download:

/version-889d2588b25a43d1-RobloxPlayerInstaller.exe

Full analysis: https://app.any.run/tasks/fb805d69-fb74-4107-8dc4-3fe184c2a0c6
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: October 31, 2025, 04:32:29
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
roblox
arch-doc
arch-scr
arch-exec
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

9C1429DEAFA2137C38DA54A1EB4A7CA7

SHA1:

88E860936FC37ECB0815BAB81A9ACECEF1D4062D

SHA256:

DFEE812B26192BA5DE8BC0F445DECC6DB9AE5D9C01898D894FB33D3BE12EDEFF

SSDEEP:

98304:as0HxvbrxyyaBZcjAL71Bv4bNGcQ6rb+bjjKbQnUeNQagcPw7taMA211cavenyR4:ATOB7Am

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 7288)

  • SUSPICIOUS

    • Changes default file association

      • version-889d2588b25a43d1-RobloxPlayerInstaller.exe (PID: 7456)

    • Executable content was dropped or overwritten

      • version-889d2588b25a43d1-RobloxPlayerInstaller.exe (PID: 7456)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7176)
      • MicrosoftEdgeUpdate.exe (PID: 7288)
      • MicrosoftEdge_X64_141.0.3537.99.exe (PID: 8128)
      • setup.exe (PID: 8096)

    • Process drops legitimate windows executable

      • version-889d2588b25a43d1-RobloxPlayerInstaller.exe (PID: 7456)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7176)
      • MicrosoftEdgeUpdate.exe (PID: 7288)
      • setup.exe (PID: 8096)
      • MicrosoftEdge_X64_141.0.3537.99.exe (PID: 8128)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 7288)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 7288)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7316)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4832)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2360)
      • MicrosoftEdgeUpdate.exe (PID: 7312)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 7288)
      • MicrosoftEdgeUpdate.exe (PID: 7784)

    • Searches for installed software

      • setup.exe (PID: 8096)

    • Application launched itself

      • setup.exe (PID: 8096)

  • INFO

    • The sample compiled with english language support

      • version-889d2588b25a43d1-RobloxPlayerInstaller.exe (PID: 7456)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7176)
      • MicrosoftEdgeUpdate.exe (PID: 7288)
      • MicrosoftEdge_X64_141.0.3537.99.exe (PID: 8128)
      • setup.exe (PID: 8096)

    • Checks supported languages

      • version-889d2588b25a43d1-RobloxPlayerInstaller.exe (PID: 7456)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7176)
      • MicrosoftEdgeUpdate.exe (PID: 7288)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7316)
      • MicrosoftEdgeUpdate.exe (PID: 7312)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4832)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2360)
      • MicrosoftEdgeUpdate.exe (PID: 7784)
      • MicrosoftEdgeUpdate.exe (PID: 7748)
      • MicrosoftEdgeUpdate.exe (PID: 5648)
      • MicrosoftEdge_X64_141.0.3537.99.exe (PID: 8128)
      • setup.exe (PID: 8096)
      • setup.exe (PID: 3032)

    • Reads the machine GUID from the registry

      • version-889d2588b25a43d1-RobloxPlayerInstaller.exe (PID: 7456)
      • MicrosoftEdgeUpdate.exe (PID: 7784)

    • ROBLOX mutex has been found

      • version-889d2588b25a43d1-RobloxPlayerInstaller.exe (PID: 7456)

    • Reads the computer name

      • version-889d2588b25a43d1-RobloxPlayerInstaller.exe (PID: 7456)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7316)
      • MicrosoftEdgeUpdate.exe (PID: 7312)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 4832)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2360)
      • MicrosoftEdgeUpdate.exe (PID: 7288)
      • MicrosoftEdgeUpdate.exe (PID: 7748)
      • MicrosoftEdgeUpdate.exe (PID: 5648)
      • MicrosoftEdgeUpdate.exe (PID: 7784)
      • MicrosoftEdge_X64_141.0.3537.99.exe (PID: 8128)
      • setup.exe (PID: 8096)

    • Process checks whether UAC notifications are on

      • version-889d2588b25a43d1-RobloxPlayerInstaller.exe (PID: 7456)

    • Creates files or folders in the user directory

      • version-889d2588b25a43d1-RobloxPlayerInstaller.exe (PID: 7456)
      • MicrosoftEdgeUpdate.exe (PID: 7288)
      • MicrosoftEdgeUpdate.exe (PID: 7784)
      • setup.exe (PID: 8096)
      • setup.exe (PID: 3032)
      • MicrosoftEdge_X64_141.0.3537.99.exe (PID: 8128)

    • Reads the software policy settings

      • slui.exe (PID: 1676)
      • MicrosoftEdgeUpdate.exe (PID: 7748)
      • MicrosoftEdgeUpdate.exe (PID: 7784)

    • Checks proxy server information

      • slui.exe (PID: 1676)
      • MicrosoftEdgeUpdate.exe (PID: 7748)
      • MicrosoftEdgeUpdate.exe (PID: 7784)

