File name:

Balatro.Mod.Manager_0.2.6_x64-setup.exe

Full analysis: https://app.any.run/tasks/268a5e18-c1bf-48ef-bfd7-7e951d860b77
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 18, 2025, 15:47:02
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

D746043FE00B8DA56029011576EF74CA

SHA1:

5BB7AC09F532262E4F52AFC487DE14D0C9260C22

SHA256:

4FF13F487148AB85A38C431F4787A471AD386A6780545E47EC022590DAC264AB

SSDEEP:

98304:xJ8MoqMQJkFMWsymSgNo5AGRWl1HCKsi4HXbh/dqnk2ETjX2p4oUKir0xSqblH0P:xYJ0M67vay5LrvZixCoXmO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 7664)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 7980)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 4920)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)

    • The process creates files with name similar to system file names

      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)

    • Process drops legitimate windows executable

      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7636)
      • MicrosoftEdgeUpdate.exe (PID: 7664)
      • MicrosoftEdge_X64_136.0.3240.76.exe (PID: 6156)
      • setup.exe (PID: 1324)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 7636)
      • MicrosoftEdgeUpdate.exe (PID: 7664)

    • Executable content was dropped or overwritten

      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7636)
      • MicrosoftEdgeUpdate.exe (PID: 7664)
      • MicrosoftEdge_X64_136.0.3240.76.exe (PID: 6156)
      • setup.exe (PID: 1324)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 7664)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7712)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7740)
      • MicrosoftEdgeUpdate.exe (PID: 7688)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7768)

    • Searches for installed software

      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)
      • setup.exe (PID: 1324)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 7664)
      • MicrosoftEdgeUpdate.exe (PID: 7904)
      • msedgewebview2.exe (PID: 4920)

    • There is functionality for taking screenshot (YARA)

      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)

    • Application launched itself

      • setup.exe (PID: 1324)
      • MicrosoftEdgeUpdate.exe (PID: 7904)
      • msedgewebview2.exe (PID: 4920)

    • Creates a software uninstall entry

      • setup.exe (PID: 1324)
      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)

  • INFO

    • The sample compiled with english language support

      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7636)
      • MicrosoftEdgeUpdate.exe (PID: 7664)
      • MicrosoftEdge_X64_136.0.3240.76.exe (PID: 6156)
      • setup.exe (PID: 1324)

    • Checks supported languages

      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7636)
      • MicrosoftEdgeUpdate.exe (PID: 7664)
      • MicrosoftEdgeUpdate.exe (PID: 7688)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7712)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7740)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7768)
      • MicrosoftEdgeUpdate.exe (PID: 7824)
      • MicrosoftEdgeUpdate.exe (PID: 7904)
      • MicrosoftEdgeUpdate.exe (PID: 7864)
      • MicrosoftEdgeUpdateCore.exe (PID: 7972)
      • MicrosoftEdge_X64_136.0.3240.76.exe (PID: 6156)
      • setup.exe (PID: 2236)
      • MicrosoftEdgeUpdate.exe (PID: 7996)
      • setup.exe (PID: 1324)
      • MicrosoftEdgeUpdate.exe (PID: 7276)
      • BMM.exe (PID: 4980)
      • msedgewebview2.exe (PID: 7732)
      • msedgewebview2.exe (PID: 7980)
      • msedgewebview2.exe (PID: 4920)
      • msedgewebview2.exe (PID: 8016)
      • msedgewebview2.exe (PID: 5400)
      • msedgewebview2.exe (PID: 6576)

    • Reads the computer name

      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)
      • MicrosoftEdgeUpdate.exe (PID: 7664)
      • MicrosoftEdgeUpdate.exe (PID: 7688)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7712)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7740)
      • MicrosoftEdgeUpdate.exe (PID: 7824)
      • MicrosoftEdgeUpdate.exe (PID: 7864)
      • MicrosoftEdgeUpdateCore.exe (PID: 7972)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7768)
      • MicrosoftEdgeUpdate.exe (PID: 7904)
      • MicrosoftEdgeUpdate.exe (PID: 7996)
      • MicrosoftEdge_X64_136.0.3240.76.exe (PID: 6156)
      • setup.exe (PID: 1324)
      • MicrosoftEdgeUpdate.exe (PID: 7276)
      • msedgewebview2.exe (PID: 4920)
      • BMM.exe (PID: 4980)
      • msedgewebview2.exe (PID: 8016)
      • msedgewebview2.exe (PID: 7980)

