| File name: | Sims 4 Mod Manager - Installer.exe |
| Full analysis: | https://app.any.run/tasks/4a9755b7-63af-4877-9a20-696fa47b52a9 |
| Verdict: | Malicious activity |
| Analysis date: | June 02, 2024, 14:49:19 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
| MD5: | E80BA995B223C78E46F41805E8CAA02A |
| SHA1: | CB12B2735247842D1A654DA5C1345B1A2B0D17EF |
| SHA256: | A7F567082234F2B8ADA9F87C74AAD08C33AF605C1B564A9F39B831C1CF93553A |
| SSDEEP: | 98304:IVKm5bJ/A9nGcRa1xXcVsy3RxeLLCIJgap176MVhuhKrHVk2ENB0+o1QVNGRplIZ:v/ |
MALICIOUS
Drops the executable file immediately after the start
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
Scans artifacts that could help determine the target
- OWInstaller.exe (PID: 6476)
SUSPICIOUS
Executable content was dropped or overwritten
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
The process creates files with name similar to system file names
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
Malware-specific behavior (creating "System.dll" in Temp)
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
Drops 7-zip archiver for unpacking
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
Reads security settings of Internet Explorer
- OWInstaller.exe (PID: 6476)
Reads Microsoft Outlook installation path
- OWInstaller.exe (PID: 6476)
Reads Internet Explorer settings
- OWInstaller.exe (PID: 6476)
Checks Windows Trust Settings
- OWInstaller.exe (PID: 6476)
INFO
Create files in a temporary directory
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
- OWInstaller.exe (PID: 6476)
Checks supported languages
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
- OWInstaller.exe (PID: 6476)
- identity_helper.exe (PID: 1428)
Reads Environment values
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
- OWInstaller.exe (PID: 6476)
Reads the computer name
- OWInstaller.exe (PID: 6476)
- identity_helper.exe (PID: 1428)
Creates files or folders in the user directory
- Sims 4 Mod Manager - Installer.exe (PID: 6440)
- OWInstaller.exe (PID: 6476)
Reads the machine GUID from the registry
- OWInstaller.exe (PID: 6476)
Disables trace logs
- OWInstaller.exe (PID: 6476)
Checks proxy server information
- OWInstaller.exe (PID: 6476)
Reads the software policy settings
- OWInstaller.exe (PID: 6476)
Process checks Internet Explorer phishing filters
- OWInstaller.exe (PID: 6476)
Reads Microsoft Office registry keys
- msedge.exe (PID: 6968)
- OWInstaller.exe (PID: 6476)
Application launched itself
- msedge.exe (PID: 6968)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable MS Visual C++ (generic) (67.4) |
|---|---|---|
| .dll | | | Win32 Dynamic Link Library (generic) (14.2) |
| .exe | | | Win32 Executable (generic) (9.7) |
| .exe | | | Generic Win/DOS Executable (4.3) |
| .exe | | | DOS Executable Generic (4.3) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2021:09:25 21:57:46+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 27136 |
| InitializedDataSize: | 186880 |
| UninitializedDataSize: | 2048 |
| EntryPoint: | 0x352d |
| OSVersion: | 4 |
| ImageVersion: | 6 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 2.250.0.2 |
| ProductVersionNumber: | 2.250.0.2 |
| FileFlagsMask: | 0x0000 |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Unicode |
| Comments: | - |
| CompanyName: | Overwolf Ltd. |
| FileDescription: | Sims 4 Mod Manager |
| FileVersion: | 2.250.0.2 |
| LegalCopyright: | Copyright (C) 2021 Overwolf Ltd. All Rights Reserved. |
| LegalTrademarks: | - |
| ProductName: | Sims 4 Mod Manager |
| ProductVersion: | 2.250.0.2 |
Total processes
159
Monitored processes
39
Malicious processes
2
