File name:

RobloxPlayerInstaller.exe

Full analysis: https://app.any.run/tasks/f256b60f-3045-4a16-aac0-3c3452623034
Verdict: Malicious activity
Analysis date: July 08, 2024, 21:43:42
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

94740510822524D579F869A81E02F5EA

SHA1:

0E87D714E9EEC2EEE7C3AF028E8E66E7478A107F

SHA256:

AD927962330C2D2CF2BF7C33C1A5395DF5CCD4CEABFB10C72DB240041D773DDA

SSDEEP:

98304:bgs0N1XDZEjTJt9y872uxBqWMJuHTNC2P+Ahlex3otgKkfz3wzMdmNezBJQAUEuo:cMjGRGgWQ3Ck

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5096)
      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Actions looks like stealing of personal data

      • RobloxPlayerInstaller.exe (PID: 1324)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 2456)

  • SUSPICIOUS

    • Changes default file association

      • RobloxPlayerInstaller.exe (PID: 1324)

    • Executable content was dropped or overwritten

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5096)
      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Process drops legitimate windows executable

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5096)
      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3628)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4904)
      • MicrosoftEdgeUpdate.exe (PID: 1888)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1764)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Reads the date of Windows installation

      • MicrosoftEdgeUpdate.exe (PID: 2456)

  • INFO

    • Reads the computer name

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeUpdate.exe (PID: 2456)
      • MicrosoftEdgeUpdate.exe (PID: 1888)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4904)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3628)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1764)
      • MicrosoftEdgeUpdate.exe (PID: 5248)
      • MicrosoftEdgeUpdate.exe (PID: 6188)
      • MicrosoftEdgeUpdate.exe (PID: 7124)

    • Reads the machine GUID from the registry

      • RobloxPlayerInstaller.exe (PID: 1324)

    • Checks supported languages

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5096)
      • MicrosoftEdgeUpdate.exe (PID: 2456)
      • MicrosoftEdgeUpdate.exe (PID: 1888)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4904)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3628)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1764)
      • MicrosoftEdgeUpdate.exe (PID: 6188)
      • MicrosoftEdgeUpdate.exe (PID: 7124)
      • MicrosoftEdgeUpdate.exe (PID: 5248)

    • Process checks whether UAC notifications are on

      • RobloxPlayerInstaller.exe (PID: 1324)

    • Creates files or folders in the user directory

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Create files in a temporary directory

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5096)
      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Reads the software policy settings

      • slui.exe (PID: 6936)
      • slui.exe (PID: 5960)
      • MicrosoftEdgeUpdate.exe (PID: 5248)
      • MicrosoftEdgeUpdate.exe (PID: 7124)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 5248)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 5248)
      • MicrosoftEdgeUpdate.exe (PID: 7124)
      • slui.exe (PID: 5960)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 2456)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1976:05:08 17:55:59+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 3435008
InitializedDataSize: 15253504
UninitializedDataSize: -
EntryPoint: 0x2f3100
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.6.1.19016
ProductVersionNumber: 1.6.1.19016
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Roblox Corporation
FileDescription: Roblox
FileVersion: 1, 6, 1, 6310472
LegalCopyright: Copyright © 2020 Roblox Corporation. All rights reserved.
OriginalFileName: Roblox.exe
ProductName: Roblox Bootstrapper
ProductVersion: 1, 6, 1, 6310472
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
156
Monitored processes
13
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start robloxplayerinstaller.exe sppextcomobj.exe no specs slui.exe slui.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe

Process information

PID
CMD
Path
Indicators
Parent process
1324"C:\Users\admin\Downloads\RobloxPlayerInstaller.exe" C:\Users\admin\Downloads\RobloxPlayerInstaller.exe
explorer.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox
Version:
1, 6, 1, 6310472
Modules
Images
c:\users\admin\downloads\robloxplayerinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1764"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.39\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1888"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2456C:\Users\admin\AppData\Local\Temp\EU66E5.tmp\MicrosoftEdgeUpdate.exe /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EU66E5.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\temp\eu66e5.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3628"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.39\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4904"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.39\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5096MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
RobloxPlayerInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\roblox\versions\version-1088f3c8e4a44cc7\webview2runtimeinstaller\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5248"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NkI3QUE2NEQtQkVCRC00NUVDLUJFNTAtRDdGMjM5RDMzNTdCfSIgdXNlcmlkPSJ7MUREMDcyQzQtQTU1NC00NjI3LTgyNkYtRTMwOUVCMDM3MjE3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3MEI4Q0NCQi1EMUUwLTQyREQtODA0MC1FOTlBREYxNjk4RTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTk5NDQzODgxMDciIGluc3RhbGxfdGltZV9tcz0iNDI1Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
5960C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6188"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{6B7AA64D-BEBD-45EC-BE50-D7F239D3357B}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
16 754
Read events
11 124
Write events
5 596
Delete events
34

Modification events

(PID) Process:(1324) RobloxPlayerInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio
Operation:writeName:WarnOnOpen
Value:
0
(PID) Process:(1324) RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio
Operation:writeName:URL Protocol
Value:
(PID) Process:(1324) RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio\shell\open\command
Operation:writeName:version
Value:
version-034c0d4a0a9b44cc
(PID) Process:(5960) slui.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3c\52C64B7E
Operation:writeName:@%SystemRoot%\System32\sppcomapi.dll,-3200
Value:
Software Licensing
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.171.39
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.171.39
Executable files
206
Suspicious files
27
Text files
5
Unknown types
1

