File name:

крутая штука.exe

Full analysis: https://app.any.run/tasks/68a8e68f-913f-45e5-a6d3-dbc2d7398fd2
Verdict: Malicious activity
Analysis date: August 02, 2025, 15:35:56
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
roblox
arch-doc
arch-scr
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

3988B488CD69424AD53A45DAE629D196

SHA1:

031582FE3EC86087356BD919F72FCE1BBAF9C01E

SHA256:

241601993F53859CFB9CDCA7F1F44EC91271589BC3A1E91B57672714DA3A251D

SSDEEP:

98304:Ns0DXuIS1gKFLlJeTMmJAPrxD/gNkqXFJj6CkBSNp/ziBuI2LeTiXR1B6r+OKkTS:h6OFBwU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 6780)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • крутая штука.exe (PID: 888)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3732)
      • MicrosoftEdgeUpdate.exe (PID: 6780)
      • MicrosoftEdge_X64_138.0.3351.121.exe (PID: 4512)
      • setup.exe (PID: 5288)
      • RobloxPlayerBeta.exe (PID: 4700)
      • RobloxPlayerBeta.exe (PID: 5080)

    • Changes default file association

      • крутая штука.exe (PID: 888)

    • Process drops legitimate windows executable

      • MicrosoftEdgeWebview2Setup.exe (PID: 3732)
      • крутая штука.exe (PID: 888)
      • MicrosoftEdgeUpdate.exe (PID: 6780)
      • setup.exe (PID: 5288)
      • MicrosoftEdge_X64_138.0.3351.121.exe (PID: 4512)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 6780)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 6780)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdate.exe (PID: 4100)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6236)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5780)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6304)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 6780)
      • MicrosoftEdgeUpdate.exe (PID: 4948)

    • Application launched itself

      • setup.exe (PID: 5288)
      • MicrosoftEdgeUpdate.exe (PID: 4948)

    • Searches for installed software

      • setup.exe (PID: 5288)

    • Creates a software uninstall entry

      • setup.exe (PID: 5288)
      • крутая штука.exe (PID: 888)

    • Executes application which crashes

      • RobloxPlayerBeta.exe (PID: 5080)
      • крутая штука.exe (PID: 888)
      • RobloxPlayerBeta.exe (PID: 4700)

  • INFO

    • Checks supported languages

      • крутая штука.exe (PID: 888)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3732)
      • MicrosoftEdgeUpdate.exe (PID: 6780)
      • MicrosoftEdgeUpdate.exe (PID: 4100)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6236)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5780)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6304)
      • MicrosoftEdgeUpdate.exe (PID: 6332)
      • MicrosoftEdgeUpdate.exe (PID: 5744)
      • MicrosoftEdgeUpdate.exe (PID: 4948)
      • MicrosoftEdge_X64_138.0.3351.121.exe (PID: 4512)
      • setup.exe (PID: 856)
      • MicrosoftEdgeUpdate.exe (PID: 1808)
      • setup.exe (PID: 5288)
      • RobloxPlayerBeta.exe (PID: 5080)
      • RobloxPlayerBeta.exe (PID: 4700)

    • Creates files or folders in the user directory

      • крутая штука.exe (PID: 888)
      • MicrosoftEdgeUpdate.exe (PID: 6780)
      • MicrosoftEdgeUpdate.exe (PID: 4948)
      • MicrosoftEdge_X64_138.0.3351.121.exe (PID: 4512)
      • setup.exe (PID: 856)
      • setup.exe (PID: 5288)
      • WerFault.exe (PID: 6676)
      • WerFault.exe (PID: 1636)
      • WerFault.exe (PID: 5744)

    • The sample compiled with english language support

      • крутая штука.exe (PID: 888)
      • MicrosoftEdgeWebview2Setup.exe (PID: 3732)
      • MicrosoftEdgeUpdate.exe (PID: 6780)
      • MicrosoftEdge_X64_138.0.3351.121.exe (PID: 4512)
      • setup.exe (PID: 5288)

    • ROBLOX mutex has been found

      • крутая штука.exe (PID: 888)

    • Reads the computer name

      • крутая штука.exe (PID: 888)
      • MicrosoftEdgeUpdate.exe (PID: 6780)
      • MicrosoftEdgeUpdate.exe (PID: 4100)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6236)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5780)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6304)
      • MicrosoftEdgeUpdate.exe (PID: 6332)
      • MicrosoftEdgeUpdate.exe (PID: 5744)
      • MicrosoftEdgeUpdate.exe (PID: 4948)
      • MicrosoftEdge_X64_138.0.3351.121.exe (PID: 4512)
      • setup.exe (PID: 5288)
      • MicrosoftEdgeUpdate.exe (PID: 1808)