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 920 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5520 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1428 | "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6112 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: PWA Identity Proxy Host Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1488 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=924 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1608 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=924 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1944 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4224 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1964 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5628 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 2308 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5740 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 2452 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6304 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 2620 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6116 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 3592 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3536 --field-trial-handle=2408,i,10635166282423916446,8819557852916597478,262144 --variations-seed-version /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Version: 122.0.2365.59 Modules
| |||||||||||||||
Total events
16 694
Read events
16 582
Write events
109
Delete events
3
Modification events
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\OverwolfElectron |
| Operation: | write | Name: | MUID |
Value: bb926e54-e3ca-40fd-ae90-2764341e7792 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | EnableAutoFileTracing |
Value: 0 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | EnableConsoleTracing |
Value: 0 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | FileTracingMask |
Value: | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | ConsoleTracingMask |
Value: | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | MaxFileSize |
Value: 1048576 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASAPI32 |
| Operation: | write | Name: | FileDirectory |
Value: %windir%\tracing | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASMANCS |
| Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
| (PID) Process: | (6476) OWInstaller.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\OWinstaller_RASMANCS |
| Operation: | write | Name: | EnableAutoFileTracing |
Value: 0 | |||
Executable files
25
Suspicious files
150
Text files
120
Unknown types
3
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\UserInfo.dll | executable | |
MD5:9301577FF4D229347FE33259B43EF3B2 | SHA256:090C4BC8DC534E97B3877BD5115EB58B3E181495F29F231479F540BAB5C01EDC | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\nsProcess.dll | executable | |
MD5:F0438A894F3A7E01A4AAE8D1B5DD0289 | SHA256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11 | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\uac.dll | executable | |
MD5:ADB29E6B186DAA765DC750128649B63D | SHA256:2F7F8FC05DC4FD0D5CDA501B47E4433357E887BBFED7292C028D99C73B52DC08 | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\System.dll | executable | |
MD5:7399323923E3946FE9140132AC388132 | SHA256:5A1C20A3E2E2EB182976977669F2C5D9F3104477E98F74D69D2434E79B92FDC3 | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\log4net.dll | executable | |
MD5:F15C8A9E2876568B3910189B2D493706 | SHA256:AE9C8073C3357C490F5D1C64101362918357C568F6B9380A60B09A4A4C1FF309 | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\SharpRaven.dll | executable | |
MD5:8F6FF3176E7F0B58B033B3D3F1303DB3 | SHA256:0EA20361A01F8FC8EAB21AB5613E77D36A3506793D4487438C314DAF86E90630 | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\app\cmp.html | html | |
MD5:D7B8B31B190E552677589CFD4CBB5D8E | SHA256:6C21E8C07CE28327DCA05F873D73FE85D5473F9B22A751A4D3D28931F5D0C74F | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\DotNetZip.dll | executable | |
MD5:190E712F2E3B065BA3D5F63CB9B7725E | SHA256:6C512D9943A225D686B26FC832589E4C8BEF7C4DD0A8BDFD557D5D27FE5BBA0F | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\Microsoft.Win32.TaskScheduler.dll | executable | |
MD5:9F725BA6EB84F97A3A10D064ECAB70E3 | SHA256:94961A4D686FA65B85B9E56A2A47AA87122C7B4F4FF8A9E7EF881C2A142283EB | |||
