File name:

Roblox-Player-wind10.exe

Full analysis: https://app.any.run/tasks/a7065a39-056c-4efb-953a-91ca439fbbc2
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: October 12, 2024, 19:02:23
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
loader
arch-scr
arch-doc
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

550F799975649A8A76C34C8AE2D14695

SHA1:

4925C793282EB3D1E6A92AD66DAF847C4920EC53

SHA256:

3538ACD6322FDDB4C26FE3F1539A87E42932FF1289918E0717D94BBA42A86180

SSDEEP:

98304:/vvB73CYSFtpMTc3g5E9vgVphIMhoaq+CJ7Re/3+8QaPm1hjlZ6Ab65Lug/9kioQ:ygPv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Roblox-Player-wind10.exe (PID: 6556)

    • Executable content was dropped or overwritten

      • Roblox-Player-wind10.exe (PID: 6556)
      • setup.exe (PID: 6304)
      • RobloxPlayerLauncher.exe (PID: 6676)

    • Application launched itself

      • setup.exe (PID: 6304)
      • RobloxPlayerLauncher.exe (PID: 6676)

  • INFO

    • Creates files in the program directory

      • Roblox-Player-wind10.exe (PID: 6556)

    • Reads the computer name

      • Roblox-Player-wind10.exe (PID: 6556)

    • Process checks computer location settings

      • Roblox-Player-wind10.exe (PID: 6556)

    • Checks supported languages

      • Roblox-Player-wind10.exe (PID: 6556)

    • The process uses the downloaded file

      • Roblox-Player-wind10.exe (PID: 6556)
      • mshta.exe (PID: 4508)

    • Manual execution by a user

      • setup.exe (PID: 6304)
      • wscript.exe (PID: 5756)
      • wscript.exe (PID: 2236)
      • notepad.exe (PID: 4476)
      • OpenWith.exe (PID: 3944)
      • notepad.exe (PID: 1784)
      • OpenWith.exe (PID: 3028)
      • OpenWith.exe (PID: 6892)
      • OpenWith.exe (PID: 5232)
      • OpenWith.exe (PID: 6968)
      • OpenWith.exe (PID: 7132)
      • OpenWith.exe (PID: 4996)
      • OpenWith.exe (PID: 6488)
      • OpenWith.exe (PID: 6976)
      • OpenWith.exe (PID: 4340)
      • OpenWith.exe (PID: 6312)
      • OpenWith.exe (PID: 2076)
      • OpenWith.exe (PID: 2420)
      • OpenWith.exe (PID: 6172)
      • OpenWith.exe (PID: 5792)
      • OpenWith.exe (PID: 2056)
      • OpenWith.exe (PID: 7056)
      • OpenWith.exe (PID: 4348)
      • OpenWith.exe (PID: 7108)
      • OpenWith.exe (PID: 1552)
      • OpenWith.exe (PID: 1432)
      • OpenWith.exe (PID: 3676)
      • OpenWith.exe (PID: 6736)
      • OpenWith.exe (PID: 1712)
      • OpenWith.exe (PID: 6404)
      • OpenWith.exe (PID: 6452)
      • OpenWith.exe (PID: 3936)
      • OpenWith.exe (PID: 2312)
      • OpenWith.exe (PID: 944)
      • OpenWith.exe (PID: 6804)
      • OpenWith.exe (PID: 7000)
      • OpenWith.exe (PID: 3844)
      • OpenWith.exe (PID: 6632)
      • OpenWith.exe (PID: 5580)
      • OpenWith.exe (PID: 6252)
      • OpenWith.exe (PID: 7048)
      • OpenWith.exe (PID: 7020)
      • notepad.exe (PID: 3020)
      • RobloxCrashHandler.exe (PID: 1764)
      • OpenWith.exe (PID: 916)
      • OpenWith.exe (PID: 6184)
      • OpenWith.exe (PID: 6904)
      • OpenWith.exe (PID: 1084)
      • OpenWith.exe (PID: 6568)

    • Checks proxy server information

      • mshta.exe (PID: 4508)

    • Reads Internet Explorer settings

      • mshta.exe (PID: 4508)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:08:16 11:05:43+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 48640
InitializedDataSize: 151552
UninitializedDataSize: -
EntryPoint: 0x912e
OSVersion: 5
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
179
Monitored processes
55
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start roblox-player-wind10.exe mshta.exe no specs setup.exe setup.exe robloxplayerlauncher.exe robloxplayerlauncher.exe wscript.exe no specs wscript.exe no specs notepad.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs notepad.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs robloxcrashhandler.exe no specs notepad.exe no specs roblox-player-wind10.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
916"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\Ubuntu.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
944"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\RobotoMono.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1084"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\en-au.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1432"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\PressStart2P.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1552"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\ComicNeueAngular.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1712"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\LuckiestGuy.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1764"C:\Users\admin\Desktop\RobloxCrashHandler.exe" C:\Users\admin\Desktop\RobloxCrashHandler.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\desktop\robloxcrashhandler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
1784"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\gamecontrollerdb.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
2056"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\Jura.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2076"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\en-gb.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
37 370
Read events
37 345
Write events
25
Delete events
0

