URL:

roblox.com/download

Full analysis: https://app.any.run/tasks/7a69cfcd-a86a-484b-8f7a-1de3aee5b946
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: January 30, 2026, 15:34:15
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
obfuscated-js
roblox
qrcode
loader
Indicators:
MD5:

30FFE9212386EB97F2CA5DC0D0AD3A0C

SHA1:

202E3C0624B544486663CBD54F843A8665FDA211

SHA256:

0A6CB3018F6BA0541DD1A6ED514C63947A61C588608BEBB03364CB508A31210A

SSDEEP:

3:MJ6IaKM:MNBM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 7472)

  • SUSPICIOUS

    • Changes default file association

      • RobloxPlayerInstaller.exe (PID: 6996)

    • Executable content was dropped or overwritten

      • RobloxPlayerInstaller.exe (PID: 6996)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5680)
      • MicrosoftEdgeUpdate.exe (PID: 7472)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 4964)
      • setup.exe (PID: 1080)

    • Process drops legitimate windows executable

      • RobloxPlayerInstaller.exe (PID: 6996)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5680)
      • MicrosoftEdgeUpdate.exe (PID: 7472)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 4964)
      • setup.exe (PID: 1080)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 7472)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7980)
      • MicrosoftEdgeUpdate.exe (PID: 936)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7580)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7756)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 7472)

    • Application launched itself

      • setup.exe (PID: 1080)
      • MicrosoftEdgeUpdate.exe (PID: 6568)

    • Executes application which crashes

      • RobloxPlayerBeta.exe (PID: 4700)

    • Searches for installed software

      • setup.exe (PID: 1080)

  • INFO

    • Drops script file

      • chrome.exe (PID: 4152)
      • RobloxPlayerInstaller.exe (PID: 6996)
      • setup.exe (PID: 1080)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 4152)

    • The sample compiled with english language support

      • chrome.exe (PID: 4152)
      • RobloxPlayerInstaller.exe (PID: 6996)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5680)
      • MicrosoftEdgeUpdate.exe (PID: 7472)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 4964)
      • setup.exe (PID: 1080)

    • Launching a file from the Downloads directory

      • chrome.exe (PID: 4152)

    • Application launched itself

      • chrome.exe (PID: 4152)

    • Checks supported languages

      • RobloxPlayerInstaller.exe (PID: 6996)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5680)
      • MicrosoftEdgeUpdate.exe (PID: 7472)
      • MicrosoftEdgeUpdate.exe (PID: 936)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7980)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7580)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7756)
      • MicrosoftEdgeUpdate.exe (PID: 6332)
      • MicrosoftEdgeUpdate.exe (PID: 5040)
      • MicrosoftEdgeUpdate.exe (PID: 6568)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 4964)
      • setup.exe (PID: 1080)
      • setup.exe (PID: 8728)
      • MicrosoftEdgeUpdate.exe (PID: 1824)
      • RobloxPlayerBeta.exe (PID: 4700)

    • ROBLOX mutex has been found

      • RobloxPlayerInstaller.exe (PID: 6996)

    • Creates files or folders in the user directory

      • RobloxPlayerInstaller.exe (PID: 6996)
      • MicrosoftEdgeUpdate.exe (PID: 7472)
      • MicrosoftEdgeUpdate.exe (PID: 6568)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 4964)
      • setup.exe (PID: 8728)
      • setup.exe (PID: 1080)

    • Reads the computer name

      • RobloxPlayerInstaller.exe (PID: 6996)
      • MicrosoftEdgeUpdate.exe (PID: 7472)
      • MicrosoftEdgeUpdate.exe (PID: 936)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7980)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7580)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7756)
      • MicrosoftEdgeUpdate.exe (PID: 6332)
      • MicrosoftEdgeUpdate.exe (PID: 5040)
      • MicrosoftEdgeUpdate.exe (PID: 6568)
      • MicrosoftEdge_X64_144.0.3719.93.exe (PID: 4964)
      • setup.exe (PID: 1080)
      • MicrosoftEdgeUpdate.exe (PID: 1824)

    • Reads the machine GUID from the registry

      • RobloxPlayerInstaller.exe (PID: 6996)
      • MicrosoftEdgeUpdate.exe (PID: 6568)

    • Process checks whether UAC notifications are on

      • RobloxPlayerInstaller.exe (PID: 6996)

    • Create files in a temporary directory

      • RobloxPlayerInstaller.exe (PID: 6996)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5680)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 7472)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 7472)
      • setup.exe (PID: 1080)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 7472)
      • MicrosoftEdgeUpdate.exe (PID: 6568)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 6332)
      • MicrosoftEdgeUpdate.exe (PID: 6568)
      • slui.exe (PID: 1400)
      • MicrosoftEdgeUpdate.exe (PID: 1824)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 6332)
      • MicrosoftEdgeUpdate.exe (PID: 1824)

