download:

/version-760d064d05424689-RobloxPlayerInstaller.exe

Full analysis: https://app.any.run/tasks/12e43650-4fed-4c89-b3f0-929ed16f799c
Verdict: Malicious activity
Analysis date: February 27, 2026, 18:57:26
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
roblox
arch-exec
arch-doc
arch-scr
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

A1AF6BFC6571A173EE91DCF36C0BABF1

SHA1:

7BE61E72C254C5016D89896285EE335C9EA1049E

SHA256:

92AD4BF6CE23CCF7D802530FDE9773E336E2F3E03C6C2DF2D15A300FBD735DFA

SSDEEP:

98304:hs01F1pMKfhjrQadr4Zl6P2zJL1jr+hcbuktGbxIkAhTj+gO1K7yoEY9KnviILUM:a/pM9B8mX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Potential DLL hijacking behavior detected

      • msedgewebview2.exe (PID: 8876)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 8572)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 2312)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2248)
      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • MicrosoftEdge_X64_145.0.3800.82.exe (PID: 8692)
      • setup.exe (PID: 6952)
      • RobloxStudioInstaller.exe (PID: 6828)
      • RobloxStudioInstaller.exe (PID: 2860)

    • Changes default file association

      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • RobloxStudioInstaller.exe (PID: 2860)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 8572)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • RobloxStudioInstaller.exe (PID: 6828)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2432)
      • MicrosoftEdgeUpdate.exe (PID: 6400)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7548)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7972)

    • Application launched itself

      • setup.exe (PID: 6952)
      • MicrosoftEdgeUpdate.exe (PID: 1092)
      • msedgewebview2.exe (PID: 2312)

    • Searches for installed software

      • setup.exe (PID: 6952)

    • Executes application which crashes

      • RobloxPlayerBeta.exe (PID: 6108)
      • RobloxPlayerBeta.exe (PID: 7704)
      • RobloxStudioInstaller.exe (PID: 6828)

    • The process drops C-runtime libraries

      • RobloxStudioInstaller.exe (PID: 2860)

  • INFO

    • The sample compiled with english language support

      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2248)
      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • MicrosoftEdge_X64_145.0.3800.82.exe (PID: 8692)
      • setup.exe (PID: 6952)
      • RobloxStudioInstaller.exe (PID: 6828)
      • RobloxStudioInstaller.exe (PID: 2860)

    • ROBLOX mutex has been found

      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • RobloxStudioInstaller.exe (PID: 6828)
      • RobloxStudioInstaller.exe (PID: 2860)

    • Reads the computer name

      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • MicrosoftEdgeUpdate.exe (PID: 6400)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2432)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7548)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7972)
      • MicrosoftEdgeUpdate.exe (PID: 1180)
      • MicrosoftEdgeUpdate.exe (PID: 8772)
      • MicrosoftEdgeUpdate.exe (PID: 1092)
      • MicrosoftEdge_X64_145.0.3800.82.exe (PID: 8692)
      • setup.exe (PID: 6952)
      • MicrosoftEdgeUpdate.exe (PID: 1520)
      • RobloxStudioInstaller.exe (PID: 6828)
      • RobloxStudioInstaller.exe (PID: 2860)
      • GameBar.exe (PID: 3624)
      • RobloxStudioBeta.exe (PID: 8140)
      • msedgewebview2.exe (PID: 2312)
      • msedgewebview2.exe (PID: 8876)
      • msedgewebview2.exe (PID: 2228)

    • Checks supported languages

      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2248)
      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • MicrosoftEdgeUpdate.exe (PID: 6400)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7548)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7972)
      • MicrosoftEdgeUpdate.exe (PID: 1180)
      • MicrosoftEdgeUpdate.exe (PID: 8772)
      • MicrosoftEdgeUpdate.exe (PID: 1092)
      • MicrosoftEdge_X64_145.0.3800.82.exe (PID: 8692)
      • setup.exe (PID: 6952)
      • MicrosoftEdgeUpdate.exe (PID: 1520)
      • setup.exe (PID: 4516)
      • RobloxPlayerBeta.exe (PID: 6108)
      • RobloxStudioInstaller.exe (PID: 6828)
      • RobloxPlayerBeta.exe (PID: 7704)
      • RobloxStudioInstaller.exe (PID: 2860)
      • RobloxStudioBeta.exe (PID: 8140)
      • RobloxCrashHandler.exe (PID: 6536)
      • GameBar.exe (PID: 3624)
      • msedgewebview2.exe (PID: 2312)
      • msedgewebview2.exe (PID: 3656)
      • msedgewebview2.exe (PID: 8876)
      • msedgewebview2.exe (PID: 2228)
      • msedgewebview2.exe (PID: 5216)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2432)
      • msedgewebview2.exe (PID: 8376)
      • msedgewebview2.exe (PID: 1672)
      • msedgewebview2.exe (PID: 7580)
      • msedgewebview2.exe (PID: 3180)

