download:

/Blur009/Blur-AutoClicker/releases/download/v3.3.0/BlurAutoClicker_3.3.0_x64-setup.exe

Full analysis: https://app.any.run/tasks/bc8f32b7-56a5-4400-8ef9-095f8420713b
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 15, 2026, 01:40:53
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

AFCF8E03065A09B90928CD5707CD4548

SHA1:

9C75B4F1FE6EAC870D24EE51E8D4E62D5B0B6F13

SHA256:

A33309DC45F9078A6F4F9B24738088EE51DF706564FB2AE4F6D6953BFC871BC4

SSDEEP:

98304:WwJrzjUHbFusB4HHRpNmz6NNZsyepOVBk3KBetBWcdNktV1CwlEIkJUQsPFJPMk8:nnlkraMFVM8xN

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 7348)

    • Potential DLL hijacking behavior detected

      • msedgewebview2.exe (PID: 1132)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 6472)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3340)
      • MicrosoftEdgeUpdate.exe (PID: 7348)
      • MicrosoftEdge_X64_147.0.3912.60.exe (PID: 7708)
      • setup.exe (PID: 7672)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)

    • The process creates files with name similar to system file names

      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)

    • Silent install from TEMP directory

      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3340)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 3340)
      • MicrosoftEdgeUpdate.exe (PID: 7348)

    • Searches for installed software

      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)
      • setup.exe (PID: 7672)
      • msedgewebview2.exe (PID: 6472)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 7348)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3120)
      • MicrosoftEdgeUpdate.exe (PID: 3996)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4272)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4684)

    • Application launched itself

      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • msedgewebview2.exe (PID: 6472)

  • INFO

    • The sample compiled with english language support

      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3340)
      • MicrosoftEdgeUpdate.exe (PID: 7348)
      • MicrosoftEdge_X64_147.0.3912.60.exe (PID: 7708)
      • setup.exe (PID: 7672)

    • Reads the computer name

      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)
      • MicrosoftEdgeUpdate.exe (PID: 7348)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3120)
      • MicrosoftEdgeUpdate.exe (PID: 3996)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4684)
      • MicrosoftEdgeUpdate.exe (PID: 5816)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4272)
      • MicrosoftEdgeUpdate.exe (PID: 2156)
      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • MicrosoftEdge_X64_147.0.3912.60.exe (PID: 7708)
      • setup.exe (PID: 7672)
      • MicrosoftEdgeUpdate.exe (PID: 2132)
      • BlurAutoClicker.exe (PID: 7356)
      • msedgewebview2.exe (PID: 6472)
      • msedgewebview2.exe (PID: 1132)
      • msedgewebview2.exe (PID: 5764)

    • Checks supported languages

      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3340)
      • MicrosoftEdgeUpdate.exe (PID: 7348)
      • MicrosoftEdgeUpdate.exe (PID: 3996)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3120)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4272)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4684)
      • MicrosoftEdgeUpdate.exe (PID: 5816)
      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • MicrosoftEdgeUpdate.exe (PID: 2156)
      • MicrosoftEdge_X64_147.0.3912.60.exe (PID: 7708)
      • setup.exe (PID: 7672)
      • BlurAutoClicker.exe (PID: 7356)
      • MicrosoftEdgeUpdate.exe (PID: 2132)
      • msedgewebview2.exe (PID: 6472)
      • msedgewebview2.exe (PID: 4308)
      • msedgewebview2.exe (PID: 1132)
      • msedgewebview2.exe (PID: 4932)
      • msedgewebview2.exe (PID: 5764)
      • msedgewebview2.exe (PID: 7556)
      • msedgewebview2.exe (PID: 6520)
      • msedgewebview2.exe (PID: 6816)
      • msedgewebview2.exe (PID: 3156)

    • Create files in a temporary directory

      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3340)
      • MicrosoftEdgeUpdate.exe (PID: 7348)
      • msedgewebview2.exe (PID: 6472)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 7348)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 5816)
      • MicrosoftEdgeUpdate.exe (PID: 2132)
      • msedgewebview2.exe (PID: 6472)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 7348)
      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • MicrosoftEdge_X64_147.0.3912.60.exe (PID: 7708)
      • setup.exe (PID: 7672)
      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)
      • msedgewebview2.exe (PID: 6472)
      • msedgewebview2.exe (PID: 4308)
      • msedgewebview2.exe (PID: 5764)
      • BlurAutoClicker.exe (PID: 7356)

    • There is functionality for taking screenshot (YARA)

