111bbca3f1d497ad9787df992e3b50efc27706eb42bcebdedcbee2069ce9500c

Analysis

max time kernel
1038s
max time network
975s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Balatro-v1.0.0N_setup.exe
Size

122.3MB
MD5

9a088ee10e5886915cb5a67f7fe869d9
SHA1

5eba3a1fd42fb61936406560c60d96b5ec6d468e
SHA256

111bbca3f1d497ad9787df992e3b50efc27706eb42bcebdedcbee2069ce9500c
SHA512

00a355e4eadeaf8e08044c0b6c1a30875847379ddb6ffc34b5f05a4d20b109f561126bf54ec35a8d579dded277b25eb105b497fcc42f8a799e2bc2765a63c8a6
SSDEEP

3145728:A+CRiaELWlCelsMwyCAUbcmNohw/6uf8/93qaJHywYOc04:QRiaEJ0zwZYmNohw/r0FI04

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
624	Balatro-v1.0.0N_setup.tmp
4396	Balatro.exe

Loads dropped DLL 13 IoCs

pid	Process
624	Balatro-v1.0.0N_setup.tmp
624	Balatro-v1.0.0N_setup.tmp
624	Balatro-v1.0.0N_setup.tmp
4396	Balatro.exe
4396	Balatro.exe
4396	Balatro.exe
4396	Balatro.exe
4396	Balatro.exe
4396	Balatro.exe
4396	Balatro.exe
4396	Balatro.exe
624	Balatro-v1.0.0N_setup.tmp
624	Balatro-v1.0.0N_setup.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	ipinfo.io

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WrpYGF74DrEm.ini	Balatro-v1.0.0N_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
624	Balatro-v1.0.0N_setup.tmp
624	Balatro-v1.0.0N_setup.tmp
4724	msedge.exe
4724	msedge.exe
1972	identity_helper.exe
1972	identity_helper.exe
4632	msedge.exe
4632	msedge.exe
4860	msedge.exe
4860	msedge.exe
5052	identity_helper.exe
5052	identity_helper.exe
2652	msedge.exe
2652	msedge.exe
1800	msedge.exe
1800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3032	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3032	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
624	Balatro-v1.0.0N_setup.tmp
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4396	Balatro.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 624	736	Balatro-v1.0.0N_setup.exe	87
PID 736 wrote to memory of 624	736	Balatro-v1.0.0N_setup.exe	87
PID 736 wrote to memory of 624	736	Balatro-v1.0.0N_setup.exe	87
PID 624 wrote to memory of 1616	624	Balatro-v1.0.0N_setup.tmp	98
PID 624 wrote to memory of 1616	624	Balatro-v1.0.0N_setup.tmp	98
PID 624 wrote to memory of 4396	624	Balatro-v1.0.0N_setup.tmp	99
PID 624 wrote to memory of 4396	624	Balatro-v1.0.0N_setup.tmp	99
PID 4396 wrote to memory of 224	4396	Balatro.exe	104
PID 4396 wrote to memory of 224	4396	Balatro.exe	104
PID 4860 wrote to memory of 224	4860	msedge.exe	119
PID 4860 wrote to memory of 224	4860	msedge.exe	119
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 2656	4860	msedge.exe	120
PID 4860 wrote to memory of 4632	4860	msedge.exe	121
PID 4860 wrote to memory of 4632	4860	msedge.exe	121
PID 4860 wrote to memory of 5064	4860	msedge.exe	122
PID 4860 wrote to memory of 5064	4860	msedge.exe	122
PID 4860 wrote to memory of 5064	4860	msedge.exe	122
PID 4860 wrote to memory of 5064	4860	msedge.exe	122
PID 4860 wrote to memory of 5064	4860	msedge.exe	122
PID 4860 wrote to memory of 5064	4860	msedge.exe	122
PID 4860 wrote to memory of 5064	4860	msedge.exe	122
PID 4860 wrote to memory of 5064	4860	msedge.exe	122
PID 4860 wrote to memory of 5064	4860	msedge.exe	122
PID 4860 wrote to memory of 5064	4860	msedge.exe	122
PID 4860 wrote to memory of 5064	4860	msedge.exe	122

