File name:

RobloxPlayerInstaller.exe

Full analysis: https://app.any.run/tasks/f256b60f-3045-4a16-aac0-3c3452623034
Verdict: Malicious activity
Analysis date: July 08, 2024, 21:43:42
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

94740510822524D579F869A81E02F5EA

SHA1:

0E87D714E9EEC2EEE7C3AF028E8E66E7478A107F

SHA256:

AD927962330C2D2CF2BF7C33C1A5395DF5CCD4CEABFB10C72DB240041D773DDA

SSDEEP:

98304:bgs0N1XDZEjTJt9y872uxBqWMJuHTNC2P+Ahlex3otgKkfz3wzMdmNezBJQAUEuo:cMjGRGgWQ3Ck

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5096)
      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Actions looks like stealing of personal data

      • RobloxPlayerInstaller.exe (PID: 1324)

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 2456)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5096)
      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Changes default file association

      • RobloxPlayerInstaller.exe (PID: 1324)

    • Process drops legitimate windows executable

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5096)
      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4904)
      • MicrosoftEdgeUpdate.exe (PID: 1888)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3628)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1764)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Reads the date of Windows installation

      • MicrosoftEdgeUpdate.exe (PID: 2456)

  • INFO

    • Reads the machine GUID from the registry

      • RobloxPlayerInstaller.exe (PID: 1324)

    • Checks supported languages

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5096)
      • MicrosoftEdgeUpdate.exe (PID: 2456)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4904)
      • MicrosoftEdgeUpdate.exe (PID: 1888)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3628)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1764)
      • MicrosoftEdgeUpdate.exe (PID: 5248)
      • MicrosoftEdgeUpdate.exe (PID: 6188)
      • MicrosoftEdgeUpdate.exe (PID: 7124)

    • Creates files or folders in the user directory

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeUpdate.exe (PID: 2456)

    • Reads the computer name

      • RobloxPlayerInstaller.exe (PID: 1324)
      • MicrosoftEdgeUpdate.exe (PID: 2456)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4904)
      • MicrosoftEdgeUpdate.exe (PID: 1888)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 3628)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1764)
      • MicrosoftEdgeUpdate.exe (PID: 7124)
      • MicrosoftEdgeUpdate.exe (PID: 6188)
      • MicrosoftEdgeUpdate.exe (PID: 5248)

    • Process checks whether UAC notifications are on

      • RobloxPlayerInstaller.exe (PID: 1324)

    • Reads the software policy settings

      • slui.exe (PID: 6936)
      • MicrosoftEdgeUpdate.exe (PID: 5248)
      • MicrosoftEdgeUpdate.exe (PID: 7124)
      • slui.exe (PID: 5960)

    • Create files in a temporary directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 5096)
      • MicrosoftEdgeUpdate.exe (PID: 2456)
      • RobloxPlayerInstaller.exe (PID: 1324)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 5248)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 5248)
      • MicrosoftEdgeUpdate.exe (PID: 7124)
      • slui.exe (PID: 5960)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 2456)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1976:05:08 17:55:59+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 3435008
InitializedDataSize: 15253504
UninitializedDataSize: -
EntryPoint: 0x2f3100
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.6.1.19016
ProductVersionNumber: 1.6.1.19016
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Roblox Corporation
FileDescription: Roblox
FileVersion: 1, 6, 1, 6310472
LegalCopyright: Copyright © 2020 Roblox Corporation. All rights reserved.
OriginalFileName: Roblox.exe
ProductName: Roblox Bootstrapper
ProductVersion: 1, 6, 1, 6310472
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
156
Monitored processes
13
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start robloxplayerinstaller.exe sppextcomobj.exe no specs slui.exe slui.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe

Process information

PID
CMD
Path
Indicators
Parent process
1324"C:\Users\admin\Downloads\RobloxPlayerInstaller.exe" C:\Users\admin\Downloads\RobloxPlayerInstaller.exe
explorer.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox
Version:
1, 6, 1, 6310472
Modules
Images
c:\users\admin\downloads\robloxplayerinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
1764"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.39\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1888"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2456C:\Users\admin\AppData\Local\Temp\EU66E5.tmp\MicrosoftEdgeUpdate.exe /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EU66E5.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\temp\eu66e5.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
3628"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.39\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4904"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.39\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5096MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Roblox\Versions\version-1088f3c8e4a44cc7\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
RobloxPlayerInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\roblox\versions\version-1088f3c8e4a44cc7\webview2runtimeinstaller\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
5248"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NkI3QUE2NEQtQkVCRC00NUVDLUJFNTAtRDdGMjM5RDMzNTdCfSIgdXNlcmlkPSJ7MUREMDcyQzQtQTU1NC00NjI3LTgyNkYtRTMwOUVCMDM3MjE3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3MEI4Q0NCQi1EMUUwLTQyREQtODA0MC1FOTlBREYxNjk4RTZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNCIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE3MS4zOSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTk5NDQzODgxMDciIGluc3RhbGxfdGltZV9tcz0iNDI1Ii8-PC9hcHA-PC9yZXF1ZXN0PgC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
5960C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6188"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{6B7AA64D-BEBD-45EC-BE50-D7F239D3357B}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
Total events
16 754
Read events
11 124
Write events
5 596
Delete events
34

Modification events

(PID) Process:(1324) RobloxPlayerInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio
Operation:writeName:WarnOnOpen
Value:
0
(PID) Process:(1324) RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio
Operation:writeName:URL Protocol
Value:
(PID) Process:(1324) RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio\shell\open\command
Operation:writeName:version
Value:
version-034c0d4a0a9b44cc
(PID) Process:(5960) slui.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3c\52C64B7E
Operation:writeName:@%SystemRoot%\System32\sppcomapi.dll,-3200
Value:
Software Licensing
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.171.39
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(2456) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.171.39
Executable files
206
Suspicious files
27
Text files
5
Unknown types
1