      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 7348)
      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)
      • msedgewebview2.exe (PID: 6472)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 7348)
      • setup.exe (PID: 7672)
      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)
      • msedgewebview2.exe (PID: 6472)
      • msedgewebview2.exe (PID: 7556)
      • msedgewebview2.exe (PID: 6520)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • msedgewebview2.exe (PID: 6472)

    • Creates a software uninstall entry

      • setup.exe (PID: 7672)
      • BlurAutoClicker_3.3.0_x64-setup.exe (PID: 6884)

    • Reads CPU info

      • msedgewebview2.exe (PID: 6472)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2025:03:08 23:05:20+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 139776
UninitializedDataSize: 2048
EntryPoint: 0x369f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 3.3.0.0
ProductVersionNumber: 3.3.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: BlurAutoClicker
FileVersion: 3.3.0
LegalCopyright: -
ProductName: BlurAutoClicker
ProductVersion: 3.3.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
156
Monitored processes
23
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start blurautoclicker_3.3.0_x64-setup.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x64_147.0.3912.60.exe setup.exe microsoftedgeupdate.exe blurautoclicker.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1132"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\147.0.3912.60\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\BlurAutoClicker\EBWebView" --webview-exe-name=BlurAutoClicker.exe --webview-exe-version=3.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --startup-read-main-dll --metrics-shmem-handle=1772,i,2491379555173637190,3246883009654725593,262144 --field-trial-handle=1852,i,14273210881921351945,972808308685822723,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --pseudonymization-salt-handle=1904,i,11768178605515640223,997123395215755232,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1240 /prefetch:2C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\147.0.3912.60\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
147.0.3912.60
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\147.0.3912.60\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\147.0.3912.60\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
2132"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4yMjkuMyIgc2hlbGxfdmVyc2lvbj0iMS4zLjIyOS4zIiBpc21hY2hpbmU9IjAiIHNlc3Npb25pZD0iezRDQjg4MjczLTcxMzAtNDQxRC1BQUIwLThENzg1OThEQjIwN30iIHVzZXJpZD0ie0REMTVDMzYwLUExQkQtNDc0Ni1CQzI5LUFCNDRCNTdBQjJCN30iIGluc3RhbGxzb3VyY2U9Im90aGVyaW5zdGFsbGNtZCIgcmVxdWVzdGlkPSJ7N0U3MjE4OTYtODEzMS00Qzg2LTg4NDgtREE4NEEyMjIxMjM5fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjYiIHBoeXNtZW1vcnk9IjYiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NS40MDQ2IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRFTEwiIHByb2R1Y3RfbmFtZT0iREVMTCIvPjxleHAgZXRhZz0iJnF1b3Q7K1pGQWozU09JSTVCSnpvR3V6OE9wcjBoWjhIL3JEenFiL1FWcjNQWWg0ST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTQ3LjAuMzkxMi42MCIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5MjYyNDY0ODk0IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTI2MjYyMTAwNiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk0MTQxODMxMzciIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzI5ZWFlNzJkLTUxZDEtNGU1ZS1iMmNiLWI1YjUzMWU5NWVkZD9QMT0xNzc2ODIyMDY5JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PW0lMmZVdHY5aXNuaiUyZnJpTGRzMk1qYnR2b2ZIdG5VJTJma01QZ0FsZ3I1RnhHVlNZd1k1RUVhVTZqbmhubGQxMU11VWRYTVBuTkc3UjlxbkxRbjd0R0k5V1JRJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTkwMDg1NzI4IiB0b3RhbD0iMTkwMDg1NzI4IiBkb3dubG9hZF90aW1lX21zPSIxMjM5MSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9Ijk0MTQzMzkzODMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NDMzNzI0OTY1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI5NzY0NDE4MzI0IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNTk0IiBkb3dubG9hZF90aW1lX21zPSIxNTE3MiIgZG93bmxvYWRlZD0iMTkwMDg1NzI4IiB0b3RhbD0iMTkwMDg1NzI4IiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIzMzA2OSIvPjwvYXBwPjwvcmVxdWVzdD4C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.229.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2156"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{4CB88273-7130-441D-AAB0-8D78598DB207}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.229.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3120"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.229.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.229.3\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3156"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\147.0.3912.60\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\BlurAutoClicker\EBWebView" --webview-exe-name=BlurAutoClicker.exe --webview-exe-version=3.3.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --skip-read-main-dll --metrics-shmem-handle=5208,i,10828071753921279094,5991922860202130711,524288 --field-trial-handle=1852,i,14273210881921351945,972808308685822723,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --pseudonymization-salt-handle=1904,i,11768178605515640223,997123395215755232,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=5248 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\147.0.3912.60\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
147.0.3912.60
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\147.0.3912.60\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\147.0.3912.60\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
3340C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe
BlurAutoClicker_3.3.0_x64-setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.229.3
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3996"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.229.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
4272"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.229.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.229.3\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4308C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\147.0.3912.60\msedgewebview2.exe --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Local\BlurAutoClicker\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Local\BlurAutoClicker\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=147.0.7727.56 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\147.0.3912.60\msedgewebview2.exe --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=147.0.3912.60 --initial-client-data=0x1a0,0x1a4,0x1a8,0x17c,0x1b0,0x7ffe22961d58,0x7ffe22961d64,0x7ffe22961d70C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\147.0.3912.60\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
147.0.3912.60
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\147.0.3912.60\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\147.0.3912.60\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
4684"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.229.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.229.3\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
12 661
Read events
10 993
Write events
1 600
Delete events
68

