URL:

https://roblox.en.download.it/

Full analysis: https://app.any.run/tasks/16f2a600-2f0b-4641-9e2a-80dde84ee017
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: March 27, 2026, 05:27:50
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
obfuscated-js
loader
delphi
inno
installer
bundleinstaller
adware
innosetup
roblox
arch-doc
arch-scr
arch-exec
Indicators:
MD5:

7C2995634E3566D95218156CFC8848F5

SHA1:

F9F4656038BEDC3D3701529C49FE245C6520BEE1

SHA256:

CD77CBBD0C0A21A34A03B5D1C92CC9E3551ED5F45E31D17353BDBF5BFCF186DC

SSDEEP:

3:N8e0YBzKWf:2PYBzlf

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • ADWARE has been detected (SURICATA)

      • roblox_hpWo-y1.tmp (PID: 5716)

    • Bundleinstaller mutex has been found

      • roblox_hpWo-y1.tmp (PID: 5716)

    • INNOSETUP has been detected (SURICATA)

      • roblox_hpWo-y1.tmp (PID: 5716)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • roblox_hpWo-y1.exe (PID: 4260)
      • roblox_hpWo-y1.exe (PID: 6752)
      • roblox_hpWo-y1.tmp (PID: 5716)
      • roblox.exe (PID: 6092)
      • MicrosoftEdgeWebview2Setup.exe (PID: 9072)

    • Reads the Windows owner or organization settings

      • roblox_hpWo-y1.tmp (PID: 5716)

    • Access to an unwanted program domain was detected

      • roblox_hpWo-y1.tmp (PID: 5716)

    • Changes default file association

      • roblox.exe (PID: 6092)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 9128)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 9128)

  • INFO

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4696)
      • roblox_hpWo-y1.tmp (PID: 7880)
      • roblox_hpWo-y1.tmp (PID: 5716)
      • MicrosoftEdgeUpdate.exe (PID: 9128)

    • Application launched itself

      • chrome.exe (PID: 2876)
      • msedge.exe (PID: 3092)
      • msedge.exe (PID: 5412)
      • msedge.exe (PID: 2432)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 7728)
      • chrome.exe (PID: 2876)

    • Reads the computer name

      • roblox_hpWo-y1.tmp (PID: 7880)
      • roblox_hpWo-y1.exe (PID: 6752)
      • roblox_hpWo-y1.tmp (PID: 5716)
      • roblox.exe (PID: 6092)
      • identity_helper.exe (PID: 8828)
      • MicrosoftEdgeUpdate.exe (PID: 9128)

    • Launching a file from the Downloads directory

      • chrome.exe (PID: 2876)

    • Checks supported languages

      • roblox_hpWo-y1.exe (PID: 4260)
      • roblox_hpWo-y1.tmp (PID: 7880)
      • roblox_hpWo-y1.exe (PID: 6752)
      • roblox_hpWo-y1.tmp (PID: 5716)
      • roblox.exe (PID: 6092)
      • identity_helper.exe (PID: 8828)
      • MicrosoftEdgeWebview2Setup.exe (PID: 9072)
      • MicrosoftEdgeUpdate.exe (PID: 9128)
      • RobloxPlayerBeta.exe (PID: 8336)

    • Create files in a temporary directory

      • roblox_hpWo-y1.exe (PID: 4260)
      • roblox_hpWo-y1.exe (PID: 6752)
      • roblox_hpWo-y1.tmp (PID: 5716)
      • roblox.exe (PID: 6092)

    • Creates files or folders in the user directory

      • explorer.exe (PID: 4696)
      • roblox.exe (PID: 6092)
      • wermgr.exe (PID: 9204)

    • Detects InnoSetup installer (YARA)

      • roblox_hpWo-y1.exe (PID: 4260)
      • roblox_hpWo-y1.tmp (PID: 5716)
      • roblox_hpWo-y1.exe (PID: 6752)
      • roblox_hpWo-y1.tmp (PID: 7880)

    • Compiled with Borland Delphi (YARA)

      • roblox_hpWo-y1.exe (PID: 4260)
      • roblox_hpWo-y1.tmp (PID: 7880)
      • roblox_hpWo-y1.exe (PID: 6752)
      • roblox_hpWo-y1.tmp (PID: 5716)

    • The sample compiled with english language support

      • roblox_hpWo-y1.tmp (PID: 5716)
      • roblox.exe (PID: 6092)
      • MicrosoftEdgeWebview2Setup.exe (PID: 9072)
      • MicrosoftEdgeUpdate.exe (PID: 9128)

    • Reads the machine GUID from the registry

      • roblox_hpWo-y1.tmp (PID: 5716)
      • roblox.exe (PID: 6092)

    • Creates files in the program directory

      • roblox.exe (PID: 6092)
      • MicrosoftEdgeWebview2Setup.exe (PID: 9072)

    • ROBLOX mutex has been found

      • roblox.exe (PID: 6092)

    • Reads Environment values

      • identity_helper.exe (PID: 8828)
      • MicrosoftEdgeUpdate.exe (PID: 9128)

    • Process checks whether UAC notifications are on

      • roblox.exe (PID: 6092)