    • Create files in a temporary directory

      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7636)
      • MicrosoftEdgeUpdate.exe (PID: 7664)
      • msedgewebview2.exe (PID: 4920)

    • Auto-launch of the file from Registry key

      • MicrosoftEdgeUpdate.exe (PID: 7664)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 7664)
      • MicrosoftEdgeUpdate.exe (PID: 7904)
      • MicrosoftEdge_X64_136.0.3240.76.exe (PID: 6156)
      • setup.exe (PID: 1324)
      • setup.exe (PID: 2236)
      • Balatro.Mod.Manager_0.2.6_x64-setup.exe (PID: 7572)
      • msedgewebview2.exe (PID: 7732)
      • BMM.exe (PID: 4980)
      • msedgewebview2.exe (PID: 4920)
      • msedgewebview2.exe (PID: 8016)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 7824)
      • MicrosoftEdgeUpdate.exe (PID: 7904)
      • MicrosoftEdgeUpdate.exe (PID: 7276)
      • msedgewebview2.exe (PID: 4920)
      • slui.exe (PID: 5608)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 7824)
      • MicrosoftEdgeUpdate.exe (PID: 7276)
      • msedgewebview2.exe (PID: 4920)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 7664)
      • setup.exe (PID: 1324)
      • msedgewebview2.exe (PID: 4920)
      • msedgewebview2.exe (PID: 6576)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 7904)
      • MicrosoftEdgeUpdate.exe (PID: 7824)
      • MicrosoftEdgeUpdate.exe (PID: 7276)
      • msedgewebview2.exe (PID: 4920)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 7824)
      • MicrosoftEdgeUpdate.exe (PID: 7904)
      • MicrosoftEdgeUpdate.exe (PID: 7276)
      • slui.exe (PID: 5608)

    • Manual execution by a user

      • MicrosoftEdgeUpdateCore.exe (PID: 7972)
      • BMM.exe (PID: 4980)

    • Reads CPU info

      • msedgewebview2.exe (PID: 4920)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:56:47+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 141824
UninitializedDataSize: 2048
EntryPoint: 0x3640
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.2.6.0
ProductVersionNumber: 0.2.6.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Balatro Mod Manager
FileVersion: 0.2.6
LegalCopyright: -
ProductName: Balatro Mod Manager
ProductVersion: 0.2.6
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
153
Monitored processes
24
Malicious processes
7
Suspicious processes
3

