File name:

RobloxPlayerInstaller (1).exe

Full analysis: https://app.any.run/tasks/904b99c5-e2ac-4e9c-8859-d302060e322b
Verdict: Malicious activity
Analysis date: April 02, 2025, 20:54:25
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
roblox
arch-doc
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

443DF84258F3CC21EFB5AD185ED2FE4F

SHA1:

22DC3B0C04FF55DCA5A93856A1FF30CEA6E5E7E8

SHA256:

B982252FEF5780CA193D07FB2754F721EF7869C2D583A09217B8D3C1E6D2EF49

SSDEEP:

98304:PZs09sCy58FuGFXB5vJ3nd4t9uRcdd1kuhY8JeJaf5YAjcWaQAjn+sRXD3R/pVEM:7R8RVRUKTxM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 8020)

  • SUSPICIOUS

    • Changes default file association

      • RobloxPlayerInstaller (1).exe (PID: 5244)

    • Executable content was dropped or overwritten

      • RobloxPlayerInstaller (1).exe (PID: 5244)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7992)
      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • Process drops legitimate windows executable

      • RobloxPlayerInstaller (1).exe (PID: 5244)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7992)
      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • The process drops C-runtime libraries

      • RobloxPlayerInstaller (1).exe (PID: 5244)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8068)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8096)
      • MicrosoftEdgeUpdate.exe (PID: 8044)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8124)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 8020)

  • INFO

    • Reads the computer name

      • RobloxPlayerInstaller (1).exe (PID: 5244)
      • MicrosoftEdgeUpdate.exe (PID: 8020)
      • MicrosoftEdgeUpdate.exe (PID: 8044)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8068)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8096)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8124)
      • MicrosoftEdgeUpdate.exe (PID: 6040)
      • MicrosoftEdgeUpdate.exe (PID: 536)
      • MicrosoftEdgeUpdate.exe (PID: 8156)

    • ROBLOX mutex has been found

      • RobloxPlayerInstaller (1).exe (PID: 5244)

    • The sample compiled with english language support

      • RobloxPlayerInstaller (1).exe (PID: 5244)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7992)
      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • Process checks whether UAC notifications are on

      • RobloxPlayerInstaller (1).exe (PID: 5244)

    • Checks supported languages

      • RobloxPlayerInstaller (1).exe (PID: 5244)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7992)
      • MicrosoftEdgeUpdate.exe (PID: 8020)
      • MicrosoftEdgeUpdate.exe (PID: 8044)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8068)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8096)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8124)
      • MicrosoftEdgeUpdate.exe (PID: 6040)
      • MicrosoftEdgeUpdate.exe (PID: 536)
      • MicrosoftEdgeUpdate.exe (PID: 8156)

    • Reads the machine GUID from the registry

      • RobloxPlayerInstaller (1).exe (PID: 5244)

    • Creates files or folders in the user directory

      • RobloxPlayerInstaller (1).exe (PID: 5244)
      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • Create files in a temporary directory

      • RobloxPlayerInstaller (1).exe (PID: 5244)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7992)
      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 8156)
      • MicrosoftEdgeUpdate.exe (PID: 536)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 8156)
      • MicrosoftEdgeUpdate.exe (PID: 536)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 8156)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1989:03:09 12:13:03+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 4830208
InitializedDataSize: 2926592
UninitializedDataSize: -
EntryPoint: 0x438b45
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.6.1.1404
ProductVersionNumber: 1.6.1.1404
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Roblox Corporation
FileDescription: Roblox
FileVersion: 1, 6, 1, 6620540
LegalCopyright: Copyright © 2020 Roblox Corporation. All rights reserved.
OriginalFileName: Roblox.exe
ProductName: Roblox Bootstrapper
ProductVersion: 1, 6, 1, 6620540
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
12
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start robloxplayerinstaller (1).exe sppextcomobj.exe no specs slui.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe

