File name:

Roblox-Player-wind10.exe

Full analysis: https://app.any.run/tasks/a7065a39-056c-4efb-953a-91ca439fbbc2
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: October 12, 2024, 19:02:23
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
loader
arch-scr
arch-doc
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

550F799975649A8A76C34C8AE2D14695

SHA1:

4925C793282EB3D1E6A92AD66DAF847C4920EC53

SHA256:

3538ACD6322FDDB4C26FE3F1539A87E42932FF1289918E0717D94BBA42A86180

SSDEEP:

98304:/vvB73CYSFtpMTc3g5E9vgVphIMhoaq+CJ7Re/3+8QaPm1hjlZ6Ab65Lug/9kioQ:ygPv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Roblox-Player-wind10.exe (PID: 6556)
      • setup.exe (PID: 6304)
      • RobloxPlayerLauncher.exe (PID: 6676)

    • Application launched itself

      • setup.exe (PID: 6304)
      • RobloxPlayerLauncher.exe (PID: 6676)

    • Reads security settings of Internet Explorer

      • Roblox-Player-wind10.exe (PID: 6556)

  • INFO

    • Creates files in the program directory

      • Roblox-Player-wind10.exe (PID: 6556)

    • Process checks computer location settings

      • Roblox-Player-wind10.exe (PID: 6556)

    • Reads Internet Explorer settings

      • mshta.exe (PID: 4508)

    • The process uses the downloaded file

      • mshta.exe (PID: 4508)
      • Roblox-Player-wind10.exe (PID: 6556)

    • Checks proxy server information

      • mshta.exe (PID: 4508)

    • Manual execution by a user

      • wscript.exe (PID: 2236)
      • setup.exe (PID: 6304)
      • wscript.exe (PID: 5756)
      • OpenWith.exe (PID: 6184)
      • notepad.exe (PID: 4476)
      • OpenWith.exe (PID: 6904)
      • OpenWith.exe (PID: 3028)
      • OpenWith.exe (PID: 6892)
      • OpenWith.exe (PID: 2420)
      • OpenWith.exe (PID: 5232)
      • OpenWith.exe (PID: 1084)
      • OpenWith.exe (PID: 4996)
      • OpenWith.exe (PID: 6488)
      • OpenWith.exe (PID: 6568)
      • OpenWith.exe (PID: 7132)
      • OpenWith.exe (PID: 6312)
      • OpenWith.exe (PID: 4340)
      • OpenWith.exe (PID: 6976)
      • OpenWith.exe (PID: 6172)
      • OpenWith.exe (PID: 5792)
      • OpenWith.exe (PID: 2056)
      • OpenWith.exe (PID: 6968)
      • OpenWith.exe (PID: 944)
      • notepad.exe (PID: 1784)
      • OpenWith.exe (PID: 7056)
      • OpenWith.exe (PID: 3676)
      • OpenWith.exe (PID: 3936)
      • OpenWith.exe (PID: 6736)
      • OpenWith.exe (PID: 1552)
      • OpenWith.exe (PID: 4348)
      • OpenWith.exe (PID: 7108)
      • OpenWith.exe (PID: 1712)
      • OpenWith.exe (PID: 1432)
      • OpenWith.exe (PID: 6404)
      • OpenWith.exe (PID: 6452)
      • OpenWith.exe (PID: 2312)
      • OpenWith.exe (PID: 7000)
      • OpenWith.exe (PID: 3844)
      • OpenWith.exe (PID: 916)
      • OpenWith.exe (PID: 7048)
      • OpenWith.exe (PID: 6804)
      • OpenWith.exe (PID: 6252)
      • OpenWith.exe (PID: 7020)
      • OpenWith.exe (PID: 5580)
      • RobloxCrashHandler.exe (PID: 1764)
      • notepad.exe (PID: 3020)
      • OpenWith.exe (PID: 3944)
      • OpenWith.exe (PID: 6632)
      • OpenWith.exe (PID: 2076)

    • Checks supported languages

      • Roblox-Player-wind10.exe (PID: 6556)

    • Reads the computer name

      • Roblox-Player-wind10.exe (PID: 6556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:08:16 11:05:43+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 48640
InitializedDataSize: 151552
UninitializedDataSize: -
EntryPoint: 0x912e
OSVersion: 5
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
179
Monitored processes
55
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start roblox-player-wind10.exe mshta.exe no specs setup.exe setup.exe robloxplayerlauncher.exe robloxplayerlauncher.exe wscript.exe no specs wscript.exe no specs notepad.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs notepad.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs robloxcrashhandler.exe no specs notepad.exe no specs roblox-player-wind10.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
916"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\Ubuntu.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
944"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\RobotoMono.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1084"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\en-au.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1432"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\PressStart2P.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1552"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\ComicNeueAngular.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1712"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\LuckiestGuy.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1764"C:\Users\admin\Desktop\RobloxCrashHandler.exe" C:\Users\admin\Desktop\RobloxCrashHandler.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\desktop\robloxcrashhandler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
1784"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\gamecontrollerdb.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
2056"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\Jura.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2076"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\en-gb.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
37 370
Read events
37 345
Write events
25
Delete events
0