Modification events

(PID) Process:(7348) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(7348) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:CopilotUpdatePath
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\CopilotUpdate.exe
(PID) Process:(7348) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(7348) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.229.3
(PID) Process:(7348) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(7348) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.229.3
(PID) Process:(7348) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.229.3\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(7348) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_c
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{81E45516-B803-40F2-9716-C1945D96CCC8}
(PID) Process:(7348) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{B286A6C5-012B-41B4-BFBA-16B67B2773AB}
(PID) Process:(3996) MicrosoftEdgeUpdate.exeKey:HKEY_CLASSES_ROOT\WOW6432Node\CLSID\{81093D63-7825-417B-BFC8-ADC63FA4E53D}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
Executable files
213
Suspicious files
87
Text files
91
Unknown types
0

Dropped files

PID
Process
Filename
Type
6884BlurAutoClicker_3.3.0_x64-setup.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeexecutable
MD5:D526B24D6F2A5CEA0F3F438F6B0000ED
SHA256:5CB35E73342E3BDFEA0293D1598A8E10D32D5FCE78E55ACB5EAD00AB918E63FB
6884BlurAutoClicker_3.3.0_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nslFE29.tmp\nsDialogs.dllexecutable
MD5:8F0E7415F33843431DF308BB8E06AF81
SHA256:BB49F15FA83452370047A7801E39FC7F64E70C7545B8999BB85AA4749EAA048B
3340MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU178B.tmp\msedgeupdate.dllexecutable
MD5:2ED6D12FAAE466621AD04730CB1E8F04
SHA256:FEF00A22EDA61A2C33297A8ABB83A09104732C7C67A89CC12AB1432BC55D6981
3340MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU178B.tmp\CopilotUpdate.exeexecutable
MD5:84A540F3EBBEB049F32F95D7DA800984
SHA256:07C2812D15CD38B4BD93CE428D920FB23EC4D0CE87FFB99ADCF6B69AF33FFFD1
6884BlurAutoClicker_3.3.0_x64-setup.exeC:\Users\admin\AppData\Local\Temp\nslFE29.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
3340MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU178B.tmp\MicrosoftEdgeUpdate.exeexecutable
MD5:5ACDEE33A555D4D1EB6C523B42BCA745
SHA256:9888704382ABFB694984C1C7A7707A45B4EBC406FC98D35622461077553AA797
3340MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU178B.tmp\MicrosoftEdgeUpdateBroker.exeexecutable
MD5:E212E9CE45C567C7DBCE9BB326EF41E3
SHA256:9069297ADD7ADC264CBE198B6B2342C8248B994CBA1857231D9B6972339609AC
3340MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU178B.tmp\MicrosoftEdgeUpdateComRegisterShell64.exeexecutable
MD5:4915479A8F28D2E3AD6B4F787A30574D
SHA256:122EBEBBCD93B4F9DE1E1938D9DDA5D46F5C7B6DA1E0CE2C2EC1CBE2058C5AF1
3340MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU178B.tmp\MicrosoftEdgeUpdateOnDemand.exeexecutable
MD5:7BCCF980A418155EED445DD5B84B96E0
SHA256:6B6750096417F6E91C4F649B34AFD5DF5216DA169A696BC9E241BD836A67BBFD
3340MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EU178B.tmp\MicrosoftEdgeComRegisterShellARM64.exeexecutable
MD5:77644DC395CDB1387F1ED85C746323A1
SHA256:72410E10CA13E97C8FE10872EB17A0895B963B217623459F919938FFD8349E7F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
46
TCP/UDP connections
41
DNS requests
36
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
680
svchost.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
4916
SIHClient.exe
GET
304
74.179.77.204:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
4916
SIHClient.exe
GET
200
135.232.92.97:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
4916
SIHClient.exe
GET
200
74.179.77.204:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
4916
SIHClient.exe
GET
304
74.179.77.204:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
6884
