File name:

RobloxPlayerInstaller.exe

Full analysis: https://app.any.run/tasks/edb3941e-f360-4492-9333-75d0fe950d95
Verdict: Malicious activity
Analysis date: March 26, 2026, 15:53:50
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
roblox
arch-exec
arch-doc
arch-scr
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

A41CBAE4F6E4E0AE983BA68C562EFA2C

SHA1:

945C5F88F8A18368281547BF553361DABFDD0C96

SHA256:

CB013BF5DC4CDB795D254F794FDFE2806EB6B041DB044760D9427D896096B485

SSDEEP:

98304:Os0jjhcXcnjocSKgsMmmIUXLDG2oJ9Up2rlIhe+ZiCiSzNqYG6nfLLls5YbsXILs:6vZ0mABRZ9k

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 736)
  • SUSPICIOUS

    • Changes default file association

      • RobloxPlayerInstaller.exe (PID: 8128)
    • Executable content was dropped or overwritten

      • RobloxPlayerInstaller.exe (PID: 8128)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2016)
      • MicrosoftEdgeUpdate.exe (PID: 736)
      • MicrosoftEdge_X64_146.0.3856.78.exe (PID: 2652)
      • setup.exe (PID: 5100)
    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 736)
    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 736)
    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1176)
      • MicrosoftEdgeUpdate.exe (PID: 7600)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5224)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7576)
    • Searches for installed software

      • setup.exe (PID: 5100)
  • INFO

    • The sample compiled with english language support

      • RobloxPlayerInstaller.exe (PID: 8128)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2016)
      • MicrosoftEdgeUpdate.exe (PID: 736)
      • MicrosoftEdge_X64_146.0.3856.78.exe (PID: 2652)
      • setup.exe (PID: 5100)
    • Checks supported languages

      • RobloxPlayerInstaller.exe (PID: 8128)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2016)
      • MicrosoftEdgeUpdate.exe (PID: 736)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5224)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1176)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7576)
      • MicrosoftEdgeUpdate.exe (PID: 5876)
      • MicrosoftEdge_X64_146.0.3856.78.exe (PID: 2652)
      • setup.exe (PID: 5100)
      • MicrosoftEdgeUpdate.exe (PID: 4336)
      • MicrosoftEdgeUpdate.exe (PID: 7600)
      • MicrosoftEdgeUpdate.exe (PID: 5304)
    • ROBLOX mutex has been found

      • RobloxPlayerInstaller.exe (PID: 8128)
    • Reads the computer name

      • RobloxPlayerInstaller.exe (PID: 8128)
      • MicrosoftEdgeUpdate.exe (PID: 736)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 5224)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7576)
      • MicrosoftEdgeUpdate.exe (PID: 5304)
      • MicrosoftEdgeUpdate.exe (PID: 4336)
      • MicrosoftEdge_X64_146.0.3856.78.exe (PID: 2652)
      • setup.exe (PID: 5100)
      • MicrosoftEdgeUpdate.exe (PID: 5876)
      • MicrosoftEdgeUpdate.exe (PID: 7600)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 1176)
    • Creates files or folders in the user directory

      • RobloxPlayerInstaller.exe (PID: 8128)
      • MicrosoftEdgeUpdate.exe (PID: 736)
      • MicrosoftEdgeUpdate.exe (PID: 5876)
      • MicrosoftEdge_X64_146.0.3856.78.exe (PID: 2652)
      • setup.exe (PID: 5100)
    • Reads the machine GUID from the registry

      • RobloxPlayerInstaller.exe (PID: 8128)
      • MicrosoftEdgeUpdate.exe (PID: 5876)
    • Process checks whether UAC notifications are on

      • RobloxPlayerInstaller.exe (PID: 8128)
    • Create files in a temporary directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 2016)
      • RobloxPlayerInstaller.exe (PID: 8128)
      • MicrosoftEdgeUpdate.exe (PID: 736)
    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 736)
    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 5304)
    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 736)
      • MicrosoftEdgeUpdate.exe (PID: 5876)
    • Creates a software uninstall entry

