7.0
高危
2 个模型检测该样本为恶意!
重新分析
更多

170207f69c7339238216f2800d8eae5c6d1116754de9d2f7014f1e88ac19670e

d9504e4631b13ab3db2268f05c592116.exe

分析耗时

79s

最近分析

文件大小

1.0MB
静态报毒 动态报毒 BSCOPE DOWNLOADER26
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee 20210117 6.0.6.653
CrowdStrike 20190702 1.0
Alibaba 20190527 0.3.0.5
Baidu 20190318 1.0.0.2
Avast 20210117 21.1.5827.0
Kingsoft 20210117 2017.9.26.565
静态指标
Queries for the computername (2 个事件)
Time & API Arguments Status Return Repeated
1619948410.333436
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
1619948417.802436
GetComputerNameW
computer_name: OSKAR-PC
success 1 0
This executable is signed
This executable has a PDB path (1 个事件)
pdb_path d:\BuildAgent\work\Trunk2012\Client\Installer\BootstrapperClient\bin\Release\RobloxPlayerLauncher.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619948410.067436
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (5 个事件)
suspicious_features GET method with no useragent header, HTTP version 1.0 used suspicious_request GET http://setup.roblox.com/version?guid19255
suspicious_features GET method with no useragent header, HTTP version 1.0 used suspicious_request GET http://setup.roblox.com/version-0658018801724832-RobloxVersion.txt
suspicious_features GET method with no useragent header, HTTP version 1.0 used suspicious_request GET http://setup.roblox.com/cdn.txt
suspicious_features GET method with no useragent header, HTTP version 1.0 used suspicious_request GET http://setup.rbxcdn.com/version-0658018801724832-RobloxPlayerLauncher.exe
suspicious_features POST method with no referer header suspicious_request POST https://ephemeralcounters.api.roblox.com/v1.1/Counters/BatchIncrement?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
Performs some HTTP requests (11 个事件)
request GET http://clientsettings.api.roblox.com/Setting/QuietGet/WindowsBootstrapperSettings/?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
request GET http://setup.roblox.com/version?guid19255
request GET http://setup.roblox.com/version-0658018801724832-RobloxVersion.txt
request GET http://setup.roblox.com/cdn.txt
request GET http://setup.rbxcdn.com/version-0658018801724832-RobloxPlayerLauncher.exe
request GET http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D
request GET http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
request GET http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D
request GET http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D
request GET https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper
request POST https://ephemeralcounters.api.roblox.com/v1.1/Counters/BatchIncrement?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
Sends data using the HTTP POST Method (1 个事件)
request POST https://ephemeralcounters.api.roblox.com/v1.1/Counters/BatchIncrement?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F
Creates a shortcut to an executable file (8 个事件)
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Studio 2.0.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox\Play Roblox.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Studio Beta.lnk
file C:\Users\Administrator.Oskar-PC\Desktop\ROBLOX Studio 2.0.lnk
file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Studio 2.0 Beta.lnk
file C:\Users\Administrator.Oskar-PC\Desktop\ROBLOX Studio 2.0 Beta.lnk
file C:\Users\Administrator.Oskar-PC\Desktop\Play Roblox.lnk
file C:\Users\Administrator.Oskar-PC\Desktop\ROBLOX Studio Beta.lnk
Drops a binary and executes it (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RBX-72AAB494.tmp
Drops an executable to the user AppData folder (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RBX-72AAB494.tmp
File has been identified by 2 AntiVirus engines on VirusTotal as malicious (2 个事件)
DrWeb Trojan.DownLoader26.12515
VBA32 BScope.Trojan.Downloader
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619948411.833436
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
Queries for potentially installed applications (1 个事件)
Time & API Arguments Status Return Repeated
1619948410.411436
RegOpenKeyExW
access: 0x00020019
base_handle: 0x80000002
key_handle: 0x00000000
regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B805FF17-92FE-4757-8142-F0A2850DFE03}
regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{B805FF17-92FE-4757-8142-F0A2850DFE03}
options: 0
failed 2 0
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Attempts to create or modify system certificates (1 个事件)
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4\Blob
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619948414.411436
RegSetValueExA
key_handle: 0x000003a0
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619948414.411436
RegSetValueExA
key_handle: 0x000003a0
value: àâ'.?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619948414.427436
RegSetValueExA
key_handle: 0x000003a0
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619948414.427436
RegSetValueExW
key_handle: 0x000003a0
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619948414.427436
RegSetValueExA
key_handle: 0x000003b8
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619948414.427436
RegSetValueExA
key_handle: 0x000003b8
value: àâ'.?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619948414.427436
RegSetValueExA
key_handle: 0x000003b8
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619948414.458436
RegSetValueExW
key_handle: 0x0000039c
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619948416.317436
RegSetValueExA
key_handle: 0x0000040c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619948416.317436
RegSetValueExA
key_handle: 0x0000040c
value: ¸J.?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619948416.317436
RegSetValueExA
key_handle: 0x0000040c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619948416.317436
RegSetValueExW
key_handle: 0x0000040c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619948416.317436
RegSetValueExA
key_handle: 0x00000410
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619948416.317436
RegSetValueExA
key_handle: 0x00000410
value: ¸J.?×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619948416.333436
RegSetValueExA
key_handle: 0x00000410
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Generates some ICMP traffic
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-07-28 04:08:49