Behavior graph

Click at the process to see the details
start balatro.mod.manager_0.2.6_x64-setup.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedgeupdatecore.exe no specs microsoftedgeupdate.exe no specs microsoftedge_x64_136.0.3240.76.exe setup.exe setup.exe no specs slui.exe microsoftedgeupdate.exe bmm.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1324"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{5B59E4D1-6F42-4547-9D4A-C6C7BBCB2F0D}\EDGEMITMP_C6A40.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{5B59E4D1-6F42-4547-9D4A-C6C7BBCB2F0D}\MicrosoftEdge_X64_136.0.3240.76.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{5B59E4D1-6F42-4547-9D4A-C6C7BBCB2F0D}\EDGEMITMP_C6A40.tmp\setup.exe
MicrosoftEdge_X64_136.0.3240.76.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
136.0.3240.76
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{5b59e4d1-6f42-4547-9d4a-c6c7bbcb2f0d}\edgemitmp_c6a40.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
2236C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{5B59E4D1-6F42-4547-9D4A-C6C7BBCB2F0D}\EDGEMITMP_C6A40.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=136.0.7103.113 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{5B59E4D1-6F42-4547-9D4A-C6C7BBCB2F0D}\EDGEMITMP_C6A40.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=136.0.3240.76 --initial-client-data=0x2b8,0x2bc,0x2c0,0x294,0x2c4,0x7ff798d5f3e8,0x7ff798d5f3f4,0x7ff798d5f400C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{5B59E4D1-6F42-4547-9D4A-C6C7BBCB2F0D}\EDGEMITMP_C6A40.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
136.0.3240.76
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{5b59e4d1-6f42-4547-9d4a-c6c7bbcb2f0d}\edgemitmp_c6a40.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
4920"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.76\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BMM.exe --webview-exe-version=0.2.6 --user-data-dir="C:\Users\admin\AppData\Local\com.balatro-mod-manager.app\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=RemoveRedirectionBitmap --lang=en-US --mojo-named-platform-channel-pipe=4980.2096.14530708452829474639C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.76\msedgewebview2.exeBMM.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
136.0.3240.76
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.76\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.76\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
4980"C:\Users\admin\AppData\Local\Balatro Mod Manager\BMM.exe"C:\Users\admin\AppData\Local\Balatro Mod Manager\BMM.exeexplorer.exe
User:
admin
Company:
balatro-mod-manager
Integrity Level:
MEDIUM
Description:
Balatro Mod Manager
Version:
0.2.6
Modules
Images
c:\users\admin\appdata\local\balatro mod manager\bmm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5400"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.76\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.balatro-mod-manager.app\EBWebView" --webview-exe-name=BMM.exe --webview-exe-version=0.2.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1860,i,9329009962445801900,16921131363470403859,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,RemoveRedirectionBitmap,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.76\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
136.0.3240.76
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.76\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.76\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5608C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6156"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{5B59E4D1-6F42-4547-9D4A-C6C7BBCB2F0D}\MicrosoftEdge_X64_136.0.3240.76.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{5B59E4D1-6F42-4547-9D4A-C6C7BBCB2F0D}\MicrosoftEdge_X64_136.0.3240.76.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
136.0.3240.76
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{5b59e4d1-6f42-4547-9d4a-c6c7bbcb2f0d}\microsoftedge_x64_136.0.3240.76.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6576"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.76\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.balatro-mod-manager.app\EBWebView" --webview-exe-name=BMM.exe --webview-exe-version=0.2.6 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=1860,i,9329009962445801900,16921131363470403859,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,RemoveRedirectionBitmap,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,SafetyHub,SegmentationPlatform,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeCoupons,msAutofillEdgeCouponsAutoApply,msAutofillEdgeServiceRequest,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillAdvancedSuggestionsBasic,msEdgeAutofillOneClickAutocomplete,msEdgeAutofillSaveGSPR100InDb,msEdgeAutofillShowDeployedPassword,msEdgeAutofillSs,msEdgeBrowserEssentialsShowUpdateSection,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTipping,msEdgeTranslate,msEdgeUseCaptivePortalService,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSmartScreenProtection,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\136.0.3240.76\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
136.0.3240.76
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.76\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\136.0.3240.76\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7276"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNTciIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNTciIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NjRFNkQ4MjAtM0Q0RC00REMwLUI1OTMtNDQ3NEQ5MUEzNEU0fSIgdXNlcmlkPSJ7QUFCMDAxNUUtODlDOC00NEI0LTk5QTQtMzc2QzkwOUIyRkYzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InszQzk3OEMzOS1CMkQ3LTQzOUItOTYzNS05RDUyMjlCQ0NCQjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzYuMC4zMjQwLjc2IiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk3NDEwMDkyOTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzQxMDA5MjkzIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyMDg5NzY0NzYiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzZlYjVkY2E3LTI3NjgtNDAxNi04ZGJlLTk3NjJlMmI3OTM5Nz9QMT0xNzQ4MTg4MDM5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUdxM1RzT0klMmJpYzhDOFdrNXdBZk56a1p4dWVJRVluOUtnZDhobDZGT28lMmIxbEtUJTJmZzYwM1k0ZGNtR1RnOWFYdUg2Mk1vYmdOWnBjNW1RZkRlQ0l5OGFRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc0MzQyMjE2IiB0b3RhbD0iMTc0MzQyMjE2IiBkb3dubG9hZF90aW1lX21zPSI0MTM0NCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwMjA5MTMzMDI2IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTAyMjk3NTg3OTAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjEwNjE5NDQ3NjY0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTQ2OSIgZG93bmxvYWRfdGltZV9tcz0iNDY4MTIiIGRvd25sb2FkZWQ9IjE3NDM0MjIxNiIgdG90YWw9IjE3NDM0MjIxNiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzg5NjkiLz48L2FwcD48L3JlcXVlc3Q-C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.57
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
7572"C:\Users\admin\Desktop\Balatro.Mod.Manager_0.2.6_x64-setup.exe" C:\Users\admin\Desktop\Balatro.Mod.Manager_0.2.6_x64-setup.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Balatro Mod Manager
Exit code:
0
Version:
0.2.6
Modules
Images
c:\users\admin\desktop\balatro.mod.manager_0.2.6_x64-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
21 770
Read events
19 061
Write events
2 641
Delete events
68

Modification events

(PID) Process:(7664) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(7664) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(7664) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(7664) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.57
(PID) Process:(7664) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(7664) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.57
(PID) Process:(7664) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.57\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(7664) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_c
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{0CF527E5-1D3A-47D4-A50C-F97C160D7880}
(PID) Process:(7664) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{2EA8A6A9-CCB9-468D-90A6-B4A1698ED74F}
(PID) Process:(7712) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
Executable files
215
Suspicious files
124
Text files
30
Unknown types
0

