File name:

Roblox Checker.zip

Full analysis: https://app.any.run/tasks/c4844261-f78b-4833-8c59-2ba51148c98f
Verdict: Malicious activity
Analysis date: February 21, 2026, 09:20:11
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
golang
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

17DE70CC839ABE72290E1EC227C20929

SHA1:

B2D0AA56C5A47435229E4EB6DA9BD9F5A279834C

SHA256:

8C9D43798F95E4C91CB25C4FA43099B7240F7EE3ACD4FC7775C96DF8E322ED5C

SSDEEP:

98304:hGjWAaSJgvqXouC3G856/RXPxn9XFtThsSavuKSXIqcQZWMr9v/HnXd0aDDMYh6Q:5dSAho5VaZauO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 7616)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 8124)

    • Potential DLL hijacking behavior detected

      • msedgewebview2.exe (PID: 8016)

  • SUSPICIOUS

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeWebview2Setup.exe (PID: 5524)
      • MicrosoftEdgeUpdate.exe (PID: 8124)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 8124)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7464)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5916)
      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1108)

    • Application launched itself

      • setup.exe (PID: 4176)
      • MicrosoftEdgeUpdate.exe (PID: 1504)
      • msedgewebview2.exe (PID: 7636)

    • Searches for installed software

      • setup.exe (PID: 4176)
      • msedgewebview2.exe (PID: 7636)

  • INFO

    • Reads the computer name

      • Roblox Checker.exe (PID: 1996)
      • MicrosoftEdgeUpdate.exe (PID: 8124)
      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7464)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1108)
      • MicrosoftEdgeUpdate.exe (PID: 7576)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5916)
      • MicrosoftEdgeUpdate.exe (PID: 2324)
      • MicrosoftEdgeUpdate.exe (PID: 1504)
      • MicrosoftEdge_X64_145.0.3800.70.exe (PID: 2116)
      • setup.exe (PID: 4176)
      • MicrosoftEdgeUpdate.exe (PID: 7368)
      • msedgewebview2.exe (PID: 7636)
      • msedgewebview2.exe (PID: 8016)
      • msedgewebview2.exe (PID: 5224)

    • Create files in a temporary directory

      • MicrosoftEdgeUpdate.exe (PID: 8124)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5524)
      • Roblox Checker.exe (PID: 1996)
      • msedgewebview2.exe (PID: 7636)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 8124)
      • MicrosoftEdgeUpdate.exe (PID: 1504)
      • MicrosoftEdge_X64_145.0.3800.70.exe (PID: 2116)
      • setup.exe (PID: 1860)
      • setup.exe (PID: 4176)
      • msedgewebview2.exe (PID: 7636)
      • msedgewebview2.exe (PID: 900)
      • msedgewebview2.exe (PID: 5224)

    • Checks supported languages

      • MicrosoftEdgeUpdate.exe (PID: 8124)
      • Roblox Checker.exe (PID: 1996)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5524)
      • MicrosoftEdgeUpdate.exe (PID: 7588)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7464)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1108)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5916)
      • MicrosoftEdgeUpdate.exe (PID: 2324)
      • MicrosoftEdgeUpdate.exe (PID: 7576)
      • MicrosoftEdgeUpdate.exe (PID: 1504)
      • setup.exe (PID: 4176)
      • MicrosoftEdge_X64_145.0.3800.70.exe (PID: 2116)
      • setup.exe (PID: 1860)
      • MicrosoftEdgeUpdate.exe (PID: 7368)
      • msedgewebview2.exe (PID: 7636)
      • msedgewebview2.exe (PID: 900)
      • msedgewebview2.exe (PID: 8016)
      • msedgewebview2.exe (PID: 5224)
      • msedgewebview2.exe (PID: 7464)
      • msedgewebview2.exe (PID: 7576)

    • Reads the machine GUID from the registry

      • Roblox Checker.exe (PID: 1996)
      • MicrosoftEdgeUpdate.exe (PID: 1504)
      • msedgewebview2.exe (PID: 7636)

    • Reads Environment values

      • Roblox Checker.exe (PID: 1996)
      • MicrosoftEdgeUpdate.exe (PID: 7576)
      • MicrosoftEdgeUpdate.exe (PID: 7368)
      • msedgewebview2.exe (PID: 7636)