| 6440 | Sims 4 Mod Manager - Installer.exe | C:\Users\admin\AppData\Local\Temp\nsr3A38.tmp\partner-custom-asset.png | image | |
MD5:C56141CC06E0BBC12EEF7E460C63121A | SHA256:94C450AFDFD48EDFF7F2A8A6381FA38939B5192A0A2364B45F5680CA08EFA9AB | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
158
TCP/UDP connections
120
DNS requests
105
Threats
3
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5504 | svchost.exe | GET | 200 | 23.204.115.201:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | unknown |
5140 | MoUsoCoreWorker.exe | GET | 200 | 23.204.115.201:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | unknown |
5140 | MoUsoCoreWorker.exe | GET | 200 | 23.210.1.184:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | unknown |
— | — | HEAD | 200 | 18.66.192.122:443 | https://content.overwolf.com/Installer/promo/dnbjaedjmcendepjgnkfgcgmjjghcnmggkiokdnj/index.html | unknown | — | — | unknown |
— | — | GET | — | 18.66.192.75:443 | https://content.overwolf.com/Installer/promo/dnbjaedjmcendepjgnkfgcgmjjghcnmggkiokdnj/js/block_inputs.js | unknown | — | — | unknown |
— | — | GET | 200 | 18.66.192.122:443 | https://content.overwolf.com/cmp/v3/vendor-list.json | unknown | binary | 606 Kb | unknown |
— | — | GET | 200 | 18.66.192.75:443 | https://content.overwolf.com/Installer/promo/dnbjaedjmcendepjgnkfgcgmjjghcnmggkiokdnj/index.html?isApp=app&state=installing&lang=en&ver=1 | unknown | html | 2.05 Kb | unknown |
— | — | GET | 200 | 54.230.228.4:443 | https://analyticsnew.overwolf.com/analytics/Counter?CurrentVersion=&PartnerID=0&Name=Manual_Installer_Launched&Value=1&UserName=&GameSessionId=&Extra=%255b%257b%2522Name%2522%253a%2522OSBuild%2522%252c%2522Value%2522%253a%252210.0.19045.4046%2522%257d%252c%257b%2522Name%2522%253a%2522isElectron%2522%252c%2522Value%2522%253a%2522true%2522%257d%252c%257b%2522Name%2522%253a%2522existingUUID%2522%252c%2522Value%2522%253a%2522bb926e54-e3ca-40fd-ae90-2764341e7792%2522%257d%252c%257b%2522Name%2522%253a%2522appstoreUUID%2522%252c%2522Value%2522%253anull%257d%252c%257b%2522Name%2522%253a%2522uid%2522%252c%2522Value%2522%253a%2522dnbjaedjmcendepjgnkfgcgmjjghcnmggkiokdnj%2522%257d%252c%257b%2522Name%2522%253a%2522clientInstalled%2522%252c%2522Value%2522%253a%2522False%2522%257d%255d&owver=2.250.0.2&MUID=bb926e54-e3ca-40fd-ae90-2764341e7792 | unknown | binary | 2 b | unknown |
— | — | GET | 200 | 18.66.192.75:443 | https://content.overwolf.com/Installer/promo/dnbjaedjmcendepjgnkfgcgmjjghcnmggkiokdnj/css/fonts.css | unknown | text | 2.30 Kb | unknown |
— | — | GET | 302 | 18.66.192.126:443 | https://storeapi.overwolf.com/asset/logo-image/dnbjaedjmcendepjgnkfgcgmjjghcnmggkiokdnj | unknown | text | 99 b | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
5504 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
1984 | RUXIMICS.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5140 | MoUsoCoreWorker.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5504 | svchost.exe | 23.204.115.201:80 | crl.microsoft.com | AKAMAI-AS | US | unknown |
4364 | svchost.exe | 239.255.255.250:1900 | — | — | — | unknown |
5140 | MoUsoCoreWorker.exe | 23.204.115.201:80 | crl.microsoft.com | AKAMAI-AS | US | unknown |
5140 | MoUsoCoreWorker.exe | 23.210.1.184:80 | www.microsoft.com | AKAMAI-AS | US | unknown |
6476 | OWInstaller.exe | 142.250.185.174:80 | www.google-analytics.com | GOOGLE | US | whitelisted |
6476 | OWInstaller.exe | 54.230.228.60:443 | analyticsnew.overwolf.com | AMAZON-02 | US | unknown |
6476 | OWInstaller.exe | 18.173.154.81:443 | content.overwolf.com | — | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
analyticsnew.overwolf.com |
| unknown |
content.overwolf.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
storeapi.overwolf.com |
| shared |
fonts.googleapis.com |
| whitelisted |
www.overwolf.com |
| whitelisted |
installapi.overwolf.com |
| unknown |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Potential Corporate Privacy Violation | AV POLICY Observed TikTok Domain in TLS SNI (tiktok.com) |
2 ETPRO signatures available at the full report