Imports

Library KERNEL32.dll:
0x46c0b0 GetModuleHandleW
0x46c0b4 GetTempPathW
0x46c0b8 DeleteFileW
0x46c0bc GetVersionExW
0x46c0c0 GetSystemTime
0x46c0c4 lstrcmpW
0x46c0c8 GetModuleFileNameW
0x46c0cc MultiByteToWideChar
0x46c0d0 lstrlenA
0x46c0d4 WideCharToMultiByte
0x46c0d8 lstrlenW
0x46c0e0 WaitForSingleObject
0x46c0e4 ReleaseMutex
0x46c0e8 CreateMutexW
0x46c0ec SetEvent
0x46c0f0 ResetEvent
0x46c0f4 SetEndOfFile
0x46c0f8 CreateFileA
0x46c0fc GetLocaleInfoW
0x46c100 SetStdHandle
0x46c104 WriteConsoleW
0x46c108 GetConsoleOutputCP
0x46c10c WriteConsoleA
0x46c110 GetModuleHandleA
0x46c114 GetStringTypeW
0x46c118 GetStringTypeA
0x46c11c IsValidLocale
0x46c120 EnumSystemLocalesA
0x46c124 GetLocaleInfoA
0x46c128 GetUserDefaultLCID
0x46c12c LoadLibraryA
0x46c134 GetCommandLineW
0x46c140 IsValidCodePage
0x46c144 GetOEMCP
0x46c148 GetACP
0x46c14c FlushFileBuffers
0x46c150 ReadFile
0x46c154 SetFilePointer
0x46c158 GetConsoleMode
0x46c15c GetConsoleCP
0x46c160 GetModuleFileNameA
0x46c164 GetStartupInfoA
0x46c168 GetFileType
0x46c16c GetStdHandle
0x46c170 SetHandleCount
0x46c174 VirtualAlloc
0x46c178 VirtualFree
0x46c17c HeapCreate
0x46c180 OpenEventW
0x46c184 CreateEventW
0x46c188 GetLastError
0x46c18c GetCPInfo
0x46c190 LCMapStringW
0x46c194 LCMapStringA
0x46c198 CloseHandle
0x46c19c CreateEventA
0x46c1a0 FormatMessageA
0x46c1a4 LocalFree
0x46c1a8 CreateSemaphoreA
0x46c1ac HeapAlloc
0x46c1b0 GetProcessHeap
0x46c1b4 HeapFree
0x46c1c4 ReleaseSemaphore
0x46c1cc GetCurrentThreadId
0x46c1d0 GetCurrentProcess
0x46c1d4 GetCurrentThread
0x46c1d8 DuplicateHandle
0x46c1dc LoadLibraryW
0x46c1e0 GetProcAddress
0x46c1e4 FreeLibrary
0x46c1e8 CreateProcessW
0x46c1ec RaiseException
0x46c1f0 TerminateProcess
0x46c1f4 GetTickCount
0x46c1f8 GetUserGeoID
0x46c1fc GetGeoInfoW
0x46c200 CompareFileTime
0x46c204 FindFirstFileW
0x46c208 FindNextFileW
0x46c20c FindClose
0x46c210 Sleep
0x46c214 GetLocalTime
0x46c218 OpenProcess
0x46c21c CreateDirectoryW
0x46c220 VerSetConditionMask
0x46c224 VerifyVersionInfoW
0x46c228 GetDiskFreeSpaceExW
0x46c22c SetFileAttributesW
0x46c230 RemoveDirectoryW