C:\Users\Admin\AppData\Local\Temp\Balatro-v1.0.0N_setup.exe
"C:\Users\Admin\AppData\Local\Temp\Balatro-v1.0.0N_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:736
- C:\Users\Admin\AppData\Local\Temp\is-C1870.tmp\Balatro-v1.0.0N_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-C1870.tmp\Balatro-v1.0.0N_setup.tmp" /SL5="$A016C,127307487,1146880,C:\Users\Admin\AppData\Local\Temp\Balatro-v1.0.0N_setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/SmallGamez
    3⤵
    - Enumerates system info in registry
    PID:1616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff264e46f8,0x7fff264e4708,0x7fff264e4718
      4⤵
      PID:4600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17519393773829369717,5594404096250989499,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
      4⤵
      PID:208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17519393773829369717,5594404096250989499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17519393773829369717,5594404096250989499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
      4⤵
      PID:2536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17519393773829369717,5594404096250989499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
      4⤵
      PID:1672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17519393773829369717,5594404096250989499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
      4⤵
      PID:4548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17519393773829369717,5594404096250989499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
      4⤵
      PID:2968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17519393773829369717,5594404096250989499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1972
- - C:\Games\Balatro v1.0.0N\Balatro.exe
    "C:\Games\Balatro v1.0.0N\Balatro.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4396
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c set LOVE_GRAPHICS_USE_OPENGLES=1
      4⤵
      PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x328 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff264e46f8,0x7fff264e4708,0x7fff264e4718
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,815862546240299243,15090056332231472070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff264e46f8,0x7fff264e4708,0x7fff264e4718
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9499844534435337924,14294638371760503698,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9499844534435337924,14294638371760503698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9499844534435337924,14294638371760503698,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9499844534435337924,14294638371760503698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9499844534435337924,14294638371760503698,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9499844534435337924,14294638371760503698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9499844534435337924,14294638371760503698,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Games\Balatro v1.0.0N\Balatro.exe

Filesize
52.9MB

MD5
954cb9b9ee671a7f7732836781c67684

SHA1
52fae815bdd2ec8f5db507e2323985a2c443dda9

SHA256
0938840c7a02171e7f25f211a9055edde442c2eca8e61566039f2b835345e144

SHA512
1e3b0ad5dfd2fa01e66e3bc08db5b300c7a87861169b6981fbf3d81bb3a9bcfa5a3d5b98ebb63772e6f98bae2e08e1b17361b6d72a1af1a0ee16fef37669ea51

Download Submit
C:\Games\Balatro v1.0.0N\OpenAL32.dll

Filesize
877KB

MD5
750a9cd07b5a6d50cac0502bb680c4a5

SHA1
419ca8aae5ae369a091fe61f3b090d2d0ac67ff8

SHA256
434e8eba07e81717162e08b8340b0e297aa169ea539196db6cc90903c0164109

SHA512
7b502a6b14273df3fe4b510164d5a7a61bb692d3fa064786cc6754aaeb7e319b071555451022705ac102bf73f5f3a613e6c6ce6baf110633edc09610ccbf318b

Download Submit
C:\Games\Balatro v1.0.0N\SDL2.dll

Filesize
1.6MB

MD5
50187e47bfde8327814096ec6e8d3913

SHA1
cd2803a1ab46826fda2d9a22c5ce899cd07ae39c

SHA256
83f63cda993537e85165f396dca9668ce49baaef17d3532b24ef87fbffcc8a97

SHA512
e82554d69c6d3766ae062f37a8dd242c5568a6bbf5d90586144c9929fe18ebedd50711dcf2d38933079671d2b4f90557901a0c2edd8ac4d5b914faecf4d5b45b