Dropped files

PID
Process
Filename
Type
7572Balatro.Mod.Manager_0.2.6_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nskC3E0.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
7636MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUCE4E.tmp\MicrosoftEdgeUpdateOnDemand.exeexecutable
MD5:404C7C261CA1C9FBA7774897E871C538
SHA256:4C52D2B1CAA23F4BDEEF21AE5A5C0B875F9E555887D1D6CB84E65ECE94F8C3A7
7636MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUCE4E.tmp\msedgeupdate.dllexecutable
MD5:C4850C9C841ED29FF08A8860C8B48175
SHA256:F7BAC71570109778D3E971786340BB59955E8779C792B2EE74D2598E9C6F5569
7636MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUCE4E.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:74ABCEE07CF78D7DB223D6BDB5DD5CCA
SHA256:7E4AF81ED4C0B300D182ABE757ACD5436D160E35221B7B38CC0B14C21D70768B
7636MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUCE4E.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:A2B91A80F7A2A32ABF8F2E524C07EB6B
SHA256:31DAB919FB0568B18E4A9C6CAF9F6C327AB312E226B05A8FB3C0C48895DEB03D
7636MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUCE4E.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:775BFFE023242A224DC00B190CDD6B0E
SHA256:868D0B887CED2B9C96F69256626EF20E06E1EA582412E02C77B67179F0BB488A
7636MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUCE4E.tmp\MicrosoftEdgeComRegisterShellARM64.exeexecutable
MD5:5FB2A3D78FA87A1A6250E1BCA55CCAD7
SHA256:B80CDCE8D4A0E484078F0555428B71DFA573EC0EEC644D84554C469C50227197
7636MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUCE4E.tmp\psuser.dllexecutable
MD5:DCF6E787D82E6CD6120D5EDA045ECA32
SHA256:D4FBE3D98ED6E938A4B6ABAAE49F426FB30DEE33B16A5A7FD12BCB7A20B4F10D
7636MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUCE4E.tmp\psmachine_64.dllexecutable
MD5:0CB0C27CCF6EF90C18EAC48BE737B810
SHA256:F22FF96887116A74DCD13CED31AD53A3F16F9A13E5A1B7BF3026602480E06BE8
7636MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUCE4E.tmp\psmachine.dllexecutable
MD5:FAEE39F0FC56E10355464558799A1C3C
SHA256:6308D2A3DBCDCC92E81B1185A8A0F86B86F865436FD2FB1F92ECE3A5BCD30F2B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
57
DNS requests
23
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
2.16.241.12:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
8044
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6eb5dca7-2768-4016-8dbe-9762e2b79397?P1=1748188039&P2=404&P3=2&P4=Gq3TsOI%2bic8C8Wk5wAfNzkZxueIEYn9Kgd8hl6FOo%2b1lKT%2fg603Y4dcmGTg9aXuH62MobgNZpc5mQfDeCIy8aQ%3d%3d
unknown
whitelisted
904
SIHClient.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
8044
svchost.exe
GET
200
199.232.214.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6eb5dca7-2768-4016-8dbe-9762e2b79397?P1=1748188039&P2=404&P3=2&P4=Gq3TsOI%2bic8C8Wk5wAfNzkZxueIEYn9Kgd8hl6FOo%2b1lKT%2fg603Y4dcmGTg9aXuH62MobgNZpc5mQfDeCIy8aQ%3d%3d
unknown
whitelisted
904
SIHClient.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
904
SIHClient.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
904
SIHClient.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
904
SIHClient.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
904
SIHClient.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
2104
svchost.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
6544
svchost.exe
40.126.32.74:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7824
MicrosoftEdgeUpdate.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.142
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 69.192.161.161
whitelisted
login.live.com
  • 40.126.32.74
  • 20.190.160.17
  • 20.190.160.130
  • 40.126.32.136
  • 20.190.160.131
  • 20.190.160.66
  • 20.190.160.5
  • 40.126.32.72
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
msedge.api.cdp.microsoft.com
  • 172.169.87.222
whitelisted
msedge.f.tlu.dl.delivery.mp.microsoft.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted

Threats

PID
Process
Class
Message
8044
svchost.exe
Misc activity
ET INFO Packed Executable Download
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Balatro.Mod.Manager_0.2.6_x64-setup.exe