      • setup.exe (PID: 5100)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2000:12:22 04:46:36+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 7393280
InitializedDataSize: 2567168
UninitializedDataSize: -
EntryPoint: 0x69ec3e
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.6.0.53022
ProductVersionNumber: 1.6.0.53022
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Roblox Corporation
FileDescription: Roblox
FileVersion: 1, 6, 0, 7130910
LegalCopyright: Copyright © 2020 Roblox Corporation. All rights reserved.
OriginalFileName: Roblox.exe
ProductName: Roblox Bootstrapper
ProductVersion: 1, 6, 0, 7130910
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
146
Monitored processes
12
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start robloxplayerinstaller.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x64_146.0.3856.78.exe setup.exe

Process information

PID
CMD
Path
Indicators
Parent process
736C:\Users\admin\AppData\Local\Temp\EU3544.tmp\MicrosoftEdgeUpdate.exe /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EU3544.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\temp\eu3544.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
1176"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.45\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2016MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Roblox\Versions\version-ae421f0582e54718\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
RobloxPlayerInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\roblox\versions\version-ae421f0582e54718\webview2runtimeinstaller\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2652"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{7BB0FF32-E9C1-4D6A-9505-D6E628C3F7FE}\MicrosoftEdge_X64_146.0.3856.78.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{7BB0FF32-E9C1-4D6A-9505-D6E628C3F7FE}\MicrosoftEdge_X64_146.0.3856.78.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Version:
146.0.3856.78
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{7bb0ff32-e9c1-4d6a-9505-d6e628c3f7fe}\microsoftedge_x64_146.0.3856.78.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4336"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{F5A264A1-A770-46E8-8D6B-53E6721D2468}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
5100"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{7BB0FF32-E9C1-4D6A-9505-D6E628C3F7FE}\EDGEMITMP_49EAF.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{7BB0FF32-E9C1-4D6A-9505-D6E628C3F7FE}\MicrosoftEdge_X64_146.0.3856.78.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --user-levelC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{7BB0FF32-E9C1-4D6A-9505-D6E628C3F7FE}\EDGEMITMP_49EAF.tmp\setup.exe
MicrosoftEdge_X64_146.0.3856.78.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
146.0.3856.78
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{7bb0ff32-e9c1-4d6a-9505-d6e628c3f7fe}\edgemitmp_49eaf.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
5224"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.45\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5304"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDUiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7RjVBMjY0QTEtQTc3MC00NkU4LThENkItNTNFNjcyMUQyNDY4fSIgdXNlcmlkPSJ7MTAwMjgwNzItNjZEOS00NzAxLUJDREYtMzg0QjM1NDY2QTdDfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins4NUMxM0UwRC1BNUI4LTQ2OTItQkY4Ny04MDQyNjBFM0Y2OTh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iNiIgcGh5c21lbW9yeT0iNiIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ1LjQwNDYiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREVMTCIgcHJvZHVjdF9uYW1lPSJERUxMIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE5NS40NSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iOTMyNDg0OTU4MiIgaW5zdGFsbF90aW1lX21zPSI2NDEiLz48L2FwcD48L3JlcXVlc3Q-C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
MicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
5876"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" -EmbeddingC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
7576"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.45\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
8 340
Read events
6 952
Write events
1 340
Delete events
48