Download Submit
C:\Games\Balatro v1.0.0N\love.dll

Filesize
4.6MB

MD5
67a825a14ee72b670011722984852011

SHA1
0ff63efbdf8f47c0d5272f90654b1526adebb575

SHA256
18025808e7a184715d75bf49f4bfe24ffd5c2acc2702836e6ef3935b60f06b30

SHA512
789781baadd5346994a4cb1f8ff5aaa14cd7a9b8ea406b1197e14337d39e60d8e7dd2dc5763d3109b13b8a904064461a8323c38622ddaf974aa1b5337e69453e

Download Submit
C:\Games\Balatro v1.0.0N\lua51.dll

Filesize
554KB

MD5
e0e12c148ec7439f7f2d7b927e123942

SHA1
f0b88c9985195558e12bc00f8a31422861e73908

SHA256
29e5b0b67593ebb77e0f681ca0c2dbcba9efcecee7d71591f5c91be5760c963e

SHA512
35ca3de41a3eee6f99766682459e7808d17b37d92decae6cc4f960bb5219eceb6165ee21db8b038f5669f6852854e6c2c0a6e4104787031a2da52bd3f813cff2

Download Submit
C:\Games\Balatro v1.0.0N\mpg123.dll

Filesize
212KB

MD5
1063bdbb4cff2f688e77df90b1873b01

SHA1
917beda2a65f64a089fbcff75620319df0893924

SHA256
a58a87086194c25e6f13318cb4b4eb63030e936a835f9740a773d9a421264cf5

SHA512
d2f1683d8682c7153e92164570dad11d404544487a6af178098dd71c9f25424662f926feba24929862ba8cd17f5f7f6b49614bdeb83aa9f90ccaf374efd42faa

Download Submit
C:\Games\Balatro v1.0.0N\msvcp120.dll

Filesize
644KB

MD5
46060c35f697281bc5e7337aee3722b1

SHA1
d0164c041707f297a73abb9ea854111953e99cf1

SHA256
2abf0aab5a3c5ae9424b64e9d19d9d6d4aebc67814d7e92e4927b9798fef2848

SHA512
2cf2ed4d45c79a6e6cebfa3d332710a97f5cf0251dc194eec8c54ea0cb85762fd19822610021ccd6a6904e80afae1590a83af1fa45152f28ca56d862a3473f0a

Download Submit
C:\Games\Balatro v1.0.0N\msvcr120.dll

Filesize
940KB

MD5
9c861c079dd81762b6c54e37597b7712

SHA1
62cb65a1d79e2c5ada0c7bfc04c18693567c90d0

SHA256
ad32240bb1de55c3f5fcac8789f583a17057f9d14914c538c2a7a5ad346b341c

SHA512
3aa770d6fba8590fdcf5d263cb2b3d2fae859e29d31ad482fbfbd700bcd602a013ac2568475999ef9fb06ae666d203d97f42181ec7344cba023a8534fb13acb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6508937aed7f3414c5f977244f785192

SHA1
4be3c30dadf075173c05a0f0f63aeda896e3dd6f

SHA256
ec3cbd8a728e9578da6014427d3fad97a81a58dbd6695ce7eae9ca0683f22f88

SHA512
37eb7ec6c56ffed89913e0438d07609280677b76b4c27deca8aa1fd66acc7916b18d45b5e06c5b8ee7557821c5f2d921ac4f3e86ae8a1d6963030d5aebf0000f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
66d1ab0e12b7f3158e2e22b4bf0a0895

SHA1
41144cdbe1d917a1127c2eafba6a4fba86ceaa7c

SHA256
bb305aa6b6aadef9d5ec7b5e5b66283b254f4fc3b090ab4452216151ce8382a4

SHA512
9438495ea1fd4f35021d1d07a0b501186b6fcec3a5096825c1e3c0f921c22d8e0829a876774d9800d766e77cb112bc3225a28914eb6324c13a1d30d38e8c768b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
d1f604157b0745a40453afb93a6caa42