    • Manual execution by a user

      • Roblox Checker.exe (PID: 1996)
      • notepad++.exe (PID: 7196)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7616)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 8124)

    • Application based on Golang

      • Roblox Checker.exe (PID: 1996)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 8124)
      • MicrosoftEdgeUpdate.exe (PID: 1504)
      • msedgewebview2.exe (PID: 7636)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 7576)
      • MicrosoftEdgeUpdate.exe (PID: 1504)
      • MicrosoftEdgeUpdate.exe (PID: 7368)
      • msedgewebview2.exe (PID: 7636)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 8124)
      • setup.exe (PID: 4176)
      • msedgewebview2.exe (PID: 7636)
      • msedgewebview2.exe (PID: 7576)

    • Creates a software uninstall entry

      • setup.exe (PID: 4176)

    • Drops script file

      • setup.exe (PID: 4176)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2025:07:30 12:56:42
ZipCRC: 0xaf6cf6cf
ZipCompressedSize: 88
ZipUncompressedSize: 105
ZipFileName: config.dat
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
164
Monitored processes
22
Malicious processes
2
Suspicious processes
3

Behavior graph

Click at the process to see the details
start winrar.exe roblox checker.exe microsoftedgewebview2setup.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x64_145.0.3800.70.exe no specs setup.exe no specs setup.exe no specs microsoftedgeupdate.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs notepad++.exe

Process information

PID
CMD
Path
Indicators
Parent process
900C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exe --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Roaming\Roblox Checker.exe\EBWebView" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Roaming\Roblox Checker.exe\EBWebView\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=145.0.7632.110 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exe --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=145.0.3800.70 --initial-client-data=0x1ac,0x1b0,0x1b4,0x188,0x1bc,0x7ffe22670f18,0x7ffe22670f24,0x7ffe22670f30C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
145.0.3800.70
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
1108"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.221.3\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.221.3\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.221.3\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1504"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
1860C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{CF2DF436-0111-4DCF-AB8F-936584A2DCD9}\EDGEMITMP_FFE3F.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=145.0.7632.110 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{CF2DF436-0111-4DCF-AB8F-936584A2DCD9}\EDGEMITMP_FFE3F.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=145.0.3800.70 --initial-client-data=0x2b8,0x2bc,0x2c0,0x1c0,0x2c4,0x7ff6b2cacc68,0x7ff6b2cacc74,0x7ff6b2cacc80C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{CF2DF436-0111-4DCF-AB8F-936584A2DCD9}\EDGEMITMP_FFE3F.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
145.0.3800.70
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{cf2df436-0111-4dcf-ab8f-936584a2dcd9}\edgemitmp_ffe3f.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1996"C:\Users\admin\Desktop\New folder\Roblox Checker.exe" C:\Users\admin\Desktop\New folder\Roblox Checker.exe
explorer.exe
User:
admin
Company:
frontend
Integrity Level:
MEDIUM
Description:
frontend
Exit code:
0
Modules
Images
c:\users\admin\desktop\new folder\roblox checker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\umpdc.dll
2116"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{CF2DF436-0111-4DCF-AB8F-936584A2DCD9}\MicrosoftEdge_X64_145.0.3800.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{CF2DF436-0111-4DCF-AB8F-936584A2DCD9}\MicrosoftEdge_X64_145.0.3800.70.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
145.0.3800.70
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{cf2df436-0111-4dcf-ab8f-936584a2dcd9}\microsoftedge_x64_145.0.3800.70.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2324"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource taggedmi /sessionid "{8C5109EC-8156-4B34-97E5-A84A124B4F3D}"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
4176"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{CF2DF436-0111-4DCF-AB8F-936584A2DCD9}\EDGEMITMP_FFE3F.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{CF2DF436-0111-4DCF-AB8F-936584A2DCD9}\MicrosoftEdge_X64_145.0.3800.70.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{CF2DF436-0111-4DCF-AB8F-936584A2DCD9}\EDGEMITMP_FFE3F.tmp\setup.exeMicrosoftEdge_X64_145.0.3800.70.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
145.0.3800.70
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{cf2df436-0111-4dcf-ab8f-936584a2dcd9}\edgemitmp_ffe3f.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
5224"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Roaming\Roblox Checker.exe\EBWebView" --webview-exe-name="Roblox Checker.exe" --webview-exe-version=1.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --startup-read-main-dll --metrics-shmem-handle=2184,i,16150924827021103558,5476470135297965877,524288 --field-trial-handle=1912,i,8192434044463797127,7119543101427189446,262144 --disable-features=msSmartScreenProtection --variations-seed-version --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2188 /prefetch:3C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.70\msedgewebview2.exe
msedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
145.0.3800.70
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.70\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
5524C:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exeRoblox Checker.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.221.3
Modules
Images
c:\users\admin\appdata\local\temp\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
16 513
Read events
14 689
Write events
1 756
Delete events
68

