File name:

RobloxPlayerLauncher.exe

Full analysis: https://app.any.run/tasks/b2a6c0ce-60c7-4b4d-a1db-7b12bd082af8
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: August 16, 2024, 02:00:00
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
loader
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

38B0AE6CA6B20496988EB0268AE26DD0

SHA1:

09179F47717F20B3E11C759AB8B3245BD2608EC1

SHA256:

69FC9EC3315A02E098409F217A4E74224BE94D27B61599968B745DD8F45129CF

SSDEEP:

98304:mLs0TuvMDTVcHvwlN9E5rALPuIwwZELE6/RIpdabRg4BvGtk5nB4S2gmwyzLGNil:7mRDDJr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • RobloxPlayerLauncher.exe (PID: 6388)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • RobloxPlayerLauncher.exe (PID: 6388)

    • Reads security settings of Internet Explorer

      • RobloxPlayerLauncher.exe (PID: 6388)
      • RobloxPlayerLauncher.exe (PID: 6468)

    • Checks Windows Trust Settings

      • RobloxPlayerLauncher.exe (PID: 6388)
      • RobloxPlayerLauncher.exe (PID: 6468)

    • Application launched itself

      • RobloxPlayerLauncher.exe (PID: 6388)

    • Executable content was dropped or overwritten

      • RobloxPlayerLauncher.exe (PID: 6388)

  • INFO

    • Checks supported languages

      • RobloxPlayerLauncher.exe (PID: 6388)
      • RobloxPlayerLauncher.exe (PID: 6468)

    • Reads the machine GUID from the registry

      • RobloxPlayerLauncher.exe (PID: 6388)
      • RobloxPlayerLauncher.exe (PID: 6468)

    • Checks proxy server information

      • RobloxPlayerLauncher.exe (PID: 6388)
      • RobloxPlayerLauncher.exe (PID: 6468)

    • Creates files or folders in the user directory

      • RobloxPlayerLauncher.exe (PID: 6388)
      • RobloxPlayerLauncher.exe (PID: 6468)

    • Reads the computer name

      • RobloxPlayerLauncher.exe (PID: 6388)
      • RobloxPlayerLauncher.exe (PID: 6468)

    • Reads the software policy settings

      • RobloxPlayerLauncher.exe (PID: 6388)
      • RobloxPlayerLauncher.exe (PID: 6468)

    • Create files in a temporary directory

      • RobloxPlayerLauncher.exe (PID: 6388)
      • RobloxPlayerLauncher.exe (PID: 6468)

    • Process checks computer location settings

      • RobloxPlayerLauncher.exe (PID: 6388)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2049:12:03 16:02:20+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 3943424
InitializedDataSize: 9729536
UninitializedDataSize: -
EntryPoint: 0x356822
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.6.0.23620
ProductVersionNumber: 1.6.0.23620
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Roblox Corporation
FileDescription: Roblox
FileVersion: 1, 6, 0, 6380612
LegalCopyright: Copyright © 2020 Roblox Corporation. All rights reserved.
OriginalFileName: Roblox.exe
ProductName: Roblox Bootstrapper
ProductVersion: 1, 6, 0, 6380612
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
120
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start robloxplayerlauncher.exe robloxplayerlauncher.exe

Process information

PID
CMD
Path
Indicators
Parent process
6388"C:\Users\admin\Desktop\RobloxPlayerLauncher.exe" C:\Users\admin\Desktop\RobloxPlayerLauncher.exe
explorer.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox
Exit code:
4294967295
Version:
1, 6, 0, 6380612
Modules
Images
c:\users\admin\desktop\robloxplayerlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6468C:\Users\admin\Desktop\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=dd68ce44f85e0623aa9fe54b217da4fb15483a6b --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x8c4,0x8c8,0x8cc,0x82c,0x8d4,0xd4dc2c,0xd4dc3c,0xd4dc4cC:\Users\admin\Desktop\RobloxPlayerLauncher.exe
RobloxPlayerLauncher.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox
Exit code:
0
Version:
1, 6, 0, 6380612
Modules
Images
c:\users\admin\desktop\robloxplayerlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
11 038
Read events
11 009
Write events
29
Delete events
0