SHA1
3d5d77429b03674ebb0ba34d925ba1b09310df5e

SHA256
468456974fd86b33647942820dce7284879acfab9e9e6eca008e1fdcf9006fb5

SHA512
0644ce93724a57dedd8aec208e5a038e323a1b9871d5046d58a87c60479626693e6c8f25b7c7f7b60fd35aac133d2e660ecbd8f8d579ad1fc6703ae117a485a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
21272486c511879603a3b5a7ac78aa40

SHA1
62ddb7629bed6af4c73b73c1abed122dead188cc

SHA256
4d32bdfa50e85523723c735f271fef8a5a7ff6a50350bd6561d40d641956e62e

SHA512
e1ae418e9127c35de2638c9cd415a50d4f9477da1b0a5b89b2969922253c4d08d95885ba7de0912ec7a1a74bf1471d308ba920abde02b2474b7ce13b4fed197b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
68a093e641b321f35e22c746c4e46e4f

SHA1
dcb16b87c10483bad63f9176e99dc661f8b835a2

SHA256
b0627f8f21bf9c35d6154d3f0fc72df8828cbb992353cf8ecd7491ed1c49c549

SHA512
47a6819d8952df24b3dbad0099a9cc8feca1c6aef419699802a185bb2e21eddeba1306dffc4a1def531cd70acc74f0efd508dea839c0704a57b92b299bd768f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0685323cd7b325f1c468d6ae7caffc1b

SHA1
09538b70ff4cc4a2d1f9cbc69f54c8f638d7bc8d

SHA256
6a6e368e6eff176ebed023560161e96480acdc62ffc5a4291a024677718da761

SHA512
fe5a0b20d88b0c97e04cac8cb33aa29ce24901246f5a18cb21c705ba8e3db6b1dfd8961f27eb089ef6be7a6bd6e8ed2f6e101d61bd4ac35cea67403da1d8b9bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
358f8be41f47f8bd3829e8e6e2e0e47d

SHA1
ddb0688139bb30ea83f126cd9b88c2fd48f33488

SHA256
7253399c048dd08214e78c2bd33651b73107debbbf845ea10485fb5d1a8d0757

SHA512
e8e270badd4ab5deaa6b3d99fef88fb13da89c4da22693c41e4579bdfec126cd0e22edf4969a801972bcc0b9c955261ca048ea7239979cb5b10d065fff89077a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2599e298989ac907265213bf302b88c7

SHA1
b368f888af7e1dee5408c9403ec33142b1c0acf0

SHA256
a5cbf589e2c44dab29676b28f37f8d5684da22aa0a304ee275c88d43d0f56a22

SHA512
74f5f3902504d8b74b7c78587ae7074c8f1c0d8217e6ec19829a4993a53220e94f5b5234d41c6c0979a3b7359ae58b5ac81c9dd2bc4fe4ceb5e26b157a7f6319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a72402ce49814e10e8ca11b583e122fa

SHA1
89ded1d60da3480b8fc23b9e5baea7e35bf37c22

SHA256
3347a6b056eab511002336cbf3d83c2fe6cc3c53f2bf61e43066b83054d254e4

SHA512
13f9601e83920de6b219c08b8150287eb6a0d1d56385115838de9a3d8056ce35cccd88ccf15032bcedd8838a84368cd05b67fc30e65ad3353e98ebe92cd5ff1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
194B

MD5
d7d9437445aa960dcea52ffe772822dc

SHA1
c2bbf4ac0732d905d998c4f645fd60f95a675d02

SHA256
4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1

SHA512
335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
c815d469e46369ad32d8d960e5b4a843

SHA1
363a51e59e5b4738848f23b685b9a6d6210f5c4e

SHA256
a0bb92b8caf48b1ea94623a4fc3f261c41ead84d0129bfed2cf90e861262f612

SHA512
5465632ae64977b600d4912f121c73b31a09f502a051765a0c50c3a0cdaad9591b3eefccedb2e88ed98b14a0d05060599c6609643fa3e97ed13bb0c0ec9dd5cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359033170634211