    • Process checks whether UAC notifications are on

      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • RobloxStudioInstaller.exe (PID: 2860)
      • RobloxStudioBeta.exe (PID: 8140)

    • Reads the machine GUID from the registry

      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • MicrosoftEdgeUpdate.exe (PID: 1092)
      • RobloxStudioInstaller.exe (PID: 6828)
      • RobloxStudioInstaller.exe (PID: 2860)
      • RobloxStudioBeta.exe (PID: 8140)
      • RobloxCrashHandler.exe (PID: 6536)
      • msedgewebview2.exe (PID: 2312)

    • Creates files or folders in the user directory

      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • MicrosoftEdgeUpdate.exe (PID: 1092)
      • MicrosoftEdge_X64_145.0.3800.82.exe (PID: 8692)
      • setup.exe (PID: 6952)
      • setup.exe (PID: 4516)
      • RobloxStudioInstaller.exe (PID: 6828)
      • RobloxStudioInstaller.exe (PID: 2860)
      • WerFault.exe (PID: 6820)
      • RobloxCrashHandler.exe (PID: 6536)
      • RobloxStudioBeta.exe (PID: 8140)
      • msedgewebview2.exe (PID: 2312)
      • msedgewebview2.exe (PID: 3656)
      • msedgewebview2.exe (PID: 2228)

    • Drops script file

      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • setup.exe (PID: 6952)
      • RobloxStudioInstaller.exe (PID: 2860)

    • Create files in a temporary directory

      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2248)
      • RobloxStudioInstaller.exe (PID: 6828)
      • RobloxStudioInstaller.exe (PID: 2860)
      • RobloxStudioBeta.exe (PID: 8140)
      • msedgewebview2.exe (PID: 2312)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 8572)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 1180)
      • MicrosoftEdgeUpdate.exe (PID: 1520)
      • msedgewebview2.exe (PID: 2312)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • Taskmgr.exe (PID: 768)
      • MicrosoftEdgeUpdate.exe (PID: 1092)
      • GameBar.exe (PID: 3624)
      • msedgewebview2.exe (PID: 2312)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 8572)
      • setup.exe (PID: 6952)
      • msedgewebview2.exe (PID: 2312)
      • msedgewebview2.exe (PID: 3180)
      • msedgewebview2.exe (PID: 1672)
      • msedgewebview2.exe (PID: 7580)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 1180)
      • MicrosoftEdgeUpdate.exe (PID: 1092)
      • MicrosoftEdgeUpdate.exe (PID: 1520)
      • WerFault.exe (PID: 6820)
      • slui.exe (PID: 3212)
      • msedgewebview2.exe (PID: 2312)

    • Manual execution by a user

      • Taskmgr.exe (PID: 8260)
      • Taskmgr.exe (PID: 768)
      • RobloxPlayerBeta.exe (PID: 7704)
      • RobloxStudioInstaller.exe (PID: 6828)

    • Creates a software uninstall entry

      • setup.exe (PID: 6952)
      • version-760d064d05424689-RobloxPlayerInstaller.exe (PID: 2572)
      • RobloxStudioInstaller.exe (PID: 2860)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1990:10:16 18:04:11+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 7404032
InitializedDataSize: 2573312
UninitializedDataSize: -
EntryPoint: 0x6a122e
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.6.1.22819
ProductVersionNumber: 1.6.1.22819
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Roblox Corporation
FileDescription: Roblox
FileVersion: 1, 6, 1, 7100707
LegalCopyright: Copyright © 2020 Roblox Corporation. All rights reserved.
OriginalFileName: Roblox.exe
ProductName: Roblox Bootstrapper
ProductVersion: 1, 6, 1, 7100707
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
198
Monitored processes
37
Malicious processes
2
Suspicious processes
6