Process information

PID
CMD
Path
Indicators
Parent process
536"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
5244"C:\Users\admin\AppData\Local\Temp\RobloxPlayerInstaller (1).exe" C:\Users\admin\AppData\Local\Temp\RobloxPlayerInstaller (1).exe
explorer.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox
Version:
1, 6, 1, 6620540
Modules
Images
c:\users\admin\appdata\local\temp\robloxplayerinstaller (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
6040"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{57F251A4-F989-4AE0-84DE-1DE69BD43243}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
7184C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
7220"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7992MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Roblox\Versions\version-347f4ac346734391\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
RobloxPlayerInstaller (1).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\roblox\versions\version-347f4ac346734391\webview2runtimeinstaller\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
8020C:\Users\admin\AppData\Local\Temp\EU7C61.tmp\MicrosoftEdgeUpdate.exe /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EU7C61.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\temp\eu7c61.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
8044"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
8068"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.39\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
8096"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.171.39
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.171.39\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
3 366
Read events
3 035
Write events
297
Delete events
34

Modification events

(PID) Process:(5244) RobloxPlayerInstaller (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio
Operation:writeName:WarnOnOpen
Value:
0
(PID) Process:(5244) RobloxPlayerInstaller (1).exeKey:HKEY_CLASSES_ROOT\roblox-studio
Operation:writeName:URL Protocol
Value:
(PID) Process:(5244) RobloxPlayerInstaller (1).exeKey:HKEY_CLASSES_ROOT\roblox-studio\shell\open\command
Operation:writeName:version
Value:
version-163b500c1e564deb
(PID) Process:(8020) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(8020) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(8020) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(8020) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.171.39
(PID) Process:(8020) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(8020) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.171.39
(PID) Process:(8020) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateCore.exe"
Executable files
206
Suspicious files
33
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
5244RobloxPlayerInstaller (1).exeC:\Users\admin\AppData\Local\Roblox\logs\cacert.pemtext
MD5:6CED45AE0FCB6620235271F2C6F41411
SHA256:AD64CF840A0FCE7924AC5F8A4F6900BFE73709A5A61031404A213AB563C286D8
5244RobloxPlayerInstaller (1).exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\Roblox Studio.lnkbinary
MD5:C79517096B0EC2C119C2ED93A39C2194
SHA256:4E718757DC120C71901A586A3ED03EE6335215B256E797BED86FD04B056F4DED
5244RobloxPlayerInstaller (1).exeC:\Users\admin\AppData\Local\Roblox\Versions\RobloxStudioInstaller.exeexecutable
MD5:C26F2F88223B100D1CAA2E254AEB3FD2
SHA256:653B5FF08C0C890E103E31F53FCF6B9CFBBF462FC4481A62FFC84CF4F0C562DD
5244RobloxPlayerInstaller (1).exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\a431ecca42ac73a5714d071b5767e16bcompressed
MD5:A431ECCA42AC73A5714D071B5767E16B
SHA256:1674323F76249EC55862DFDF7B7D40519789975CB38FF34C202D45AEB804EA7A