    • Reads the machine GUID from the registry

      • крутая штука.exe (PID: 888)
      • MicrosoftEdgeUpdate.exe (PID: 4948)

    • Process checks whether UAC notifications are on

      • крутая штука.exe (PID: 888)

    • Create files in a temporary directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 3732)
      • крутая штука.exe (PID: 888)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 6780)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 6332)
      • MicrosoftEdgeUpdate.exe (PID: 1808)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 6332)
      • MicrosoftEdgeUpdate.exe (PID: 4948)
      • MicrosoftEdgeUpdate.exe (PID: 1808)
      • WerFault.exe (PID: 6676)
      • WerFault.exe (PID: 5744)
      • WerFault.exe (PID: 1636)
      • slui.exe (PID: 6304)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 4948)
      • MicrosoftEdgeUpdate.exe (PID: 6332)
      • MicrosoftEdgeUpdate.exe (PID: 1808)
      • WerFault.exe (PID: 6676)
      • WerFault.exe (PID: 1636)
      • WerFault.exe (PID: 5744)
      • slui.exe (PID: 6304)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 6780)
      • setup.exe (PID: 5288)

    • Manual execution by a user

      • RobloxPlayerBeta.exe (PID: 4700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2043:09:09 01:58:27+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 5796864
InitializedDataSize: 2141184
UninitializedDataSize: -
EntryPoint: 0x521a55
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.6.1.15034
ProductVersionNumber: 1.6.1.15034
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Roblox Corporation
FileDescription: Roblox
FileVersion: 1, 6, 1, 6830778
LegalCopyright: Copyright © 2020 Roblox Corporation. All rights reserved.
OriginalFileName: Roblox.exe
ProductName: Roblox Bootstrapper
ProductVersion: 1, 6, 1, 6830778
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
20
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start крутая штука.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x64_138.0.3351.121.exe setup.exe setup.exe no specs slui.exe microsoftedgeupdate.exe robloxplayerbeta.exe werfault.exe werfault.exe robloxplayerbeta.exe werfault.exe