0x46c234 CreateFileMappingW
0x46c238 MapViewOfFile
0x46c23c UnmapViewOfFile
0x46c240 SizeofResource
0x46c244 LockResource
0x46c248 LoadResource
0x46c24c FindResourceW
0x46c250 FindResourceExW
0x46c254 GetShortPathNameW
0x46c258 FormatMessageW
0x46c25c CreateFileW
0x46c260 GetFileAttributesW
0x46c270 TlsAlloc
0x46c274 InterlockedExchange
0x46c280 TerminateThread
0x46c284 QueueUserAPC
0x46c288 SleepEx
0x46c294 SetWaitableTimer
0x46c2a0 SetLastError
0x46c2a4 TlsGetValue
0x46c2a8 TlsSetValue
0x46c2ac TlsFree
0x46c2b4 GetFileSizeEx
0x46c2b8 MulDiv
0x46c2c0 OpenEventA
0x46c2c4 GetCurrentProcessId
0x46c2cc ResumeThread
0x46c2d0 GetExitCodeProcess
0x46c2d4 lstrcpyW
0x46c2d8 lstrcatW
0x46c2dc WriteFile
0x46c2e0 GetFileTime
0x46c2ec SetFileTime
0x46c2f0 HeapDestroy
0x46c2f4 HeapReAlloc
0x46c2f8 HeapSize
0x46c304 IsDebuggerPresent
0x46c308 RtlUnwind
0x46c30c GetStartupInfoW
0x46c310 ExitProcess
0x46c314 ExitThread
0x46c318 CreateThread
Library USER32.dll:
0x46c384 InvalidateRect
0x46c388 ShowWindow
0x46c38c SetWindowLongW
0x46c390 CreateWindowExW
0x46c394 LoadBitmapW
0x46c398 DefWindowProcW
0x46c39c CallWindowProcW
0x46c3a0 GetParent
0x46c3a4 GetWindowRect
0x46c3a8 SendMessageW
0x46c3ac GetWindowLongW
0x46c3b4 SetWindowTextW
0x46c3b8 CharNextW
0x46c3bc GetMessageW
0x46c3c4 TranslateMessage
0x46c3c8 DispatchMessageW
0x46c3cc SetFocus
0x46c3d0 SetWindowPos
0x46c3d4 MessageBoxW
0x46c3d8 PostThreadMessageW
0x46c3e0 EnumWindows
0x46c3e4 GetDlgItem
0x46c3e8 PostQuitMessage
0x46c3ec BeginPaint
0x46c3f0 CharUpperW
0x46c3f4 EndPaint
0x46c3f8 LoadIconW
0x46c3fc RegisterClassW
0x46c400 GetSystemMetrics
0x46c404 GetDC
0x46c408 ReleaseDC
0x46c40c SetTimer
0x46c410 FillRect
0x46c414 DestroyWindow
0x46c418 EnableWindow
0x46c41c IsWindowVisible
0x46c420 SetForegroundWindow
0x46c424 PostMessageW
0x46c428 GetWindowTextW
0x46c42c MessageBoxA
0x46c430 LoadAcceleratorsW
0x46c434 KillTimer
Library GDI32.dll:
0x46c07c Rectangle
0x46c080 SelectObject
0x46c084 CreatePen
0x46c088 GetStockObject
0x46c08c SetTextColor
0x46c090 CreateFontW
0x46c094 DeleteObject
0x46c098 GetDeviceCaps
0x46c09c SetBkMode