Filesize
1KB

MD5
e7fd50a9f6bd3116c1f4842b54b829cc

SHA1
aa3edcf6896980d30841a83b49bdd62111025e20

SHA256
cc9fea8592627c6381b2bbd5700634887e95f1e1928b8ec3b7a93e615e38e74e

SHA512
d600aa9c866851cf553a80760c436756869c82fc49fc996b84755818178295b42e55ebf5ed03b1602e17b808e8d3090bf776a07ddd5a84c533e548fdf5541bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
1babcd04300db7f2d6d8886676f993c3

SHA1
d5245a1a952cd0a28c7f2f979a9530a1b899c4b9

SHA256
52523fc145c21c98f286f593f7ba74ec70ee701e96ba362952b9cc07e36d93b0

SHA512
856cd78b14e1acf6e3393c91addc69384e8d0ca8043f1cee301314fc2c208c48b61db8c5d5761eaf4cdb5a0917c01ed81f344744637e2b77f4e0cc6045aed84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
eca57e5ef0af78b27d82857296c0fe7a

SHA1
fb989769c2b190afcb1e5a5f89bd4d548fab7328

SHA256
8629c3ede454ced40312029c9f5688ba52f53800fe7d079139867cdddadeced4

SHA512
9439f3bd1b9901fa72690b1b34b74e5ea00142eb75f93bac715d72ddcd9a34cdd83fce6019d499967c5bac3664e3db8bc556d56d278052eeff1f2d6db4037831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
7824c6f3c28d804a6879cc43b36b6e50

SHA1
b53ae06f9d609790d0cb0ab594798bace52afbc3

SHA256
b614e1cd9342299c7f1ed23681c24cb100edca9faa043b079a9977a40e3563b0

SHA512
5a45794733c6175ba2e473ff46b384268dfa95c5d2287855c1c4eed38d5a1b60eb660f0e892167ea6cfe7c4a2f41a269a7c417b6aa0c490ef7456fe0aa1a558d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
486c0ba3c40f318f63eeb672dea8e9bc

SHA1
514a5c631f695d33c1b356ccc5dcfcd6958110ba

SHA256
bc84486feee978c0fd5adaaf77ab1769a3d4fc730808932056ed17e222004214

SHA512
9939602ec87cb956fb54e773f50f33f2a43439caccd9d4c2ee5fcf46136a77fe7849c502c05b1c22c754660481fc62440e4047f3db5c704c4a60ba4f8b1e924c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
0d55ead056ee6cd5b9c9337d9d2f8eec

SHA1
efc67c232f5797c4ece46d16a85475a18f77445d

SHA256
d6a16f4dee5d7ecf7cf1215e0f7e90f0248cec5ea3bafc10d369a278a45e9b1b

SHA512
6fa7940c10eb479636d0a51e2c9fd39023b2734d399ddccb55bdc33ac6124bcfa6e6deb1234aebeb681380326bdfd078edecad25c241341c17f4272cd8810699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
599B

MD5
2ff59b916cbb7f57296f0a4ad0e80300

SHA1
7600ba5e9c73811166cc9701b36a3ce02ead8c4e

SHA256
5f9f6ace8b985a60d2d69c9b12f4f52e93a5ea7e8e92a771cddaaa6e82322cf7

SHA512
e3b63a2ddf831f773b2e62d3e3f8666f9eac65cdef0822223d17172db8aa86205851fdb89f6a8887fb233bb1f4d5018f036f60a3edec599ff3db0a02fe844dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
3d3e17a4cd2dec5e584d4d042ccecab1

SHA1
3ad680d61a7b330c2170b3a75af5d905ae7c6b0b

SHA256
f4922a6f16d33bde60d9bb2bb4c4806e560693315682e9afd17906ddeda9dfd1

SHA512
7014d83d254d282d2cd87ca278877e3731de0a547a03ac3d5c3c923160ecea467edca3d9cc27099b11e2b8071a7982e79491e41d34745d9806b63bd6f3875d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
f7cad764fd54ebefe99183f58a01d457