Behavior graph

Click at the process to see the details
start version-760d064d05424689-robloxplayerinstaller.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe taskmgr.exe no specs taskmgr.exe microsoftedge_x64_145.0.3800.82.exe setup.exe setup.exe no specs slui.exe microsoftedgeupdate.exe robloxplayerbeta.exe werfault.exe no specs robloxplayerbeta.exe werfault.exe no specs robloxstudioinstaller.exe robloxstudioinstaller.exe werfault.exe robloxstudiobeta.exe robloxcrashhandler.exe no specs gamebarpresencewriter.exe no specs gamebar.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
768"C:\WINDOWS\system32\taskmgr.exe" /4C:\Windows\System32\Taskmgr.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Manager
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
824C:\WINDOWS\system32\WerFault.exe -u -p 7704 -s 404C:\Windows\System32\WerFault.exeRobloxPlayerBeta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
1092"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
1180"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7QUQ3QUU0NEQtNTUwNy00RTNBLUExQkMtMDcxQTJCNjY0OTJFfSIgdXNlcmlkPSJ7RDdDMkNGQjQtQjc5MS00ODRFLThDMUQtMzEyNzQyRjMzMDIyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDODM5NEQzMi0wNkY0LTQ3QkItQkYzQS1FODVBMjM2RjA0NzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNiIgcGh5c21lbW9yeT0iNiIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE5NS40NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAwMDg1MTk4ODciIGluc3RhbGxfdGltZV9tcz0iNDkxIi8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
1520"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7QUQ3QUU0NEQtNTUwNy00RTNBLUExQkMtMDcxQTJCNjY0OTJFfSIgdXNlcmlkPSJ7RDdDMkNGQjQtQjc5MS00ODRFLThDMUQtMzEyNzQyRjMzMDIyfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntEODM3M0EwMi1ENzNDLTRFOEUtQUUwRS1CMTMwQzk0MzdDNzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNiIgcGh5c21lbW9yeT0iNiIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSImcXVvdDsrWkZBajNTT0lJNUJKem9HdXo4T3ByMGhaOEgvckR6cWIvUVZyM1BZaDRJPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxNDUuMC4zODAwLjgyIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMDIyNDk5MDQxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAwMjI1OTkwMzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDEzMTg0MjAwMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvMTczNzQ5OTMtYTg5Ny00NDE2LWIzY2YtMTdhNGI3ZmRiZTllP1AxPTE3NzI4MjM0NjkmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9SnlDNmhXNFJGMTlmTEc5bGlqT1UwWmh5N083VkVRJTJmSjNBQzlIaTdZQ3E4dXprWWtqQ0RDbmxhSVh2ajFxSWFSVEttcXd3NnFCZ0lXamlkUlpxMElzZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4NjU5NDQwMCIgdG90YWw9IjE4NjU5NDQwMCIgZG93bmxvYWRfdGltZV9tcz0iODQxOSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMTMxOTUyMDMwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAxNTEzODA3NDgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwNDQ2ODgxODE4IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iODcxIiBkb3dubG9hZF90aW1lX21zPSIxMDkyNyIgZG93bmxvYWRlZD0iMTg2NTk0NDAwIiB0b3RhbD0iMTg2NTk0NDAwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMCIgaW5zdGFsbF90aW1lX21zPSIyOTU0NiIvPjwvYXBwPjwvcmVxdWVzdD4C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
1672"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 710, 0, 7100702" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--expose-gc --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --skip-read-main-dll --metrics-shmem-handle=3448,i,691589973398796579,15786673879914023777,2097152 --field-trial-handle=1904,i,3742366285058562706,14862502985531281474,262144 --variations-seed-version --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=3480 /prefetch:1C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
1760C:\WINDOWS\system32\WerFault.exe -u -p 6108 -s 408C:\Windows\System32\WerFault.exeRobloxPlayerBeta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\werfault.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
2228"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 710, 0, 7100702" --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --startup-read-main-dll --metrics-shmem-handle=2180,i,14716686733956410010,5692490745511070914,524288 --field-trial-handle=1904,i,3742366285058562706,14862502985531281474,262144 --variations-seed-version --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2176 /prefetch:3C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe
msedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
2248MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Roblox\Versions\version-760d064d05424689\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
version-760d064d05424689-RobloxPlayerInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\roblox\versions\version-760d064d05424689\webview2runtimeinstaller\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2312"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=RobloxStudioBeta.exe --webview-exe-version="0, 710, 0, 7100702" --user-data-dir="C:\Users\admin\AppData\Local\Roblox\RobloxStudio\WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --mojo-named-platform-channel-pipe=8140.6668.3540939833420737899C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\145.0.3800.82\msedgewebview2.exe
RobloxStudioBeta.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
145.0.3800.82
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\145.0.3800.82\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
Total events
24 037
Read events
22 483
Write events
1 471
Delete events
83