Dropped files

PID
Process
Filename
Type
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\logs\cacert.pemtext
MD5:0194EB945475F93844C0FAE769C0FA0B
SHA256:A6BC06B8255E4AFE2EEFF34684605D04DF9EC246FC201BF5E44137987189A0D3
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\Roblox Studio.lnkbinary
MD5:47D6350F3BDE974B5B12AD0FE55AE5BC
SHA256:BB400AD702EB6F11DBFC6213CF47502D87F5784BC89F53DD7480DB2687CEAB65
1324RobloxPlayerInstaller.exeC:\Users\admin\Desktop\Roblox Studio.lnkbinary
MD5:5528FD47EBDA273F7323D3B9295BDB55
SHA256:A93ACE1C61A873CDAB21946FF4E15EB6A1C990F0C2247CE32B7BA390269DD8DE
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\30c885074d0320c0932e06bfd537c915compressed
MD5:30C885074D0320C0932E06BFD537C915
SHA256:4C732976972BBEC8B2B0C579067F6AB4A143263637E6F9A6E2AA1FE7F9A68E7B
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Temp\Roblox\http\RBX02D228C52A1B4BB3A1723EF4BB135A1Abinary
MD5:299580D8CE970727F7737D544B6BD512
SHA256:E01FBF19732B0D4695A14AD43A6745F64DCCFCC0E370179A96BBA95C7F864B4E
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Temp\Roblox\http\8913724486d5e3c463c493b25346ca31binary
MD5:299580D8CE970727F7737D544B6BD512
SHA256:E01FBF19732B0D4695A14AD43A6745F64DCCFCC0E370179A96BBA95C7F864B4E
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\cd77e0e77d698260809f8ae8b3993740compressed
MD5:CD77E0E77D698260809F8AE8B3993740
SHA256:C21C2EF75EDEF71EA53DD1FED5470CFA3D513D22F8CDFDF2431E43FE8FF4C95A
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Temp\Roblox\http\RBX7FCDBA42740F4F7589ABEEA840190B92binary
MD5:299580D8CE970727F7737D544B6BD512
SHA256:E01FBF19732B0D4695A14AD43A6745F64DCCFCC0E370179A96BBA95C7F864B4E
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\43c726b04ccfad6eb95e7ee2c25b33f0compressed
MD5:43C726B04CCFAD6EB95E7EE2C25B33F0
SHA256:D088880774C9633582819F11C7045E48442BE26BC427028DC2A6D6A7839A0A24
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\1d0390337d1a4a58e5514be1a9481ad6compressed
MD5:1D0390337D1A4A58E5514BE1A9481AD6
SHA256:C79F0EEB2BCA4905C585C50333DB3C6F727A554F5DB82E64948F93668FBC18AA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
61
DNS requests
25
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3652
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
1968
svchost.exe
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
1968
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
5864
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
4944
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
4084
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
4944
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
3040
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
unknown
1776
svchost.exe
GET
23.48.23.66:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bde64f47-8fa3-4f6c-8bce-d274241b6a2b?P1=1721079928&P2=404&P3=2&P4=Esof0rS97qcTZ1Qvp1HGDxsDQhiOYm9PrCveNdkl3qW9%2buzD3z%2f21qa9gLJHGl%2fyBybwdkXcOrzv616zDfiwxQ%3d%3d
unknown
unknown
1776
svchost.exe
HEAD
200
23.48.23.66:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bde64f47-8fa3-4f6c-8bce-d274241b6a2b?P1=1721079928&P2=404&P3=2&P4=Esof0rS97qcTZ1Qvp1HGDxsDQhiOYm9PrCveNdkl3qW9%2buzD3z%2f21qa9gLJHGl%2fyBybwdkXcOrzv616zDfiwxQ%3d%3d
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1968
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
2448
RUXIMICS.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
900
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1324
RobloxPlayerInstaller.exe
128.116.119.3:443
ecsv2.roblox.com
ROBLOX-PRODUCTION
US
unknown
4032
svchost.exe
239.255.255.250:1900
whitelisted
1324
RobloxPlayerInstaller.exe
99.86.4.62:443
clientsettingscdn.roblox.com
AMAZON-02
US
unknown
1324
RobloxPlayerInstaller.exe
205.234.175.102:443
setup.rbxcdn.com
CACHENETWORKS
US
unknown
3652
svchost.exe
40.126.31.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3652
svchost.exe
192.229.221.95:80
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
ecsv2.roblox.com
  • 128.116.119.3
whitelisted
clientsettingscdn.roblox.com
  • 99.86.4.62
  • 99.86.4.125
  • 99.86.4.20
  • 99.86.4.8
whitelisted
setup.rbxcdn.com
  • 205.234.175.102
whitelisted
login.live.com
  • 40.126.31.71
  • 20.190.159.64
  • 40.126.31.67
  • 20.190.159.73
  • 20.190.159.71
  • 20.190.159.0
  • 20.190.159.23
  • 20.190.159.75
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
nexusrules.officeapps.live.com
  • 52.111.236.23
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 2.16.164.72
  • 2.16.164.120
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted

Threats

PID
Process
Class
Message
1776
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
RobloxPlayerInstaller.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RobloxPlayerInstaller.exe