    • Create files in a temporary directory

      • version-889d2588b25a43d1-RobloxPlayerInstaller.exe (PID: 7456)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7176)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 7288)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 7288)
      • setup.exe (PID: 8096)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 7748)

    • Creates a software uninstall entry

      • setup.exe (PID: 8096)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2080:04:05 21:55:30+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 7016448
InitializedDataSize: 2436608
UninitializedDataSize: -
EntryPoint: 0x643635
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.6.0.24109
ProductVersionNumber: 1.6.0.24109
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Roblox Corporation
FileDescription: Roblox
FileVersion: 1, 6, 0, 6970925
LegalCopyright: Copyright © 2020 Roblox Corporation. All rights reserved.
OriginalFileName: Roblox.exe
ProductName: Roblox Bootstrapper
ProductVersion: 1, 6, 0, 6970925
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
152
Monitored processes
14
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start version-889d2588b25a43d1-robloxplayerinstaller.exe slui.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe microsoftedge_x64_141.0.3537.99.exe setup.exe setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1676C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2360"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.45\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
3032C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{FC0E22BA-5E02-42C6-83AA-2E2AAD216130}\EDGEMITMP_BBAA7.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=141.0.7390.123 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{FC0E22BA-5E02-42C6-83AA-2E2AAD216130}\EDGEMITMP_BBAA7.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=141.0.3537.99 --initial-client-data=0x258,0x25c,0x260,0x234,0x264,0x7ff7148a9568,0x7ff7148a9574,0x7ff7148a9580C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{FC0E22BA-5E02-42C6-83AA-2E2AAD216130}\EDGEMITMP_BBAA7.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Exit code:
0
Version:
141.0.3537.99
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\install\{fc0e22ba-5e02-42c6-83aa-2e2aad216130}\edgemitmp_bbaa7.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
4832"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.45\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5648"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=false" /installsource otherinstallcmd /sessionid "{8EFC10DA-FC7D-4ED0-B196-64FA254B1E80}" /silentC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
7176MicrosoftEdgeWebview2Setup.exe /silent /installC:\Users\admin\AppData\Local\Roblox\Versions\version-889d2588b25a43d1\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
version-889d2588b25a43d1-RobloxPlayerInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\roblox\versions\version-889d2588b25a43d1\webview2runtimeinstaller\microsoftedgewebview2setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
7288C:\Users\admin\AppData\Local\Temp\EU9F2B.tmp\MicrosoftEdgeUpdate.exe /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Users\admin\AppData\Local\Temp\EU9F2B.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\temp\eu9f2b.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
7312"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
7316"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.195.45
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\1.3.195.45\microsoftedgeupdatecomregistershell64.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
7456"C:\Users\admin\AppData\Local\Temp\version-889d2588b25a43d1-RobloxPlayerInstaller.exe" C:\Users\admin\AppData\Local\Temp\version-889d2588b25a43d1-RobloxPlayerInstaller.exe
explorer.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox
Version:
1, 6, 0, 6970925
Modules
Images
c:\users\admin\appdata\local\temp\version-889d2588b25a43d1-robloxplayerinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
Total events
14 830
Read events
10 548
Write events
4 216
Delete events
66