Modification events

(PID) Process:(8128) RobloxPlayerInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio
Operation:writeName:WarnOnOpen
Value:
0
(PID) Process:(8128) RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio
Operation:writeName:URL Protocol
Value:
(PID) Process:(8128) RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio\shell\open\command
Operation:writeName:version
Value:
version-913142fd943640d2
(PID) Process:(736) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(736) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(736) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(736) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.45
(PID) Process:(736) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(736) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.45
(PID) Process:(736) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateCore.exe"
Executable files
206
Suspicious files
30
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
8128RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\bd6dfb19add1b4edef68052f943312b2
MD5:
SHA256:
8128RobloxPlayerInstaller.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\Roblox Studio.lnkbinary
MD5:4E042C8DE1A43EFF814FC1137EAA81CD
SHA256:613910445A2ADFEE380417805E1F887258620415124571EC3CFA27C875801FAD
8128RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\RobloxPlayerInstaller\InstallerInfo.logtext
MD5:4963DC35DAB28605CDFAAC205CDCB4A9
SHA256:A195B96DBC05D13C09969C9E9B9C7ABA8A61E9DA3C1E06E4EA2531669F781C89
8128RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\eb9dd4d0637fd6ae21747e6b6a281d21compressed
MD5:EB9DD4D0637FD6AE21747E6B6A281D21
SHA256:5A3AAE5657899B6452004F3F43F122CB6C166C99B7261EFBEB965DA906626ED8
8128RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\04e3775458b79875af80f334672ae38acompressed
MD5:04E3775458B79875AF80F334672AE38A
SHA256:36E8B0CD90BED98CF6FB90F598DBFBCA89C0D38D715071F00E056AAA7AEA599A
8128RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\1d0390337d1a4a58e5514be1a9481ad6compressed
MD5:1D0390337D1A4A58E5514BE1A9481AD6
SHA256:C79F0EEB2BCA4905C585C50333DB3C6F727A554F5DB82E64948F93668FBC18AA
8128RobloxPlayerInstaller.exeC:\Users\admin\Desktop\Roblox Studio.lnkbinary
MD5:DFDCD6A491B5E25EAEA398191BC9521B
SHA256:3DECA643061BA1D2F0C0500068A3A71B289099CCAB4AC1B9CE4F2AC7DFC6E3D6
8128RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\c4af6af488da390683b8a9a3e438dcbdcompressed
MD5:C4AF6AF488DA390683B8A9A3E438DCBD
SHA256:A4ED00DAC33423E5FDE0EA71F714ABBE92592945441F5C3BBE2AFCEB208181B1
8128RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\5bb26467839d09b378b1dc6e3a209825compressed
MD5:5BB26467839D09B378B1DC6E3A209825
SHA256:69A3FDB2F3FD188D4BE46027F4799CB0E972E72DBC12D8999AD498D9CCA502C8
8128RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\59432fff4553d63708f23a74e177d968compressed
MD5:59432FFF4553D63708F23A74E177D968
SHA256:F3EC23ECD650F67923475CC18B4DDB2191D4E0DA141B2CF52890C4C79ED24B67
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
35
DNS requests
25
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
40.127.240.158:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
684
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
684
SIHClient.exe
GET
200
74.178.240.51:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
684
SIHClient.exe
GET
200
74.178.76.128:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
684
SIHClient.exe
GET
304
74.178.76.128:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
8044
svchost.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
NL
binary
312 b
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
US
binary
959 b
whitelisted
5316
svchost.exe
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
NL
binary
471 b
whitelisted
8044
svchost.exe
GET
200
23.216.77.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
8044
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
92.123.104.47:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
23.11.41.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
8128
RobloxPlayerInstaller.exe
128.116.13.3:443
ecsv2.roblox.com
ROBLOX-PRODUCTION
US
whitelisted
8128
RobloxPlayerInstaller.exe
23.41.252.19:443
clientsettingscdn.roblox.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 20.73.194.208
whitelisted
www.bing.com
  • 92.123.104.47
  • 92.123.104.32
  • 92.123.104.60
  • 92.123.104.53
  • 92.123.104.59
  • 92.123.104.51
  • 92.123.104.33
  • 92.123.104.46
  • 92.123.104.52
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
ocsp.digicert.com
  • 23.11.41.157
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
google.com
  • 142.251.110.100
  • 142.251.110.113
  • 142.251.110.139
  • 142.251.110.101
  • 142.251.110.102
  • 142.251.110.138
whitelisted
ecsv2.roblox.com
  • 128.116.13.3
whitelisted
client-telemetry.roblox.com
  • 128.116.13.3
whitelisted
clientsettingscdn.roblox.com
  • 23.41.252.19
whitelisted
setup.rbxcdn.com
  • 23.216.77.19
  • 23.216.77.27
whitelisted

Threats

PID
Process
Class
Message
2268
svchost.exe
Misc activity
ET INFO Packed Executable Download
Process
Message
RobloxPlayerInstaller.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.