Process information

PID
CMD
Path
Indicators
Parent process
856C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{B83B4A85-E019-45EB-9962-4805962AE90F}\EDGEMITMP_7DBB6.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=138.0.7204.184 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{B83B4A85-E019-45EB-9962-4805962AE90F}\EDGEMITMP_7DBB6.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=138.0.3351.121 --initial-client-data=0x264,0x268,0x26c,0x224,0x270,0x7ff70d2af4c8,0x7ff70d2af4d4,0x7ff70d2af4e0C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{B83B4A85-E019-45EB-9962-4805962AE90F}\EDGEMITMP_7DBB6.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
138.0.3351.121
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{b83b4a85-e019-45eb-9962-4805962ae90f}\edgemitmp_7dbb6.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
888"C:\Users\admin\AppData\Local\Temp\крутая штука.exe" C:\Users\admin\AppData\Local\Temp\крутая штука.exe
explorer.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox
Exit code:
3221226356
Version:
1, 6, 1, 6830778
Modules
Images
c:\users\admin\appdata\local\temp\крутая штука.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1636C:\WINDOWS\SysWOW64\WerFault.exe -u -p 888 -s 856C:\Windows\SysWOW64\WerFault.exe
крутая штука.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
1808"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NkRCRENDNjEtRDI0RS00QUQ1LThCQUMtOUNDRDE4N0ZERDdBfSIgdXNlcmlkPSJ7ODdGNDQ2NzMtQzdCRC00RUVGLUJEQTgtNjIwOTRBNTk1RTVBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEQUQ2MDExRS0xNTY0LTQ3ODAtODVGRC1GQTczMUQ5N0Q3RTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzguMC4zMzUxLjEyMSIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjM5NTAyODM0NSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2Mzk1MTA0OTMwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY0ODk2OTkzNjEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzIwOWJjZjIyLWRiMjItNDM2OS05ZDAxLWU1YzFhMjEzMzQxZT9QMT0xNzU0NzUzNzc2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWVVUjJ6Z1BxUWk3N0dnMWZiN1BlTlZETkc4dThpN0NFQ2dXWXR1RzV4WEhPJTJiRzVBMWpRWDR3c0F0V1JrWDNWJTJmWSUyZmxYN1kyQUoxeHM4YWFNeTRGNjlBJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTc5ODU0OTI4IiB0b3RhbD0iMTc5ODU0OTI4IiBkb3dubG9hZF90aW1lX21zPSI2MjkyIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY0ODk4NzUyMjQiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjUwOTQzNjEwNCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTY4MzgzNTA5NjkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI3MzkiIGRvd25sb2FkX3RpbWVfbXM9Ijk0NzEiIGRvd25sb2FkZWQ9IjE3OTg1NDkyOCIgdG90YWw9IjE3OTg1NDkyOCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMzI4ODkiLz48L2FwcD48L3JlcXVlc3Q-C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3732MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Roblox\Versions\version-b8550645b8834e8a\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
крутая штука.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\roblox\versions\version-b8550645b8834e8a\webview2runtimeinstaller\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4100"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
4512"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{B83B4A85-E019-45EB-9962-4805962AE90F}\MicrosoftEdge_X64_138.0.3351.121.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{B83B4A85-E019-45EB-9962-4805962AE90F}\MicrosoftEdge_X64_138.0.3351.121.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
138.0.3351.121
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{b83b4a85-e019-45eb-9962-4805962ae90f}\microsoftedge_x64_138.0.3351.121.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4700"C:\Users\admin\AppData\Local\Roblox\Versions\version-b8550645b8834e8a\RobloxPlayerBeta.exe" C:\Users\admin\AppData\Local\Roblox\Versions\version-b8550645b8834e8a\RobloxPlayerBeta.exe
explorer.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox Game Client
Exit code:
3221225477
Version:
0, 684, 0, 6840690
Modules
Images
c:\users\admin\appdata\local\roblox\versions\version-b8550645b8834e8a\robloxplayerbeta.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\roblox\versions\version-b8550645b8834e8a\robloxplayerbeta.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
4948"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
5080"C:\Users\admin\AppData\Local\Roblox\Versions\version-b8550645b8834e8a\RobloxPlayerBeta.exe" -app -installerLaunchTimeEpochMs 0 -clientLaunchTimeEpochMs 0 -isInstallerLaunch 888C:\Users\admin\AppData\Local\Roblox\Versions\version-b8550645b8834e8a\RobloxPlayerBeta.exe
крутая штука.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox Game Client
Exit code:
3221225477
Version:
0, 684, 0, 6840690
Modules
Images
c:\users\admin\appdata\local\roblox\versions\version-b8550645b8834e8a\robloxplayerbeta.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\roblox\versions\version-b8550645b8834e8a\robloxplayerbeta.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
Total events
19 063
Read events
17 575
Write events
1 421
Delete events
67

Modification events

(PID) Process:(888) крутая штука.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio
Operation:writeName:WarnOnOpen
Value:
0
(PID) Process:(888) крутая штука.exeKey:HKEY_CLASSES_ROOT\roblox-studio
Operation:writeName:URL Protocol
Value:
(PID) Process:(888) крутая штука.exeKey:HKEY_CLASSES_ROOT\roblox-studio\shell\open\command
Operation:writeName:version
Value:
version-b9c0644a95304c8c
(PID) Process:(6780) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(6780) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(6780) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(6780) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.45
(PID) Process:(6780) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(6780) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.45
(PID) Process:(6780) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateCore.exe"
Executable files
208
Suspicious files
40
Text files
14
Unknown types
0