Modification events

(PID) Process:(6556) Roblox-Player-wind10.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\OpenWithProgids
Operation:writeName:htafile
Value:
(PID) Process:(4508) mshta.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4508) mshta.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4508) mshta.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6304) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6304) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6304) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6396) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6396) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6396) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
6
Suspicious files
35
Text files
20
Unknown types
0

Dropped files

PID
Process
Filename
Type
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\icons.icoimage
MD5:CBC7A94ED81F1C9DF159C7BEDA19A581
SHA256:22E75E78881541EA51DAECB21E61CDD5D4650275CB66AC132577FBA5A65DC6F1
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\img\logo-offer.pngimage
MD5:072679C20456E6B83EA3707A7C4E7B6F
SHA256:8A0087C2D38FA04F54E2F8A39310EB6FBDC8849C61A55AE235D4B121052A2E6A
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\last-page.htmlhtml
MD5:71B8E1282CA2BDD70B087A1835B9B415
SHA256:C5B6DA5B7E8250C46F498ABF6E06FA4B5636ED9F734E954C4034B43CDB3BBB66
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\icon.icoimage
MD5:291131765F1C16FBC82F36AEAB6248A7
SHA256:173E65E2FAC794559A6E6CC0832C5CB6EE0405B02A8748EAFD86D6836811F673
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\img\roblox-skrin-3.jpgimage
MD5:72B92769716CD9A0AD0ACB3EFFA14653
SHA256:2B822B0FFC0C465ABF0A3F958D1C8D610447FABB31EC0D457F54ABC233BA1746
6304setup.exeC:\Users\admin\AppData\Local\Temp\crashpad_roblox\settings.datbinary
MD5:AEFC856E0ADE91F8F6EE5658A77A7A28
SHA256:0B616FA85C3A3A3F87E1C6CA1153EF252641EBF35D2DE14C5853D1994EFFA862
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\gam-page.htmlhtml
MD5:F728D7821AB66854631BFF767D88892C
SHA256:A850B4478EDD7AA3818E7200C27CD911F6B90B2E127E3F16CF16F0B057C12031
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\icon.pngimage
MD5:D26F29F9F1AD2C636C15091FF4B0A372
SHA256:4ECE660F4319AAC01EBEC9598ED1295FAC9B19EFCFBC4F9CD0437D7F83C77D1F
6556Roblox-Player-wind10.exeC:\Program Files (x86)\Roblox-Player-wind10\img\master-logo.pngimage
MD5:E7AFB5430B81607FB19FA26A999F0EEB
SHA256:CBA188DEF181F039DC7628177161C2179FE2D2C4E4FB6C50815B8E60ECA7D1FA
6304setup.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\BatchIncrement[1].jsonbinary
MD5:BEDBF7D7D69748886E9B48F45C75FBBE
SHA256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
38
DNS requests
27
Threats
46

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6944
svchost.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4292
RUXIMICS.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
307
128.116.44.4:443
https://www.roblox.com/install/GetInstallerCdns.ashx
unknown
GET
304
54.230.228.128:443
https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper
unknown
5488
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4292
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
307
128.116.44.4:443
https://www.roblox.com/install/GetInstallerCdns.ashx
unknown
GET
404
128.116.44.4:443
https://www.roblox.com/request-error?code=404
unknown
html
69.7 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6944
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4292
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
104.126.37.139:443
www.bing.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5488
MoUsoCoreWorker.exe
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4292
RUXIMICS.exe
23.48.23.166:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 40.127.240.158
whitelisted
www.bing.com
  • 104.126.37.139
  • 104.126.37.145
  • 104.126.37.136
  • 104.126.37.129
  • 104.126.37.144
  • 104.126.37.160
  • 104.126.37.154
  • 104.126.37.155
  • 104.126.37.137
whitelisted
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 23.48.23.166
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
clientsettingscdn.roblox.com
  • 52.222.236.113
  • 52.222.236.6
  • 52.222.236.86
  • 52.222.236.43
  • 18.239.18.85
  • 18.239.18.114
  • 18.239.18.53
  • 18.239.18.127
whitelisted
ephemeralcounters.api.roblox.com
  • 128.116.44.4
whitelisted
setup.rbxcdn.qq.com
  • 0.0.0.1
whitelisted
clientsettingscdn.roblox.qq.com
  • 0.0.0.1
whitelisted
setup.rbxcdn.com
  • 2.16.241.7
  • 2.16.241.19
  • 23.48.23.144
  • 23.48.23.153
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Inline HTTP
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Inline HTTP
42 ETPRO signatures available at the full report
Process
Message
RobloxPlayerLauncher.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Roblox-Player-wind10.exe