    • Creates a software uninstall entry

      • RobloxPlayerInstaller.exe (PID: 6996)
      • setup.exe (PID: 1080)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
215
Monitored processes
59
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs robloxplayerinstaller.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x64_144.0.3719.93.exe setup.exe setup.exe no specs slui.exe chrome.exe no specs microsoftedgeupdate.exe robloxplayerbeta.exe werfault.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
524"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --string-annotations --field-trial-handle=6264,i,6252792782109578414,1350702154643130282,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=6256 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
752"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=5836,i,6252792782109578414,1350702154643130282,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5732 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
936"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1080"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5964,i,6252792782109578414,1350702154643130282,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=6132 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1080"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{0C0EB6FE-627D-44F1-98CC-3E81174FC390}\EDGEMITMP_FBC4B.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{0C0EB6FE-627D-44F1-98CC-3E81174FC390}\MicrosoftEdge_X64_144.0.3719.93.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{0C0EB6FE-627D-44F1-98CC-3E81174FC390}\EDGEMITMP_FBC4B.tmp\setup.exe
MicrosoftEdge_X64_144.0.3719.93.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
144.0.3719.93
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{0c0eb6fe-627d-44f1-98cc-3e81174fc390}\edgemitmp_fbc4b.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1400C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1520"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=5872,i,6252792782109578414,1350702154643130282,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5840 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1672"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5760,i,6252792782109578414,1350702154643130282,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=3236 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1824"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --string-annotations --field-trial-handle=5692,i,6252792782109578414,1350702154643130282,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=6288 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1824"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7QTkzQTNEOTMtQjY3RS00QjhDLUExRTEtQTA2NjlBOEJDQzU4fSIgdXNlcmlkPSJ7NEQ3RkI0QjYtNTU3MS00OEQ0LUJDMjItMEZCNDIxMDA4RkZEfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins1MDhEMEM1Ri01RENGLTRFQkItODc0Mi05NUVDRENDNTNERkR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNiIgcGh5c21lbW9yeT0iNiIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDsrWkZBajNTT0lJNUJKem9HdXo4T3ByMGhaOEgvckR6cWIvUVZyM1BZaDRJPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxNDQuMC4zNzE5LjkzIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMTcyMzgxMDUxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAxNzI0NDEwMzYiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDI5NjU2MzAzNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZmQwYzdmZTktNmZkNy00MWM0LWJlZGItNDU1NTg0ZjdjYTk1P1AxPTE3NzAzOTIwOTImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SmRxRE9sNEtwJTJmJTJmRkduRXBLZDYxc1VRNUw0S09VUFNmcmJNOGlrU2U0TFpqeW84ZmZHQzIxeGxzajFoaG5ETWppZEhSaWVWNmdPbCUyYjdqSjV0JTJiU2FrdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4NTE3NDA3MiIgdG90YWw9IjE4NTE3NDA3MiIgZG93bmxvYWRfdGltZV9tcz0iOTgzMSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMjk2NzQzMDA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAzMTM3OTE4OTgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwNjA0NzMzNDYxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMjI0IiBkb3dubG9hZF90aW1lX21zPSIxMjQyNiIgZG93bmxvYWRlZD0iMTg1MTc0MDcyIiB0b3RhbD0iMTg1MTc0MDcyIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIyOTA5MiIvPjwvYXBwPjwvcmVxdWVzdD4C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
Total events
12 629
Read events
11 179
Write events
1 384
Delete events
66

Modification events

(PID) Process:(6996) RobloxPlayerInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio
Operation:writeName:WarnOnOpen
Value:
0
(PID) Process:(6996) RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio
Operation:writeName:URL Protocol
Value:
(PID) Process:(6996) RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio\shell\open\command
Operation:writeName:version
Value:
version-dabb43efc3a944c6
(PID) Process:(7472) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(7472) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(7472) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(7472) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.45
(PID) Process:(7472) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(7472) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.45
(PID) Process:(7472) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateCore.exe"
Executable files
210
Suspicious files
558
Text files
149
Unknown types
0