0x46c0a0 CreateSolidBrush
Library ADVAPI32.dll:
0x46c000 GetTokenInformation
0x46c004 RegQueryValueExW
0x46c008 RegOpenKeyExW
0x46c00c RegCloseKey
0x46c010 GetUserNameW
0x46c014 GetSidSubAuthority
0x46c01c DuplicateToken
0x46c020 RegDeleteKeyW
0x46c024 RegEnumKeyExW
0x46c028 RegDeleteValueW
0x46c02c IsValidSid
0x46c030 GetLengthSid
0x46c034 CopySid
0x46c038 OpenProcessToken
0x46c03c OpenThreadToken
0x46c044 InitializeSid
0x46c048 RegSetValueExW
0x46c04c RegCreateKeyExW
0x46c050 CryptGetHashParam
0x46c054 CryptHashData
0x46c058 CryptDestroyHash
0x46c05c CryptReleaseContext
0x46c060 CryptCreateHash
0x46c068 RegFlushKey
Library SHELL32.dll:
0x46c344 ShellExecuteW
0x46c34c ShellExecuteExW
Library ole32.dll:
0x46c4cc CoUninitialize
0x46c4d0 CoCreateInstance
0x46c4d4 CoCreateGuid
0x46c4d8 CoInitialize
0x46c4dc StringFromGUID2
Library OLEAUT32.dll:
0x46c320 VariantClear
0x46c324 VariantInit
0x46c328 RegisterTypeLib
0x46c32c SysAllocString
0x46c330 SysFreeString
Library SHLWAPI.dll:
0x46c354 SHDeleteKeyW
0x46c358 StrCmpW
0x46c35c PathAddBackslashW
0x46c360 StrRChrW
0x46c364 StrCpyW
0x46c368 StrCmpNW
0x46c36c PathFileExistsW
0x46c370 StrDupW
0x46c374 StrStrW
Library VERSION.dll:
0x46c444 GetFileVersionInfoW
0x46c448 VerQueryValueW
Library SensApi.dll:
0x46c37c IsNetworkAlive
Library USERENV.dll:
0x46c43c UnloadUserProfile
Library WS2_32.dll:
0x46c48c select
0x46c490 ioctlsocket
0x46c494 WSASend
0x46c498 WSASocketW
0x46c49c setsockopt
0x46c4a0 WSAGetLastError
0x46c4a4 getaddrinfo
0x46c4a8 freeaddrinfo
0x46c4ac connect
0x46c4b0 getsockopt
0x46c4b4 WSARecv
0x46c4b8 WSASetLastError
0x46c4bc WSAStartup
0x46c4c0 closesocket
0x46c4c4 WSACleanup
Library WININET.dll:
0x46c454 InternetSetOptionW
0x46c458 HttpQueryInfoW
0x46c45c HttpEndRequestW
0x46c460 HttpSendRequestW
0x46c464 HttpOpenRequestW
0x46c46c InternetCloseHandle
0x46c470 InternetConnectW
0x46c474 InternetWriteFile
0x46c478 HttpSendRequestExW
0x46c47c InternetReadFile
0x46c484 InternetOpenW
Library COMCTL32.dll:
0x46c070 _TrackMouseEvent
Library PSAPI.DLL:
0x46c33c EnumProcesses
Library IPHLPAPI.DLL:
0x46c0a8 GetAdaptersInfo

