634E694FA2B9DD | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
158
TCP/UDP connections
120
DNS requests
105
Threats
3
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5140 | MoUsoCoreWorker.exe | GET | 200 | 23.210.1.184:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | unknown |
5140 | MoUsoCoreWorker.exe | GET | 200 | 23.204.115.201:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | unknown |
5504 | svchost.exe | GET | 200 | 23.204.115.201:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | unknown |
6476 | OWInstaller.exe | GET | 200 | 142.250.185.174:80 | http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=592970892&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=675098981&utmr=/&utmp=/&utmac=UA-80584726-1&utmcc=__utma%3D0.1232481807.1717339773.1717339773.1717339773.2%3B%2B__utmz%3D0.1717339773.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A%29%28%29&gaq=1&utmt=event | unknown | — | — | unknown |
6476 | OWInstaller.exe | GET | 200 | 142.250.185.174:80 | http://www.google-analytics.com/__utm.gif?utmwv=4.7.2&utmn=516634094&utmhn=&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=0&utmfl=-&utmdt=&utmhid=867020915&utmr=/&utmp=/&utmac=UA-18298709-8&utmcc=__utma%3D0.1232481807.1717339773.1717339773.1717339773.2%3B%2B__utmz%3D0.1717339773.1.1.utmcsr%3D%28direct%29%7Cutmccn%3D%7Cutmcmd%3D%3B&utme=5%28Funnel2%2AInstaller%20Launched%2A%29%28%29&gaq=1&utmt=event | unknown | — | — | unknown |
— | — | HEAD | 200 | 18.66.192.122:443 | https://content.overwolf.com/Installer/promo/dnbjaedjmcendepjgnkfgcgmjjghcnmggkiokdnj/index.html | unknown | — | — | — |
— | — | HEAD | 200 | 18.66.192.94:443 | https://content.overwolf.com/Installer/promo/dnbjaedjmcendepjgnkfgcgmjjghcnmggkiokdnj/index.html | unknown | — | — | — |
— | — | GET | — | 18.66.192.75:443 | https://content.overwolf.com/Installer/promo/dnbjaedjmcendepjgnkfgcgmjjghcnmggkiokdnj/js/block_inputs.js | unknown | — | — | — |
— | — | GET | 200 | 54.230.228.60:443 | https://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=0&Name=Manual_Funnel2_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19045.4046%2522%257d%252c%257b%2522Name%2522%253a%2522isElectron%2522%252c%2522Value%2522%253a%2522true%2522%257d%255d&owver=2.250.0.2&MUID=bb926e54-e3ca-40fd-ae90-2764341e7792 | unknown | binary | 2 b | — |
— | — | GET | 200 | 18.66.192.25:443 | https://content.overwolf.com/Installer/promo/dnbjaedjmcendepjgnkfgcgmjjghcnmggkiokdnj/css/style.css | unknown | text | 1.45 Kb | — |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
5504 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
1984 | RUXIMICS.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5140 | MoUsoCoreWorker.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5504 | svchost.exe | 23.204.115.201:80 | crl.microsoft.com | AKAMAI-AS | US | unknown |
4364 | svchost.exe | 239.255.255.250:1900 | — | — | — | unknown |
5140 | MoUsoCoreWorker.exe | 23.204.115.201:80 | crl.microsoft.com | AKAMAI-AS | US | unknown |
5140 | MoUsoCoreWorker.exe | 23.210.1.184:80 | www.microsoft.com | AKAMAI-AS | US | unknown |
6476 | OWInstaller.exe | 142.250.185.174:80 | www.google-analytics.com | GOOGLE | US | whitelisted |
6476 | OWInstaller.exe | 54.230.228.60:443 | analyticsnew.overwolf.com | AMAZON-02 | US | unknown |
6476 | OWInstaller.exe | 18.173.154.81:443 | content.overwolf.com | — | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
analyticsnew.overwolf.com |
| unknown |
content.overwolf.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
storeapi.overwolf.com |
| shared |
fonts.googleapis.com |
| whitelisted |
www.overwolf.com |
| whitelisted |
installapi.overwolf.com |
| unknown |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Potential Corporate Privacy Violation | AV POLICY Observed TikTok Domain in TLS SNI (tiktok.com) |
2 ETPRO signatures available at the full report