Modification events

(PID) Process:(7616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(7616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(7616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(7616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(7616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Downloads\chromium_build 1.zip
(PID) Process:(7616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Roblox Checker.zip
(PID) Process:(7616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(7616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(7616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(7616) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
1
Suspicious files
0
Text files
1
Unknown types
417

Dropped files

PID
Process
Filename
Type
7616WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7616.27668\config.dattext
MD5:8476BC3EDFE5887EED4AA5A8E6C7EA19
SHA256:A7B79ABAB49C763709CD31627F372A73F265BF7B0323C94B4C99A87E80D01C3B
1996Roblox Checker.exeC:\Users\admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exebinary
MD5:4963BC6DD4C041E9E594D711CD99C54E
SHA256:79859394908084C68804BC6C43B5FD090B1D2D76434645EE2F3A76CED4153594
5524MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUB413.tmp\MicrosoftEdgeUpdateBroker.exebinary
MD5:E0802BD529DBF3BE1A5DE571309456E1
SHA256:0BDB48974D355374545F7051F308F3B0EB83C3E95D1A6515F7F93E994B2B9A80
7616WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa7616.27668\Roblox Checker.exeexecutable
MD5:EF4AEA7A9C9845FBA38030D9DC3EE28C
SHA256:3060E72216167C02002C8D18CCE7E46289276DB37AF5FCD5E9DEE1053A5CADAC
5524MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUB413.tmp\MicrosoftEdgeUpdateOnDemand.exebinary
MD5:F2AF6006DDAC988DBD1D84831F05EAF7
SHA256:367F84404016930A181CC40AFEBCF76A823DDED553BBD2D945F0475CCC5FB560
5524MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUB413.tmp\msedgeupdate.dllbinary
MD5:199E86B43574D222A7F31BCAD7128CFD
SHA256:ED5D86ADA7FD09E6477F701C38E1B948F36449BDFDB6E9A3280C27343E211909
5524MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUB413.tmp\EdgeUpdate.datbinary
MD5:369BBC37CFF290ADB8963DC5E518B9B8
SHA256:3D7EC761BEF1B1AF418B909F1C81CE577C769722957713FDAFBC8131B0A0C7D3
5524MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUB413.tmp\MicrosoftEdgeUpdate.exebinary
MD5:F85E34009D3CCFE408B8B59584336EB8
SHA256:9205A5B4562CE19BA12B3D79EBB18F24402BDCD9FCE4D0DF23D6B814202A38DD
5524MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUB413.tmp\MicrosoftEdgeComRegisterShellARM64.exebinary
MD5:AB0CA151D798E72EE2D65B558A7718E2
SHA256:F8BD62F19AC0610C98724F507F07BB5D2CAF94CEA27F26882A5A8A4B8422A51B
5524MicrosoftEdgeWebview2Setup.exeC:\Users\admin\AppData\Local\Temp\EUB413.tmp\psmachine_arm64.dllbinary
MD5:BB0C2AE5DD201B97EE96CDEF3A5B8749
SHA256:D986134D9CF5040BAF40EF878BF67C4FC7A2E5A758624C75B3D9CEA591F82277
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
48
DNS requests
38
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
4.231.128.59:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
unknown
whitelisted
8116
SIHClient.exe
GET
304
74.179.77.204:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
8116
SIHClient.exe
GET
200
13.95.31.18:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
whitelisted
8116
SIHClient.exe
GET
200
74.179.77.204:443
https://slscr.update.microsoft.com/sls/ping
unknown
whitelisted
8116
SIHClient.exe
GET
304
74.179.77.204:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
whitelisted
5100
svchost.exe
GET
304
51.124.78.146:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
unknown
whitelisted
7368
MicrosoftEdgeUpdate.exe
GET
304