Hosts

No hosts contacted.

DNS

Name Response Post-Analysis Lookup
ocsp.digicert.com A 93.184.220.29
CNAME cs9.wac.phicdn.net 		117.18.237.29
ephemeralcounters.api.roblox.com CNAME gold.roblox.com
A 128.116.120.3 		128.116.120.3
clientsettingscdn.roblox.com CNAME e6850.f.akamaiedge.net
A 23.5.253.254
CNAME clientsettingscdn.roblox.com.edgekey.net 		23.5.253.254
dns.msftncsi.com A 131.107.255.255 131.107.255.255
clientsettingscdn.roblox.qq.com A 101.89.41.247 101.89.41.247
ocsp.godaddy.com A 192.124.249.23
A 192.124.249.22
A 192.124.249.36
A 192.124.249.24
CNAME ocsp.godaddy.com.akadns.net
A 192.124.249.41 		192.124.249.24
clientsettings.api.roblox.com CNAME gold.roblox.com
A 128.116.120.3 		128.116.120.3
setup.rbxcdn.com CNAME roblox-setup.cachefly.net
A 205.234.175.102
CNAME setup-ns1.rbxcdn.com
CNAME rvip12.g.cachefly.net
CNAME setup-cfly.rbxcdn.com 		205.234.175.102
setup-ll.rbxcdn.com CNAME robloxinc.s.llnwi.net
A 111.119.27.92 		111.119.27.92
www.download.windowsupdate.com A 124.225.105.97
CNAME 2-01-3cf7-0009.cdx.cedexis.net
CNAME www.download.windowsupdate.com.cdn.dnsv1.com
CNAME windowsupdate.sched.s11.tdnsv5.com
CNAME 3573033.pack.cdntip.com
CNAME wu-fg-shim.trafficmanager.net 		124.225.105.97
setup-cfly.rbxcdn.com CNAME roblox-setup.cachefly.net
A 205.234.175.102
CNAME rvip12.g.cachefly.net 		205.234.175.102
setup.roblox.com CNAME s3.amazonaws.com
A 52.217.160.0 		52.217.169.136
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255
setup-hw.rbxcdn.com A 205.185.216.42
CNAME cds.j6s6g6p5.hwcdn.net
A 205.185.216.10 		205.185.216.42
setup-ak.rbxcdn.com CNAME a1694.g.akamai.net
A 104.116.243.115
CNAME setup.roblox.com.edgesuite.net
A 23.199.34.32 		104.116.243.115
teredo.ipv6.microsoft.com 127.0.0.1
setup.rbxcdn.qq.com CNAME setup.rbxcdn.qq.com.cdn.dnsv1.com
CNAME 1427990.sched.sma.tdnsv5.com
A 124.225.105.64 		124.225.105.64

TCP

Source Source Port Destination Destination Port
192.168.56.101 49203 124.225.105.97 www.download.windowsupdate.com 80
192.168.56.101 49179 128.116.120.3 clientsettings.api.roblox.com 80
192.168.56.101 49196 128.116.120.3 clientsettings.api.roblox.com 443
192.168.56.101 49200 128.116.120.3 clientsettings.api.roblox.com 443
192.168.56.101 49204 192.124.249.36 ocsp.godaddy.com 80
192.168.56.101 49186 205.234.175.102 setup-cfly.rbxcdn.com 80
192.168.56.101 49193 23.5.253.254 clientsettingscdn.roblox.com 443
192.168.56.101 49198 23.5.253.254 clientsettingscdn.roblox.com 443
192.168.56.101 49181 52.217.160.0 setup.roblox.com 80
192.168.56.101 49183 52.217.160.0 setup.roblox.com 80
192.168.56.101 49184 52.217.160.0 setup.roblox.com 80
192.168.56.101 49194 93.184.220.29 ocsp.digicert.com 80

UDP

Source Source Port Destination Destination Port
192.168.56.101 49713 114.114.114.114 53
192.168.56.101 50002 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 54178 114.114.114.114 53
192.168.56.101 54991 114.114.114.114 53
192.168.56.101 56743 114.114.114.114 53
192.168.56.101 58070 114.114.114.114 53
192.168.56.101 58970 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 61680 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 50534 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 3600
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D 
GET //MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.godaddy.com
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D 
GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com
http://setup.roblox.com/version?guid19255 
GET /version?guid19255 HTTP/1.0
Host: setup.roblox.com
Accept: */*
Connection: close
http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D 
GET //MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.godaddy.com
http://setup.rbxcdn.com/version-0658018801724832-RobloxPlayerLauncher.exe 
GET /version-0658018801724832-RobloxPlayerLauncher.exe HTTP/1.0
Host: setup.rbxcdn.com
Accept: */*
Connection: close
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab 
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 900
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 03 Mar 2021 06:32:16 GMT
If-None-Match: "0d8f4f3f6fd71:0"
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com
http://setup.roblox.com/cdn.txt 
GET /cdn.txt HTTP/1.0
Host: setup.roblox.com
Accept: */*
Connection: close
http://setup.roblox.com/version-0658018801724832-RobloxVersion.txt 
GET /version-0658018801724832-RobloxVersion.txt HTTP/1.0
Host: setup.roblox.com
Accept: */*
Connection: close
http://clientsettings.api.roblox.com/Setting/QuietGet/WindowsBootstrapperSettings/?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F 
GET /Setting/QuietGet/WindowsBootstrapperSettings/?apiKey=76E5A40C-3AE1-4028-9F10-7C62520BD94F HTTP/1.1
User-Agent: Roblox/WinInet
Host: clientsettings.api.roblox.com

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.