Modification events

(PID) Process:(7456) version-889d2588b25a43d1-RobloxPlayerInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio
Operation:writeName:WarnOnOpen
Value:
0
(PID) Process:(7456) version-889d2588b25a43d1-RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio
Operation:writeName:URL Protocol
Value:
(PID) Process:(7456) version-889d2588b25a43d1-RobloxPlayerInstaller.exeKey:HKEY_CLASSES_ROOT\roblox-studio\shell\open\command
Operation:writeName:version
Value:
version-1e4ca3bb98a04c5f
(PID) Process:(7288) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(7288) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(7288) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(7288) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.45
(PID) Process:(7288) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(7288) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.195.45
(PID) Process:(7288) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateCore.exe"
Executable files
206
Suspicious files
34
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
7456version-889d2588b25a43d1-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Versions\RobloxStudioInstaller.exeexecutable
MD5:CA95790314C9C21BCC5FAA89C9CEE62D
SHA256:06D1B87C034E270852211EC5E1F04F4F6E5EFA3801516B4721A591FC578F126C
7456version-889d2588b25a43d1-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\Roblox Studio.lnkbinary
MD5:472CC57EBE3880F151A53487CE8CB2D7
SHA256:8FD64F8519A66713670346625C73A67E90BF3129488AF0717E6335411560D67E
7456version-889d2588b25a43d1-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\0e39774c3eae99cca2e313fefae24348compressed
MD5:0E39774C3EAE99CCA2E313FEFAE24348
SHA256:BB782D7300280ACFD63387D32B9300BFE172EB8DA4FBB71BDB693FF3DBDD8510
7456version-889d2588b25a43d1-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Temp\Roblox\http\RBX9436BE0D5B70478281A10FF3AC876BCBbinary
MD5:A1AE2C172FD740C8692792680874EB52
SHA256:27FB9696926B734FB6349A63590454E5F1D4C5C6E17D1E519C9EEA735F57D407
7456version-889d2588b25a43d1-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Temp\Roblox\http\8913724486d5e3c463c493b25346ca31binary
MD5:A1AE2C172FD740C8692792680874EB52
SHA256:27FB9696926B734FB6349A63590454E5F1D4C5C6E17D1E519C9EEA735F57D407
7456version-889d2588b25a43d1-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\38deb2423e06386b701540cd877ff421compressed
MD5:38DEB2423E06386B701540CD877FF421
SHA256:E2BA1C9854A21C41AB75AC708E5CEB3A503353F5D94750A8BBEB177A7C58C2DF
7456version-889d2588b25a43d1-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\1d0390337d1a4a58e5514be1a9481ad6compressed
MD5:1D0390337D1A4A58E5514BE1A9481AD6
SHA256:C79F0EEB2BCA4905C585C50333DB3C6F727A554F5DB82E64948F93668FBC18AA
7456version-889d2588b25a43d1-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\logs\cacert.pemtext
MD5:E8D9B7A2CAF82D33F4D5837D570C7C97
SHA256:B1FD98F7CF2256AA8AB46F24F747634615508DF26AEF11F69B20435A647EFDB2
7456version-889d2588b25a43d1-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\eac19b75f782b33a176ef373d0f14448compressed
MD5:EAC19B75F782B33A176EF373D0F14448
SHA256:88C31E58B80BAEA79CE34C0060DC320C1299A88E57AAC0F3573CF57BE1430953
7456version-889d2588b25a43d1-RobloxPlayerInstaller.exeC:\Users\admin\AppData\Local\Roblox\Downloads\roblox-player\51f521ecfa96c8b212ada54aa5ba689bcompressed
MD5:51F521ECFA96C8B212ADA54AA5BA689B
SHA256:7DBBA0B1020A46AB2FCC86FF5954308513C89AF22255E4DA61C49E0CE289F1FC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
37
DNS requests
21
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3148
SIHClient.exe
GET
200
23.37.194.81:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.3.crl
ID
binary
813 b
whitelisted
1036
svchost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
5596
MoUsoCoreWorker.exe
GET
200
95.100.248.134:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
3148
SIHClient.exe
GET
200
23.37.194.81:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
ID
binary
814 b
whitelisted
3148
SIHClient.exe
GET
200
23.37.194.81:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.3.crl
ID
binary
401 b
whitelisted
6884
svchost.exe
HEAD
200
146.75.118.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/504cb484-1668-4301-9fe1-409053d6149e?P1=1762490083&P2=404&P3=2&P4=E4mXRtmKETFDh3NqN8rjpZbH2LH8hE9ZpCojLFoZCkTgc0%2fldKlvxXeRR40E%2foJUr4%2fYC4pempTkEUBfOr8QUg%3d%3d
US
whitelisted
6884
svchost.exe
GET
200
146.75.118.172:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/504cb484-1668-4301-9fe1-409053d6149e?P1=1762490083&P2=404&P3=2&P4=E4mXRtmKETFDh3NqN8rjpZbH2LH8hE9ZpCojLFoZCkTgc0%2fldKlvxXeRR40E%2foJUr4%2fYC4pempTkEUBfOr8QUg%3d%3d
US
executable
178 Mb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1036
svchost.exe
40.126.31.69:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1508
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5596
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
7456
version-889d2588b25a43d1-RobloxPlayerInstaller.exe
128.116.44.3:443
ecsv2.roblox.com
ROBLOX-PRODUCTION
US
whitelisted
7456
version-889d2588b25a43d1-RobloxPlayerInstaller.exe
23.63.119.238:443
clientsettingscdn.roblox.com
AKAMAI-AS
DE
whitelisted
7456
version-889d2588b25a43d1-RobloxPlayerInstaller.exe
3.160.39.24:443
setup.rbxcdn.com
US
whitelisted
1036
svchost.exe
40.126.31.131:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5596
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 40.126.31.69
  • 40.126.31.131
  • 40.126.31.71
  • 20.190.159.73
  • 20.190.159.128
  • 40.126.31.1
  • 20.190.159.23
  • 40.126.31.67
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
google.com
  • 142.250.180.110
whitelisted
ecsv2.roblox.com
  • 128.116.44.3
whitelisted
client-telemetry.roblox.com
  • 128.116.44.3
unknown
clientsettingscdn.roblox.com
  • 23.63.119.238
whitelisted
setup.rbxcdn.com
  • 3.160.39.24
whitelisted
ocsp.digicert.com
  • 23.63.118.230
whitelisted
crl.microsoft.com
  • 95.100.248.134
whitelisted
slscr.update.microsoft.com
  • 74.179.77.204
whitelisted

Threats

PID
Process
Class
Message
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
6884
svchost.exe
Misc activity
ET INFO Packed Executable Download
Process
Message
version-889d2588b25a43d1-RobloxPlayerInstaller.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/version-889d2588b25a43d1-RobloxPlayerInstaller.exe