Dropped files

PID
Process
Filename
Type
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Versions\RobloxStudioInstaller.exeexecutable
MD5:4FA63F4CCB9B1FCA93AB82E51C6D4750
SHA256:685F8B14EB645F892A666CF61CF691D086FE0D3E344A245323F1FE75034869FB
1324RobloxPlayerInstaller.exeC:\Users\admin\Desktop\Roblox Studio.lnkbinary
MD5:5528FD47EBDA273F7323D3B9295BDB55
SHA256:A93ACE1C61A873CDAB21946FF4E15EB6A1C990F0C2247CE32B7BA390269DD8DE
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\Roblox Studio.lnkbinary
MD5:47D6350F3BDE974B5B12AD0FE55AE5BC
SHA256:BB400AD702EB6F11DBFC6213CF47502D87F5784BC89F53DD7480DB2687CEAB65
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\32b1e1dc9c28a412cd13936305620af8compressed
MD5:32B1E1DC9C28A412CD13936305620AF8
SHA256:04AB3782BDF95AE8640BABDFD7524A33A744F5B3D10C7523F6C7A704E79AB3F3
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Temp\Roblox\http\RBX7FCDBA42740F4F7589ABEEA840190B92binary
MD5:299580D8CE970727F7737D544B6BD512
SHA256:E01FBF19732B0D4695A14AD43A6745F64DCCFCC0E370179A96BBA95C7F864B4E
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\10d006d42a659946cb67191c4668fc7dcompressed
MD5:10D006D42A659946CB67191C4668FC7D
SHA256:BF4439BCD6F6B968EC4A2DF0DFE22E1705ED64FE18E17C2214DD65DF58017720
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Temp\Roblox\http\8913724486d5e3c463c493b25346ca31binary
MD5:299580D8CE970727F7737D544B6BD512
SHA256:E01FBF19732B0D4695A14AD43A6745F64DCCFCC0E370179A96BBA95C7F864B4E
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\logs\cacert.pemtext
MD5:0194EB945475F93844C0FAE769C0FA0B
SHA256:A6BC06B8255E4AFE2EEFF34684605D04DF9EC246FC201BF5E44137987189A0D3
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\909f4b9d7bc03a926d35e84d0c99ffbfcompressed
MD5:909F4B9D7BC03A926D35E84D0C99FFBF
SHA256:C139AD55ACEBF739689CC1E29F84BA7731DC7FFC03F70BBBBD16929E3D439EC0
1324RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\b4b75c21ce05378163042dc45cec5834compressed
MD5:B4B75C21CE05378163042DC45CEC5834
SHA256:4D6FE68C8B4941CE335CE5597EBBC1F27AB02646E9AF98AF8A76875AD0FD191F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
61
DNS requests
25
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1968
svchost.exe
GET
200
2.16.164.72:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
3652
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
1968
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
5864
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
4084
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
unknown
4944
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
4944
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
3040
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
unknown
1776
svchost.exe
GET
23.48.23.66:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bde64f47-8fa3-4f6c-8bce-d274241b6a2b?P1=1721079928&P2=404&P3=2&P4=Esof0rS97qcTZ1Qvp1HGDxsDQhiOYm9PrCveNdkl3qW9%2buzD3z%2f21qa9gLJHGl%2fyBybwdkXcOrzv616zDfiwxQ%3d%3d
unknown
unknown
1776
svchost.exe
HEAD
200
23.48.23.66:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bde64f47-8fa3-4f6c-8bce-d274241b6a2b?P1=1721079928&P2=404&P3=2&P4=Esof0rS97qcTZ1Qvp1HGDxsDQhiOYm9PrCveNdkl3qW9%2buzD3z%2f21qa9gLJHGl%2fyBybwdkXcOrzv616zDfiwxQ%3d%3d
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1968
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
2448
RUXIMICS.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
900
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1324
RobloxPlayerInstaller.exe
128.116.119.3:443
ecsv2.roblox.com
ROBLOX-PRODUCTION
US
unknown
4032
svchost.exe
239.255.255.250:1900
whitelisted
1324
RobloxPlayerInstaller.exe
99.86.4.62:443
clientsettingscdn.roblox.com
AMAZON-02
US
unknown
1324
RobloxPlayerInstaller.exe
205.234.175.102:443
setup.rbxcdn.com
CACHENETWORKS
US
unknown
3652
svchost.exe
40.126.31.71:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3652
svchost.exe
192.229.221.95:80
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
ecsv2.roblox.com
  • 128.116.119.3
whitelisted
clientsettingscdn.roblox.com
  • 99.86.4.62
  • 99.86.4.125
  • 99.86.4.20
  • 99.86.4.8
whitelisted
setup.rbxcdn.com
  • 205.234.175.102
whitelisted
login.live.com
  • 40.126.31.71
  • 20.190.159.64
  • 40.126.31.67
  • 20.190.159.73
  • 20.190.159.71
  • 20.190.159.0
  • 20.190.159.23
  • 20.190.159.75
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
nexusrules.officeapps.live.com
  • 52.111.236.23
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 2.16.164.72
  • 2.16.164.120
whitelisted
client.wns.windows.com
  • 40.113.110.67
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted

Threats

PID
Process
Class
Message
1776
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
RobloxPlayerInstaller.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RobloxPlayerInstaller.exe