Dropped files

PID
Process
Filename
Type
4152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old~RF1e4f08.TMP
MD5:
SHA256:
4152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF1e4f08.TMP
MD5:
SHA256:
4152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
4152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
4152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF1e4f08.TMP
MD5:
SHA256:
4152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF1e4f08.TMP
MD5:
SHA256:
4152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
4152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF1e4f18.TMP
MD5:
SHA256:
4152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4152chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
371
TCP/UDP connections
99
DNS requests
90
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7376
chrome.exe
GET
308
128.116.31.3:443
https://roblox.com/download
US
unknown
7376
chrome.exe
GET
200
142.251.141.138:443
https://safebrowsingohttpgateway.googleapis.com/v1/ohttp/hpkekeyconfig?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
US
binary
41 b
whitelisted
7376
chrome.exe
GET
200
172.217.208.94:443
https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=133
US
compressed
82.9 Kb
whitelisted
7376
chrome.exe
POST
200
142.251.127.84:443
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
US
text
17 b
whitelisted
7376
chrome.exe
GET
200
128.116.44.3:443
https://www.roblox.com/download
US
text
55.1 Kb
unknown
7376
chrome.exe
GET
200
128.116.44.3:443
https://www.roblox.com/js/utilities/bundleVerifier.js?v=91dceb4978eda412b09842312dd6cbaa
US
text
11.0 Kb
unknown
7376
chrome.exe
GET
200
18.66.112.38:443
https://css.rbxcdn.com/c065e7b41147590230d3aa4305b8cc656780f5e0fdb347d6e97cd916f7f42b16-StyleGuide.css
US
text
128 Kb
unknown
7376
chrome.exe
GET
200
18.66.112.38:443
https://css.rbxcdn.com/ce113720f4c1602bb4db7e35d0a4fd637f223e8936fe5779650bda23074663f2.css
US
text
21.2 Kb
unknown
7376
chrome.exe
GET
200
18.66.112.38:443
https://css.rbxcdn.com/d7d4183c8033d692e0ca8ad5222b943fe27879f9a771c9bd98165ccc4e270d7b-Thumbnails.css
US
text
2.17 Kb
unknown
7376
chrome.exe
GET
200
18.66.112.38:443
https://css.rbxcdn.com/7e348738266e9ea2bae9314a2d26b33618c6f4cf3c527b11023620d973c6e7fc.css
US
text
2.39 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
7004
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8844
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7376
chrome.exe
142.251.141.138:443
safebrowsingohttpgateway.googleapis.com
GOOGLE
US
whitelisted
7376
chrome.exe
142.251.208.174:80
clients2.google.com
GOOGLE
US
whitelisted
7376
chrome.exe
172.217.208.94:443
clientservices.googleapis.com
GOOGLE
US
whitelisted
7376
chrome.exe
128.116.31.3:80
roblox.com
ROBLOX-PRODUCTION
US
whitelisted
7376
chrome.exe
142.251.127.84:443
accounts.google.com
GOOGLE
US
whitelisted
7376
chrome.exe
128.116.31.3:443
roblox.com
ROBLOX-PRODUCTION
US
whitelisted

DNS requests

Domain
IP
Reputation
self.events.data.microsoft.com
  • 52.138.229.66
  • 20.50.73.10
whitelisted
google.com
  • 142.251.141.110
whitelisted
clients2.google.com
  • 142.251.208.174
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.251.141.138
  • 142.250.201.74
  • 142.251.140.170
  • 142.250.185.170
  • 142.251.141.106
  • 172.217.18.10
  • 172.217.16.202
  • 216.58.206.42
  • 172.217.16.170
  • 216.58.206.74
  • 142.251.208.170
  • 192.178.170.95
  • 142.250.185.138
  • 142.251.208.10
  • 172.217.20.138
  • 142.250.184.234
whitelisted
roblox.com
  • 128.116.31.3
whitelisted
clientservices.googleapis.com
  • 172.217.208.94
whitelisted
accounts.google.com
  • 142.251.127.84
whitelisted
www.roblox.com
  • 128.116.44.3
whitelisted
css.rbxcdn.com
  • 18.66.112.38
  • 18.66.112.18
  • 18.66.112.62
  • 18.66.112.121
whitelisted
static.rbxcdn.com
  • 23.207.210.79
  • 23.207.210.90
whitelisted

Threats

PID
Process
Class
Message
7376
chrome.exe
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
7376
chrome.exe
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
7376
chrome.exe
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
7004
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7376
chrome.exe
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
5892
svchost.exe
Misc activity
ET INFO Packed Executable Download
7376
chrome.exe
Potentially Bad Traffic
ET INFO PE EXE or DLL Windows file download HTTP
7376
chrome.exe
Potentially Bad Traffic
ET INFO Executable served from Amazon S3
7376
chrome.exe
Misc activity
ET INFO EXE - Served Inline HTTP
6996
RobloxPlayerInstaller.exe
Potentially Bad Traffic
ET INFO PE EXE or DLL Windows file download HTTP
Process
Message
RobloxPlayerInstaller.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
roblox.com/download