52.123.243.195:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.221.3?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_webview=5&appConsentState_webview=0&appDayOfInstall_webview=-1&appInactivityBadgeApplied_webview=0&appInactivityBadgeCleared_webview=0&appInactivityBadgeDuration_webview=0&appInstallTimeDiffSec_webview=-86400&appIsPinnedSystem_webview=false&appLang_webview=en&appLastLaunchCount_webview=0&appLastLaunchTime_webview=0&appLastLaunchTimeJson_webview=0&appLastLaunchTimeDaysAgo_webview=0&appVersion_webview=145.0.3800.70&appUpdateCheckIsUpdateDisabled_webview=false&appUpdatesAllowedForMeteredNetworks_webview=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=6&hwPhysmemory=6&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=taggedmi&requestIsMachine=false&requestOmahaShellVersion=1.3.221.3&requestOmahaVersion=1.3.221.3
unknown
unknown
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
unknown
whitelisted
7576
MicrosoftEdgeUpdate.exe
GET
200
52.123.243.183:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.221.3?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_edgeupdate=6&appConsentState_edgeupdate=0&appDayOfInstall_edgeupdate=0&appInactivityBadgeApplied_edgeupdate=0&appInactivityBadgeCleared_edgeupdate=0&appInactivityBadgeDuration_edgeupdate=0&appInstallTimeDiffSec_edgeupdate=0&appIsPinnedSystem_edgeupdate=false&appLastLaunchCount_edgeupdate=0&appLastLaunchTime_edgeupdate=0&appLastLaunchTimeJson_edgeupdate=0&appLastLaunchTimeDaysAgo_edgeupdate=0&appVersion_edgeupdate=1.3.221.3&appUpdateCheckIsUpdateDisabled_edgeupdate=false&appUpdatesAllowedForMeteredNetworks_edgeupdate=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=6&hwPhysmemory=6&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=taggedmi&requestIsMachine=false&requestOmahaShellVersion=1.3.221.3&requestOmahaVersion=1.3.221.3
unknown
binary
430 b
unknown
7248
svchost.exe
POST
200
20.190.159.2:443
https://login.live.com/RST2.srf
unknown
binary
10.3 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5100
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
92.123.104.53:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7248
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
  • 4.231.128.59
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
www.bing.com
  • 92.123.104.53
  • 92.123.104.57
  • 92.123.104.50
  • 92.123.104.52
  • 92.123.104.49
  • 92.123.104.56
  • 92.123.104.37
  • 92.123.104.58
  • 92.123.104.34
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
google.com
  • 142.251.37.14
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.159.2
  • 40.126.31.131
  • 40.126.31.73
  • 20.190.159.73
  • 20.190.159.23
  • 20.190.159.71
  • 40.126.31.67
  • 40.126.31.69
  • 20.190.160.66
  • 20.190.160.65
  • 20.190.160.132
  • 20.190.160.128
  • 20.190.160.131
  • 20.190.160.4
  • 20.190.160.20
  • 20.190.160.64
whitelisted
licensing.mp.microsoft.com
  • 135.236.174.218
whitelisted
self.events.data.microsoft.com
  • 51.116.246.105
whitelisted

Threats

PID
Process
Class
Message
5100
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7384
svchost.exe
Misc activity
ET INFO Packed Executable Download
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Roaming directory exists )
Roblox Checker.exe
Warning: AddWebResourceRequestedFilter without SourceKind parameter is deprecated! It does not behave as expected for iframes.Please use AddWebResourceRequestedFilterWithRequestSourceKinds instead. For more information, please see https://go.microsoft.com/fwlink/?linkid=2286319
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
ED255D9151912E40DF048A56288E969A8D0DAFA3
notepad++.exe
VerifyLibrary: certificate revocation checking is disabled
notepad++.exe
VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
notepad++.exe
VerifyLibrary: error while getting certificate informations
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Roblox Checker.zip