Modification events

(PID) Process:(2572) version-760d064d05424689-RobloxPlayerInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio
Operation:writeName:WarnOnOpen
Value:
0
(PID) Process:(2572) version-760d064d05424689-RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio
Operation:writeName:URL Protocol
Value:
(PID) Process:(2572) version-760d064d05424689-RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio\shell\open\command
Operation:writeName:version
Value:
version-e095049f34844c41
(PID) Process:(8572) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(8572) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_c
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{0D2367D4-A219-4A4C-A61D-A65634C7E82D}
(PID) Process:(8572) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{D13D3872-B548-4AA4-BA3F-80D9525DC1C1}
(PID) Process:(8572) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(8572) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(8572) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.45
(PID) Process:(8572) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
Executable files
209
Suspicious files
285
Text files
109
Unknown types
22

Dropped files

PID
Process
Filename
Type
2572version-760d064d05424689-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\19e515082d15f48181128b72ab50a50a
MD5:
SHA256:
2572version-760d064d05424689-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\ccff01d389cdf458bad9aaa9f4d64277compressed
MD5:F1488394C00343DC0F170680952F438A
SHA256:6654B72DD12B2999F4C47A0E182484D60D3BB91D8D8C54924E6096D7E1A70FA6
2572version-760d064d05424689-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\cf6354c3365a4f2d09391617e7927d20compressed
MD5:CF6354C3365A4F2D09391617E7927D20
SHA256:F153021929D35CC3BE2EE7E2D31D1847E655DDB6E43165C37AA7D87E29980638
2572version-760d064d05424689-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\RobloxPlayerInstaller\InstallerInfo.logtext
MD5:781A0E1593B1F49B72DC65957DF6FF49
SHA256:382497DDE921B816726D91B6284565F4F0D38D1D6EBB435905AF210E706DCEBC
2572version-760d064d05424689-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Versions\RobloxStudioInstaller.exeexecutable
MD5:B7FD22DC11BC090B80917AFD62D02B4B
SHA256:8B5BF8CFFAB53D52B9346D211F509DE2648912E5CBAFB5C9671DAC0AE2466BA1
2572version-760d064d05424689-RobloxPlayerInstaller.exeC:\Users\admin\Desktop\Roblox Studio.lnkbinary
MD5:0B460507F1E7CACADC0FA3543233A8D4
SHA256:308A8DB4D32F9187803DDA72C7FBF44E7984DC653FC285FFEF5DC0E6098824DC
2572version-760d064d05424689-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\logs\cacert.pemtext
MD5:E46C5D007899D693A9D325FBFBBD4BBB
SHA256:416DF7C7A6AF3D35B06B3AEE5E736B02C8AEFD4A3B9BE31BEFC1C97AB323FFA6
2572version-760d064d05424689-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\Roblox Studio.lnkbinary
MD5:DF61B09B9EE37459356D2462C1F941C6
SHA256:592D60CE4205094D7F01B618982991A1EA04586562C1571F127DCD65AE07986B
2572version-760d064d05424689-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\eb9dd4d0637fd6ae21747e6b6a281d21compressed
MD5:C089723E98C07ACCD3036F11E70AFA3B
SHA256:7286CEBAE07DB975BA0C8DB1972CFD0B53790CEE458FD3C4B1BE8BF282967D5D
2572version-760d064d05424689-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\fbb0ce7a795cad22ef0c116ae89f13d4compressed
MD5:FBB0CE7A795CAD22EF0C116AE89F13D4
SHA256:7041752F10D5275EF1021AFA12523AA9F5E534C0A2FF87D6921C1F70CC68B534
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
87
DNS requests
69
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6768
MoUsoCoreWorker.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/OneSettings/Client?OSVersionFull=10.0.19045.4046.amd64fre.vb_release.191206-1406&LocalDeviceID=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&AttrDataVer=186&OSUILocale=en-US&OSSkuId=48&App=WOSC&AppVer=&IsFlightingEnabled=0&TelemetryLevel=1&DeviceFamily=Windows.Desktop
US
whitelisted
7544
svchost.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
6332
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
6332
SIHClient.exe
GET
200
135.233.95.135:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
6332
SIHClient.exe
GET
200
74.178.76.128:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
6332
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
1520
MicrosoftEdgeUpdate.exe
GET
304
150.171.22.17:443
https://config.edge.skype.com/config/v1/EdgeUpdate/1.3.195.45?clientId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&appChannel_webview=5&appConsentState_webview=0&appDayOfInstall_webview=-1&appInactivityBadgeApplied_webview=0&appInactivityBadgeCleared_webview=0&appInactivityBadgeDuration_webview=0&appInstallTimeDiffSec_webview=-86400&appIsPinnedSystem_webview=false&appLang_webview=en&appLastLaunchCount_webview=0&appLastLaunchTime_webview=0&appLastLaunchTimeJson_webview=0&appLastLaunchTimeDaysAgo_webview=0&appVersion_webview=145.0.3800.82&appUpdateCheckIsUpdateDisabled_webview=false&appUpdatesAllowedForMeteredNetworks_webview=false&hwDiskType=2&hwHasSsse3=true&hwLogicalCpus=6&hwPhysmemory=6&isCTADevice=false&isMsftDomainJoined=false&oemProductManufacturer=DELL&oemProductName=DELL&osArch=x64&osIsDefaultNetworkConnectionMetered=false&osIsInLockdownMode=false&osIsWIP=false&osPlatform=win&osProductType=48&osVersion=10.0.19045.4046&requestCheckPeriodSec=-1&requestDomainJoined=false&requestInstallSource=otherinstallcmd&requestIsMachine=false&requestOmahaShellVersion=1.3.195.45&requestOmahaVersion=1.3.195.45
US
unknown
3292
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
US
binary
814 b
whitelisted
3292
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
US
binary
401 b
whitelisted
3292
svchost.exe
GET
200
23.59.18.102:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.3.crl
US
binary
813 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
7544
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7428
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5568
SearchApp.exe
2.16.204.153:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.63.118.230:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2572
version-760d064d05424689-RobloxPlayerInstaller.exe
128.116.31.3:443
ecsv2.roblox.com
ROBLOX-PRODUCTION
US
whitelisted
3412
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2572
version-760d064d05424689-RobloxPlayerInstaller.exe
23.41.252.19:443
clientsettingscdn.roblox.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
google.com
  • 142.251.208.174
whitelisted
self.events.data.microsoft.com
  • 52.168.117.171
whitelisted
www.bing.com
  • 2.16.204.153
  • 2.16.204.141
  • 2.16.204.157
  • 2.16.204.156
  • 2.16.204.136
  • 2.16.204.160
  • 2.16.204.137
  • 2.16.204.161
  • 2.16.204.146
whitelisted
ocsp.digicert.com
  • 23.63.118.230
  • 184.30.131.245
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
ecsv2.roblox.com
  • 128.116.31.3
  • 128.116.13.3
whitelisted
clientsettingscdn.roblox.com
  • 23.41.252.19
  • 52.222.236.86
  • 52.222.236.6
  • 52.222.236.43
  • 52.222.236.113
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
setup.rbxcdn.com
  • 54.192.35.42
  • 54.192.35.28
  • 54.192.35.27
  • 54.192.35.111
  • 23.55.110.181
  • 23.55.110.200
whitelisted