Modification events

(PID) Process:(6556) Roblox-Player-wind10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\OpenWithProgids
Operation:writeName:htafile
Value:
(PID) Process:(4508) mshta.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4508) mshta.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4508) mshta.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6304) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6304) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6304) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6396) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6396) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6396) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
6
Suspicious files
35
Text files
20
Unknown types
0

Dropped files

PID
Process
Filename
Type
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\last-page.htmlhtml
MD5:71B8E1282CA2BDD70B087A1835B9B415
SHA256:C5B6DA5B7E8250C46F498ABF6E06FA4B5636ED9F734E954C4034B43CDB3BBB66
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\img\log-game.pngimage
MD5:0FD141306E06EF59CABCE6F76D4F3D7E
SHA256:F19B0E9FEFD718789D8316566AED028B13F43955071F2A4C422EA5C09FBDBEFA
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\vid-20.txttext
MD5:9E1CE422A533691E512D55121DBD4692
SHA256:6510081AF4BA460DE168BE83CC02376B53020A7BCBCCA82C162F466F72FC59F6
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\ya-page.htmlhtml
MD5:15284909B239E5BFF28666AC381AF2C8
SHA256:A170160F074F0301AF61FF47CA236B2EE1DFED297B80B5BCA53B068880538069
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\gam-page.htmlhtml
MD5:F728D7821AB66854631BFF767D88892C
SHA256:A850B4478EDD7AA3818E7200C27CD911F6B90B2E127E3F16CF16F0B057C12031
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\img\master-logo.pngimage
MD5:E7AFB5430B81607FB19FA26A999F0EEB
SHA256:CBA188DEF181F039DC7628177161C2179FE2D2C4E4FB6C50815B8E60ECA7D1FA
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\start.htahtml
MD5:7AA13782CE5FD98EC9C2A77A57184D75
SHA256:DE82C5B512BFC654FF1AC5256C99918DA8E7DFDAAC91E61FC23807C28662E928
6304setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\PCClientBootstrapper[1].jsonbinary
MD5:E2095703461F208594B4ED658801BB84
SHA256:CBCBB20B63BDF7B681842DFD9DDB2BFC05B0066B1495EF9BA57DF029530B196A
6304setup.exeC:\Users\admin\AppData\Local\Temp\crashpad_roblox\settings.datbinary
MD5:AEFC856E0ADE91F8F6EE5658A77A7A28
SHA256:0B616FA85C3A3A3F87E1C6CA1153EF252641EBF35D2DE14C5853D1994EFFA862
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\XvuL3tx.exeexecutable
MD5:E314B40A188DE73B6A16A8197F80EE68
SHA256:D6E2656521CA76AD47AD2C503C9F71B3D00820E8B05275D048F7DEA0C9C30BEB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
38
DNS requests
27
Threats
46

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4292
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
307
128.116.44.4:443
https://www.roblox.com/install/GetInstallerCdns.ashx
unknown
unknown
5488
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
304
54.230.228.128:443
https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper
unknown
unknown
GET
307
128.116.44.4:443
https://www.roblox.com/install/GetInstallerCdns.ashx
unknown
unknown
6944
svchost.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4292
RUXIMICS.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
404
128.116.44.4:443
https://www.roblox.com/request-error?code=404
unknown
html
69.7 Kb
whitelisted
GET
200
23.48.23.144:443
https://setup.rbxcdn.com/version-eadc3c90bb1a4267-rbxPkgManifest.txt
unknown
text
1.51 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4292
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
104.126.37.139:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5488
MoUsoCoreWorker.exe
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4292
RUXIMICS.exe
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 40.127.240.158
whitelisted
www.bing.com
  • 104.126.37.139
  • 104.126.37.145
  • 104.126.37.136
  • 104.126.37.129
  • 104.126.37.144
  • 104.126.37.160
  • 104.126.37.154
  • 104.126.37.155
  • 104.126.37.137
whitelisted
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 23.48.23.166
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
clientsettingscdn.roblox.com
  • 52.222.236.113
  • 52.222.236.6
  • 52.222.236.86
  • 52.222.236.43
  • 18.239.18.85
  • 18.239.18.114
  • 18.239.18.53
  • 18.239.18.127
whitelisted
ephemeralcounters.api.roblox.com
  • 128.116.44.4
whitelisted
setup.rbxcdn.qq.com
  • 0.0.0.1
whitelisted
clientsettingscdn.roblox.qq.com
  • 0.0.0.1
whitelisted
setup.rbxcdn.com
  • 2.16.241.7
  • 2.16.241.19
  • 23.48.23.144
  • 23.48.23.153
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Inline HTTP
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Inline HTTP
42 ETPRO signatures available at the full report
Process
Message
RobloxPlayerLauncher.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Roblox-Player-wind10.exe