Modification events

(PID) Process:(6388) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6388) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6388) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6388) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(6388) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(6388) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(6388) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(6468) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6468) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6468) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
3
Suspicious files
24
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
6388RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\b5aac0cce72f43a75a943c3bba6283d2.part
MD5:
SHA256:
6388RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\version-b67e7cbe150a4c59-rbxBootstrapperPkgManifest[1].txttext
MD5:DA169E5F34628EDBE378EC660BB67EFE
SHA256:4313A5EA9AFEC6C1A1C4BA4315C7A1C60D227692298CE45BC8CF4DB5FD407702
6388RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\version-b67e7cbe150a4c59-rbxPkgManifest[1].txttext
MD5:B34E6824361D41F78D59A93FC42AF69D
SHA256:FAFC490FA51D4E2A593C8E60D522ADA3656D052E405118CD5BDD1B32C260985F
6388RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\BatchIncrement[1].jsonbinary
MD5:BEDBF7D7D69748886E9B48F45C75FBBE
SHA256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
6388RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\BatchIncrement[1].jsonbinary
MD5:BEDBF7D7D69748886E9B48F45C75FBBE
SHA256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
6468RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\BatchIncrement[1].jsonbinary
MD5:BEDBF7D7D69748886E9B48F45C75FBBE
SHA256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
6388RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\BatchIncrement[1].jsonbinary
MD5:BEDBF7D7D69748886E9B48F45C75FBBE
SHA256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
6388RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\BatchIncrement[1].jsonbinary
MD5:BEDBF7D7D69748886E9B48F45C75FBBE
SHA256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
6388RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\PCClientBootstrapper[1].jsonbinary
MD5:391CF7D6F111E8C958A2676FAB75E82B
SHA256:FE2335242B0A16B27ADCC4DBEC9FA530E135DD6C5AE777F8690AEC36826C6D36
6388RobloxPlayerLauncher.exeC:\Users\admin\Desktop\Roblox Studio.lnklnk
MD5:3122EF550187DF4784FB2DF8A615ADB3
SHA256:B97AFAA4B27113994BB5CF5587CAA40137042D0F445130639A1AEFE753AC4988
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
31
TCP/UDP connections
20
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
23.216.77.17:443
https://setup.rbxcdn.com/version-b67e7cbe150a4c59-RobloxApp.zip
unknown
unknown
POST
200
128.116.119.3:443
https://ephemeralcounters.api.roblox.com/v1.1/Counters/BatchIncrement?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
unknown
binary
163 b
unknown
GET
200
52.222.236.6:443
https://clientsettingscdn.roblox.com/v2/client-version/WindowsStudio64
unknown
binary
119 b
unknown
POST
200
128.116.119.3:443
https://ephemeralcounters.api.roblox.com/v1.1/Counters/BatchIncrement?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
unknown
binary
163 b
unknown
GET
200
23.216.77.17:443
https://setup.rbxcdn.com/version-b67e7cbe150a4c59-rbxInstallerPkgManifest.txt
unknown
text
83 b
unknown
GET
200
52.222.236.43:443
https://clientsettingscdn.roblox.com/v2/client-version/WindowsPlayer
unknown
binary
119 b
unknown
POST
200
128.116.119.3:443
https://ephemeralcounters.api.roblox.com/v1.1/Counters/BatchIncrement?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
unknown
binary
163 b
unknown
GET
200
23.216.77.17:443
https://setup.rbxcdn.com/version-b67e7cbe150a4c59-rbxPkgManifest.txt
unknown
text
1.51 Kb
unknown
POST
200
128.116.119.3:443
https://ephemeralcounters.api.roblox.com/v1.1/Counters/BatchIncrement?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
unknown
binary
163 b
unknown
GET
200
23.216.77.19:443
https://setup.rbxcdn.com/version-b67e7cbe150a4c59-rbxBootstrapperPkgManifest.txt
unknown
text
82 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:138
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
2464
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
532
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6388
RobloxPlayerLauncher.exe
23.41.252.19:443
clientsettingscdn.roblox.com
AKAMAI-AS
MX
unknown
6388
RobloxPlayerLauncher.exe
128.116.119.3:443
ephemeralcounters.api.roblox.com
ROBLOX-PRODUCTION
US
unknown
6468
RobloxPlayerLauncher.exe
128.116.119.3:443
ephemeralcounters.api.roblox.com
ROBLOX-PRODUCTION
US
unknown
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6388
RobloxPlayerLauncher.exe
23.216.77.17:443
setup.rbxcdn.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.206
whitelisted
clientsettingscdn.roblox.com
  • 23.41.252.19
whitelisted
ephemeralcounters.api.roblox.com
  • 128.116.119.3
whitelisted
setup.rbxcdn.qq.com
  • 0.0.0.1
whitelisted
clientsettingscdn.roblox.qq.com
  • 0.0.0.1
whitelisted
setup.rbxcdn.com
  • 23.216.77.19
  • 23.216.77.17
whitelisted
setup-ak.rbxcdn.com
  • 23.216.77.19
  • 23.216.77.17
whitelisted
setup-ll.rbxcdn.com
whitelisted
setup-cfly.rbxcdn.com
  • 205.234.175.102
whitelisted

Threats

No threats detected
Process
Message
RobloxPlayerLauncher.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RobloxPlayerLauncher.exe