    • Creates a software uninstall entry

      • roblox.exe (PID: 6092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
221
Monitored processes
79
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs roblox_hpwo-y1.exe roblox_hpwo-y1.tmp no specs roblox_hpwo-y1.exe #ADWARE roblox_hpwo-y1.tmp explorer.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs roblox.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe msedge.exe no specs robloxplayerbeta.exe werfault.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
664"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=6252,i,14806144673632191629,16320961814337650765,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=6388 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1180"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=1440,i,14695103298083867750,12795213493077419348,262144 --variations-seed-version --mojo-platform-channel-handle=2404 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1304"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3220,i,14806144673632191629,16320961814337650765,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=3268 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1652"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2364,i,17918174256901067169,17431393758771932425,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2132"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=6448,i,14806144673632191629,16320961814337650765,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=6472 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2216"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3580,i,17918174256901067169,17431393758771932425,262144 --variations-seed-version --mojo-platform-channel-handle=3868 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2340"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=3704,i,14806144673632191629,16320961814337650765,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=3492 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2340"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=6908,i,14806144673632191629,16320961814337650765,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5880 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2368"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --field-trial-handle=5224,i,14806144673632191629,16320961814337650765,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5924 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2428"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=3672,i,14806144673632191629,16320961814337650765,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version=20251218-201203.402000 --mojo-platform-channel-handle=5936 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
10 980
Read events
10 887
Write events
84
Delete events
9

Modification events

(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000160242
Operation:writeName:VirtualDesktop
Value:
100000003030445602603FA5B72DE44882A417B3949BF781
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated
Operation:writeName:Chrome
Value:
11
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Security and Maintenance\Checks\{C8E6F269-B90A-4053-A3BE-499AFCEC98C4}.check.0
Operation:writeName:CheckSetting
Value:
23004100430042006C006F00620000000000000000000000010000000000000000000000
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000D0380
Operation:writeName:VirtualDesktop
Value:
100000003030445602603FA5B72DE44882A417B3949BF781
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000D0380
Operation:delete keyName:(default)
Value:
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001902A0
Operation:writeName:VirtualDesktop
Value:
100000003030445602603FA5B72DE44882A417B3949BF781
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000B0390
Operation:writeName:VirtualDesktop
Value:
100000003030445602603FA5B72DE44882A417B3949BF781
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000260314
Operation:writeName:VirtualDesktop
Value:
100000003030445602603FA5B72DE44882A417B3949BF781
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001902A0
Operation:delete keyName:(default)
Value:
(PID) Process:(4696) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000B0400
Operation:writeName:VirtualDesktop
Value:
100000003030445602603FA5B72DE44882A417B3949BF781
Executable files
221
Suspicious files
487
Text files
469
Unknown types
0

Dropped files

PID
Process
Filename
Type
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old~RFdfe94.TMP
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RFdfea4.TMP
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RFdfea4.TMP
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RFdfeb3.TMP
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old~RFdfeb3.TMP
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
2876chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
440
TCP/UDP connections
163
DNS requests
280
Threats
27

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
162.159.142.9:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
US
binary
312 b
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
95.100.248.146:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
23.37.194.81:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
7728
chrome.exe
GET
200
172.66.165.85:443
https://roblox.en.download.it/
US
html
95.9 Kb
unknown
7728
chrome.exe
GET
200
142.251.141.74:443
https://safebrowsingohttpgateway.googleapis.com/v1/ohttp/hpkekeyconfig?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
US
binary
41 b
whitelisted
7728
chrome.exe
GET
200
142.251.143.99:443
https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=133
US
compressed
90.2 Kb
whitelisted
7728
chrome.exe
GET
200
142.250.201.78:80
http://clients2.google.com/time/1/current?cup2key=8:Qx2Ar-z0bF0wdEUAedUPnDnkXxkPoa3zRGhOYHeklEU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
105 b
whitelisted
7728
chrome.exe
POST
200
142.251.127.84:443
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
US
text
17 b
whitelisted
7728
chrome.exe
GET
200
172.66.165.85:443
https://static.download.it/dit/fonts/35117E_0_0.woff
US
binary
47.1 Kb
unknown
7728
chrome.exe
GET
200
172.66.165.85:443
https://static.download.it/fontello/font/dit-logos.woff2
US
binary
3.44 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
6260
svchost.exe
52.140.118.28:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
52.140.118.28:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
2.21.245.61:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
162.159.142.9:80
ocsp.digicert.com
CLOUDFLARENET
US
whitelisted
5276
MoUsoCoreWorker.exe
95.100.248.146:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
23.37.194.81:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
5208
svchost.exe
52.140.118.28:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
52.140.118.28:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 52.140.118.28
  • 51.124.78.146
whitelisted
www.bing.com
  • 2.21.245.61
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
google.com
  • 142.251.208.14
whitelisted
ocsp.digicert.com
  • 162.159.142.9
whitelisted
crl.microsoft.com
  • 95.100.248.146
  • 95.100.248.134
whitelisted
www.microsoft.com
  • 23.37.194.81
whitelisted
clients2.google.com
  • 142.250.201.78
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.251.141.74
whitelisted
clientservices.googleapis.com
  • 142.251.143.99
whitelisted

Threats

PID
Process
Class
Message
7728
chrome.exe
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
7728
chrome.exe
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
6260
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
7728
chrome.exe
Misc activity
ET INFO EXE - Served Attached HTTP
7728
chrome.exe
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
7728
chrome.exe
Misc activity
ET INFO EXE - Served Attached HTTP
7728
chrome.exe
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
7728
chrome.exe
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
7728
chrome.exe
Misc activity
SUSPICIOUS [ANY.RUN] JavaScript Obfuscation (ParseInt)
5716
roblox_hpWo-y1.tmp
A Network Trojan was detected
ET ADWARE_PUP Win32/OfferCore Checkin M1
Process
Message
roblox.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://roblox.en.download.it/