5244RobloxPlayerInstaller (1).exeC:\Users\admin\AppData\Local\Temp\Roblox\http\8913724486d5e3c463c493b25346ca31binary
MD5:C0D4C4C71601C87350565B7F8AB03FED
SHA256:2E25BB5226FB26F5C83A3D29DFCC90FE1A055AC4D7046567A4AE21DBB73AF185
5244RobloxPlayerInstaller (1).exeC:\Users\admin\Desktop\Roblox Studio.lnkbinary
MD5:01988FBA4E99F3FAC94E3FA6E62C2014
SHA256:D031E30534C23070E0BB233809584FAAADAF281EDAAF6F4DBFB148166F692B82
5244RobloxPlayerInstaller (1).exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\6afd47a719d26cac99abd568c21f2066compressed
MD5:6AFD47A719D26CAC99ABD568C21F2066
SHA256:F8C9F80C413BBC3A95624BCC39FA7B00100CCA26DF312C58542308A8A331D5DD
5244RobloxPlayerInstaller (1).exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\8bd85f4e8e0f8904501eb60e6f3bf7eecompressed
MD5:8BD85F4E8E0F8904501EB60E6F3BF7EE
SHA256:2E01FCA8EA0CDFCB1E6962AE9A8DC8FAB9241441E2568D812AAD9A11E1BFF57B
5244RobloxPlayerInstaller (1).exeC:\Users\admin\AppData\Local\Temp\Roblox\http\RBX3C24A6A4196B448BBF3BBB4FCC9CA951binary
MD5:C0D4C4C71601C87350565B7F8AB03FED
SHA256:2E25BB5226FB26F5C83A3D29DFCC90FE1A055AC4D7046567A4AE21DBB73AF185
5244RobloxPlayerInstaller (1).exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\5d26d3f1ca97b69805186ca7806d31d7compressed
MD5:5D26D3F1CA97B69805186CA7806D31D7
SHA256:BA2A2268EDFCDB519B7ACF0E20C82DDDC0F4DD9A60D808E8A2E16A44FE642BEA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
30
DNS requests
20
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7824
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
2.18.244.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.18.244.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7824
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6564
svchost.exe
HEAD
200
208.89.74.21:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6247807b-198f-48aa-b0b7-0f270de07af6?P1=1744232126&P2=404&P3=2&P4=cvmtR0UXh8nEXYaqoWHodIqLRo3A0JJfeCTLLuCmpJEOtxqscS0NkrcXA7V95qXQH6G%2foXxY60bmUebNDCjhCQ%3d%3d
unknown
whitelisted
6564
svchost.exe
GET
208.89.74.21:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6247807b-198f-48aa-b0b7-0f270de07af6?P1=1744232126&P2=404&P3=2&P4=cvmtR0UXh8nEXYaqoWHodIqLRo3A0JJfeCTLLuCmpJEOtxqscS0NkrcXA7V95qXQH6G%2foXxY60bmUebNDCjhCQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.18.244.211:80
crl.microsoft.com
Akamai International B.V.
FR
whitelisted
5496
MoUsoCoreWorker.exe
2.18.244.211:80
crl.microsoft.com
Akamai International B.V.
FR
whitelisted
5244
RobloxPlayerInstaller (1).exe
128.116.21.3:443
ecsv2.roblox.com
ROBLOX-PRODUCTION
US
whitelisted
5244
RobloxPlayerInstaller (1).exe
52.222.236.6:443
clientsettingscdn.roblox.com
AMAZON-02
US
whitelisted
5244
RobloxPlayerInstaller (1).exe
2.18.244.218:443
setup.rbxcdn.com
Akamai International B.V.
FR
whitelisted
3216
svchost.exe
20.7.2.167:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6544
svchost.exe
20.190.159.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.18.244.211
  • 2.18.244.216
whitelisted
google.com
  • 216.58.206.46
whitelisted
ecsv2.roblox.com
  • 128.116.21.3
whitelisted
client-telemetry.roblox.com
  • 128.116.21.3
whitelisted
clientsettingscdn.roblox.com
  • 52.222.236.6
  • 52.222.236.113
  • 52.222.236.86
  • 52.222.236.43
whitelisted
setup.rbxcdn.com
  • 2.18.244.218
  • 2.18.244.200
whitelisted
client.wns.windows.com
  • 20.7.2.167
whitelisted
login.live.com
  • 20.190.159.130
  • 40.126.31.2
  • 20.190.159.75
  • 20.190.159.131
  • 20.190.159.64
  • 40.126.31.130
  • 40.126.31.128
  • 40.126.31.131
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted

Threats

PID
Process
Class
Message
6564
svchost.exe
Misc activity
ET INFO Packed Executable Download
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RobloxPlayerInstaller (1).exe