BlurAutoClicker_3.3.0_x64-setup.exe
GET
200
199.232.214.172:80
http://msedge.sf.dl.delivery.mp.microsoft.com/filestreamingservice/files/a36bf2dc-a08f-498c-a65b-0b849f365985/MicrosoftEdgeWebview2Setup.exe
US
executable
1.62 Mb
whitelisted
5816
MicrosoftEdgeUpdate.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.229.3?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_edgeupdate=6&appConsentState_edgeupdate=0&appDayOfInstall_edgeupdate=0&appInactivityBadgeApplied_edgeupdate=0&appInactivityBadgeCleared_edgeupdate=0&appInactivityBadgeDuration_edgeupdate=0&appInstallTimeDiffSec_edgeupdate=0&appIsPinnedSystem_edgeupdate=false&appLastLaunchCount_edgeupdate=0&appLastLaunchTime_edgeupdate=0&appLastLaunchTimeJson_edgeupdate=0&appLastLaunchTimeDaysAgo_edgeupdate=0&appVersion_edgeupdate=1.3.229.3&appUpdateCheckIsUpdateDisabled_edgeupdate=false&appUpdatesAllowedForMeteredNetworks_edgeupdate=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=6&hwPhysmemory=6&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=false&requestOmahaShellVersion=1.3.229.3&requestOmahaVersion=1.3.229.3
US
text
430 b
unknown
5316
svchost.exe
POST
400
40.126.31.1:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
5316
svchost.exe
POST
400
40.126.31.1:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
2132
MicrosoftEdgeUpdate.exe
GET
304
150.171.22.17:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.229.3?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_webview=5&appConsentState_webview=0&appDayOfInstall_webview=-1&appInactivityBadgeApplied_webview=0&appInactivityBadgeCleared_webview=0&appInactivityBadgeDuration_webview=0&appInstallTimeDiffSec_webview=-86400&appIsPinnedSystem_webview=false&appLang_webview=en&appLastLaunchCount_webview=0&appLastLaunchTime_webview=0&appLastLaunchTimeJson_webview=0&appLastLaunchTimeDaysAgo_webview=0&appVersion_webview=147.0.3912.60&appUpdateCheckIsUpdateDisabled_webview=false&appUpdatesAllowedForMeteredNetworks_webview=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=6&hwPhysmemory=6&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=false&requestOmahaShellVersion=1.3.229.3&requestOmahaVersion=1.3.229.3
US
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
680
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
184.24.77.35:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
128.24.231.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
6884
BlurAutoClicker_3.3.0_x64-setup.exe
23.52.181.141:80
go.microsoft.com
AKAMAI-AS
US
whitelisted
6884
BlurAutoClicker_3.3.0_x64-setup.exe
199.232.214.172:80
msedge.sf.dl.delivery.mp.microsoft.com
FASTLY
US
whitelisted
3428
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 184.24.77.35
  • 184.24.77.37
  • 23.55.110.193
  • 23.55.110.211
whitelisted
www.microsoft.com
  • 23.59.18.102
  • 88.221.169.152
whitelisted
google.com
  • 192.178.183.139
  • 192.178.183.100
  • 192.178.183.138
  • 192.178.183.101
  • 192.178.183.113
  • 192.178.183.102
whitelisted
activation-v2.sls.microsoft.com
  • 128.24.231.65
whitelisted
go.microsoft.com
  • 23.52.181.141
whitelisted
msedge.sf.dl.delivery.mp.microsoft.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
login.live.com
  • 40.126.31.1
  • 20.190.159.73
  • 20.190.159.23
  • 40.126.31.2
  • 40.126.31.129
  • 40.126.31.0
  • 20.190.159.130
  • 40.126.31.73
  • 40.126.32.138
  • 20.190.160.22
  • 20.190.160.67
  • 20.190.160.17
  • 20.190.160.2
  • 40.126.32.74
  • 40.126.32.133
  • 20.190.160.20
whitelisted

Threats

PID
Process
Class
Message
6884
BlurAutoClicker_3.3.0_x64-setup.exe
Misc activity
ET INFO Packed Executable Download
6952
svchost.exe
Misc activity
ET INFO Packed Executable Download
680
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\BlurAutoClicker directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/Blur009/Blur-AutoClicker/releases/download/v3.3.0/BlurAutoClicker_3.3.0_x64-setup.exe