SHA1
f878b39fd7d718a4a6eef5aa82f32ab2ec48ee54

SHA256
0d9cca3ab6d383586f1d98d19a3f52184bc8a9e52947f8fbd4e713e5d970054a

SHA512
c1e9b51a9f06565d757d8a6ff84624641856bda68b1b48243e5ea77bb34e525aa2736e9b06c1bb8432c2ce74803b08594ff61291a25a3b7ca3d66674e9d1433e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
80ac7649b59fed4822574059d96f2f19

SHA1
c8b4262436a91c2f31b64b9411da057f499d52ed

SHA256
6693102f428ff38e8987ff84a607327930666cec5914fa88364e84bb392c9310

SHA512
91778b9915abd1598453ce44c10afb19c4e38c3fb2ad81f849b71e5fb7577aaaa567f20e88f6bd565ca8eca9ef81d29f9f7f4e703bc70e7990d86f8a845de736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5f0b5c261b434eb39ba47258c2bafc86

SHA1
5074f0cc2370161e4961d82f8490e7730555b095

SHA256
113e4f1ee793b4c28676d2c40512866b35a94267fbea42af74a7fc4f457495d5

SHA512
520bb06954dd818daf612da7cd9fcaca43ead86841bee7cb754f4bf122dd84417e1937bcc0835fea4112767bc8b85e8e24f68e830442b1ab741e46295852b761

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-C1870.tmp\Balatro-v1.0.0N_setup.tmp

Filesize
3.3MB

MD5
38cba9d73ebc0c709a9d668e61af0ec3

SHA1
87f9ddb512a40a371023358c4ee956dd65aad83e

SHA256
37736724bce0b4fde5c220992a28da4c697cb8e7f8428f598f1a4af1d402c29a

SHA512
6ef2e5908c5eb49cb19e80a74bf6bd8ce1f0def9366ed9b83cdac613eb1b57e32bff4aca528e07c705def1d7c9c6a09a0d15069af9b0b3aed43a539dd8b913a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R20QS.tmp\_isetup\_isdecmp.dll

Filesize
28KB

MD5
077cb4461a2767383b317eb0c50f5f13

SHA1
584e64f1d162398b7f377ce55a6b5740379c4282

SHA256
8287d0e287a66ee78537c8d1d98e426562b95c50f569b92cea9ce36a9fa57e64

SHA512
b1fcb0265697561ef497e6a60fcee99dc5ea0cf02b4010da9f5ed93bce88bdfea6bfe823a017487b8059158464ea29636aad8e5f9dd1e8b8a1b6eaaab670e547

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R20QS.tmp\botva2.dll

Filesize
41KB

MD5
ef899fa243c07b7b82b3a45f6ec36771

SHA1
4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

SHA256
da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

SHA512
3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R20QS.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
memory/624-54-0x0000000000400000-0x0000000000761000-memory.dmp

Filesize
3.4MB

Download
memory/624-6-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/624-22-0x0000000000400000-0x0000000000761000-memory.dmp

Filesize
3.4MB

Download
memory/624-133-0x0000000000400000-0x0000000000761000-memory.dmp

Filesize
3.4MB

Download
memory/624-20-0x0000000000400000-0x0000000000761000-memory.dmp

Filesize
3.4MB

Download
memory/624-23-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/624-25-0x0000000000400000-0x0000000000761000-memory.dmp

Filesize
3.4MB

Download
memory/624-126-0x0000000003B80000-0x0000000003B8F000-memory.dmp

Filesize
60KB

Download
memory/624-113-0x0000000000400000-0x0000000000761000-memory.dmp

Filesize
3.4MB

Download
memory/624-122-0x0000000000400000-0x0000000000761000-memory.dmp

Filesize
3.4MB

Download
memory/736-0-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/736-135-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/736-19-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download
memory/736-2-0x0000000000400000-0x0000000000525000-memory.dmp

Filesize
1.1MB

Download