Threats

PID
Process
Class
Message
7000
svchost.exe
Misc activity
ET INFO Packed Executable Download
6768
MoUsoCoreWorker.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Process
Message
version-760d064d05424689-RobloxPlayerInstaller.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
RobloxStudioBeta.exe
2026-02-27T18:59:26.191Z,0.191423,1850,6 [FLog::Output] RobloxGitHash: 1c55dd9cd056d90d8fda0f880404016d98fdf06a
RobloxStudioBeta.exe
RobloxStudioBeta.exe
2026-02-27T18:59:26.191Z,0.191423,1850,6 [FLog::Output] Command line: C:\Users\admin\AppData\Local\Roblox\Versions\version-e095049f34844c41\RobloxStudioBeta.exe -startEvent www.roblox.com/robloxQTStudioStartedEvent -firstLaunch
RobloxStudioBeta.exe
RobloxStudioBeta.exe
2026-02-27T18:59:26.191Z,0.191423,1850,6 [FLog::Output] Creating PolicyContext(Root)
RobloxStudioBeta.exe
RobloxStudioBeta.exe
2026-02-27T18:59:26.192Z,0.192419,1850,6 [FLog::Output] BaseUrl: https://www.roblox.com
RobloxStudioBeta.exe
2026-02-27T18:59:26.193Z,0.193414,1850,6,Info [FLog::StudioKeyEvents] fast flags loading [start]
RobloxStudioBeta.exe
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/version-760d064d05424689-RobloxPlayerInstaller.exe