Dropped files

PID
Process
Filename
Type
888крутая штука.exeC:\Users\admin\AppData\Local\Roblox\logs\cacert.pemtext
MD5:18EB55403B6BFAF4927B174FC2A3AB66
SHA256:7570425CD2E18C5A5536887906B6C113F62A03C2744CFFA27FC6B9CA1AD91C2C
888крутая штука.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\527e13cb58d093f3afba4f5ea541e91d
MD5:
SHA256:
888крутая штука.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\909f4b9d7bc03a926d35e84d0c99ffbfcompressed
MD5:909F4B9D7BC03A926D35E84D0C99FFBF
SHA256:C139AD55ACEBF739689CC1E29F84BA7731DC7FFC03F70BBBBD16929E3D439EC0
888крутая штука.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\Roblox Studio.lnkbinary
MD5:B9D052EAEC4093C5E009A9D211EAEC28
SHA256:814B30FB9818CAFCA90AC841E5E46AC4182B6476F55C84631373C9D7F4070ECA
888крутая штука.exeC:\Users\admin\AppData\Local\Roblox\Versions\RobloxStudioInstaller.exeexecutable
MD5:DA49EF325A06AEBD9516FAC2A4FCBD7E
SHA256:837AC4ADBD77DE998DCE877152A7BF7431A09FC25D333036E93D8972FDC33DC5
888крутая штука.exeC:\Users\admin\Desktop\Roblox Studio.lnkbinary
MD5:E5A98AFB526FE21F3392CEEAF82B6FD6
SHA256:BC342D6716953E00FF15341F2DCC6B9462AAC6B97376CB4BC8CF485EFF3AA6E4
888крутая штука.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\ad69a48a01948752ceb600ff5c3d71b3compressed
MD5:AD69A48A01948752CEB600FF5C3D71B3
SHA256:61AE45001676C407E4078ED744FF798787451718E43B461EAC5FE50D29E51EB8
888крутая штука.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\8f379ec2b22ff106b837d79f7fdbf0d8compressed
MD5:8F379EC2B22FF106B837D79F7FDBF0D8
SHA256:6620658A6288E6B58B8D86AAEF4E7734E10778974E9A01D364FC7AAC4D35F10B
888крутая штука.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\006fd4bfd03bc325a797392360cbd3c4compressed
MD5:006FD4BFD03BC325A797392360CBD3C4
SHA256:D678F05EFE0953435B2545AA59D8151B4C053DB1394C1DC7FDA41115C00468AE
888крутая штука.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\3796ac2c0fc9a201c3eeb25fd6f1c2c3compressed
MD5:3796AC2C0FC9A201C3EEB25FD6F1C2C3
SHA256:EFEF5D3B4D59DC75B01F5D339A21A1971734B5D94609A511A9DAA8F20AB4AC5B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
52
DNS requests
34
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1864
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.11:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4888
svchost.exe
HEAD
200
23.50.131.72:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/209bcf22-db22-4369-9d01-e5c1a213341e?P1=1754753776&P2=404&P3=2&P4=eUR2zgPqQi77Gg1fb7PeNVDNG8u8i7CECgWYtuG5xXHO%2bG5A1jQX4wsAtWRkX3V%2fY%2flX7Y2AJ1xs8aaMy4F69A%3d%3d
unknown
whitelisted
4888
svchost.exe
GET
23.50.131.72:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/209bcf22-db22-4369-9d01-e5c1a213341e?P1=1754753776&P2=404&P3=2&P4=eUR2zgPqQi77Gg1fb7PeNVDNG8u8i7CECgWYtuG5xXHO%2bG5A1jQX4wsAtWRkX3V%2fY%2flX7Y2AJ1xs8aaMy4F69A%3d%3d
unknown
whitelisted
3688
SIHClient.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
3688
SIHClient.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6676
WerFault.exe
GET
200
23.216.77.4:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6676
WerFault.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5328
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5476
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
888
крутая штука.exe
128.116.44.3:443
ecsv2.roblox.com
ROBLOX-PRODUCTION
US
whitelisted
4
System
192.168.100.255:138
whitelisted
888
крутая штука.exe
23.45.109.46:443
clientsettingscdn.roblox.com
AKAMAI-AS
DE
whitelisted
888
крутая штука.exe
23.216.77.19:443
setup.rbxcdn.com
Akamai International B.V.
DE
whitelisted
1864
svchost.exe
40.126.31.73:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1864
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 216.58.206.46
whitelisted
ecsv2.roblox.com
  • 128.116.44.3
whitelisted
client-telemetry.roblox.com
  • 128.116.44.3
whitelisted
clientsettingscdn.roblox.com
  • 23.45.109.46
whitelisted
setup.rbxcdn.com
  • 23.216.77.19
  • 23.216.77.17
whitelisted
login.live.com
  • 40.126.31.73
  • 40.126.31.71
  • 40.126.31.131
  • 20.190.159.4
  • 40.126.31.3
  • 20.190.159.75
  • 40.126.31.67
  • 20.190.159.68
  • 20.190.160.22
  • 20.190.160.17
  • 40.126.32.68
  • 20.190.160.3
  • 40.126.32.136
  • 20.190.160.65
  • 40.126.32.76
  • 20.190.160.4
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
crl.microsoft.com
  • 23.216.77.11
  • 23.216.77.13
  • 23.216.77.12
  • 23.216.77.17
  • 23.216.77.21
  • 23.216.77.41
  • 23.216.77.7
  • 23.216.77.20
  • 23.216.77.15
  • 23.216.77.4
  • 23.216.77.39
  • 23.216.77.43
  • 23.216.77.31
  • 23.216.77.5
  • 23.216.77.33
  • 23.216.77.6
  • 23.216.77.42
whitelisted
www.microsoft.com
  • 69.192.161.161
whitelisted

Threats

PID
Process
Class
Message
4888
svchost.exe
Misc activity
ET INFO Packed Executable Download
Process
Message
крутая штука.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
крутая штука.exe