File name:

roblox.bat

Full analysis: https://app.any.run/tasks/5ca177c0-f102-470c-8934-d7b8245afc5d
Verdict: Malicious activity
Analysis date: March 20, 2026, 16:56:12
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: text/x-msdos-batch
File info: DOS batch file, ASCII text, with very long lines (435), with CRLF line terminators
MD5:

4276EDF924C19F74EE4720219BDE37B5

SHA1:

A6F34C923535CFD581D2AF4D62883DCCD63C155B

SHA256:

4FA7853879EBABECF914A1856BAE728DF1DC7A9069957010C4E389519E66E027

SSDEEP:

24:7hSKEmxB2vCkFrbrq2vZhp56LTHvOBBkOhF11cqkmOqaA8zA:YmxB2qUrbrq2BhyLTP8B51cqkmOqaG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Run PowerShell with an invisible window

      • powershell.exe (PID: 4304)

    • Changes powershell execution policy (Bypass)

      • powershell.exe (PID: 1904)
      • powershell.exe (PID: 4304)

  • SUSPICIOUS

    • Starts process via Powershell

      • powershell.exe (PID: 4304)

    • BASE64 encoded PowerShell command has been detected

      • cmd.exe (PID: 8008)

    • Base64-obfuscated command line is found

      • cmd.exe (PID: 8008)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 8008)

    • Application launched itself

      • powershell.exe (PID: 1904)
      • powershell.exe (PID: 4304)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 8008)
      • powershell.exe (PID: 1904)
      • powershell.exe (PID: 4304)

    • Possibly malicious use of IEX has been detected

      • powershell.exe (PID: 4304)
      • powershell.exe (PID: 2116)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 4304)
      • powershell.exe (PID: 2116)

    • Downloads file from URI via Powershell

      • powershell.exe (PID: 4304)
      • powershell.exe (PID: 2116)

    • Escape characters obfuscation (POWERSHELL)

      • powershell.exe (PID: 4304)
      • powershell.exe (PID: 2116)

    • Get information on the list of running processes

      • cmd.exe (PID: 8008)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 8008)

  • INFO

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 2116)

    • Disables trace logs

      • powershell.exe (PID: 2116)

    • Reads Internet Explorer settings

      • powershell.exe (PID: 2116)

    • Remote server returned an error (POWERSHELL)

      • powershell.exe (PID: 2116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
360
Monitored processes
227
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start cmd.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe conhost.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs slui.exe tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs tasklist.exe no specs find.exe no specs timeout.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
144timeout /t 2 C:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
488find /I "RobloxPlayerBeta.exe" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
664tasklist /FI "IMAGENAME eq RobloxPlayerBeta.exe" C:\Windows\System32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
680timeout /t 2 C:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
996find /I "RobloxPlayerBeta.exe" C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
1108timeout /t 2 C:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1152timeout /t 2 C:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1284timeout /t 2 C:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1284timeout /t 2 C:\Windows\System32\timeout.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
timeout - pauses command processing
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\timeout.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1312tasklist /FI "IMAGENAME eq RobloxPlayerBeta.exe" C:\Windows\System32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
23 764
Read events
23 763
Write events
1
Delete events
0

Modification events

(PID) Process:(7132) slui.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E
Operation:writeName:@%SystemRoot%\System32\sppcomapi.dll,-3200
Value:
Software Licensing
Executable files
0
Suspicious files
1
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
2116powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_slxcc4is.grp.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
4304powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_bf3alary.pfs.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
1904powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_xczhswha.ops.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
2116powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_vweyiwwh.bz4.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
4304powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_dwunbts3.gpl.ps1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
1904powershell.exeC:\Users\admin\AppData\Local\Temp\__PSScriptPolicyTest_wi3vgpck.mdz.psm1text
MD5:D17FE0A3F47BE24A6453E9EF58C94641
SHA256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
4304powershell.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractivebinary
MD5:E9343D777F065143C578DBD096B904D3
SHA256:7A49C62C76B5B4AF8CA32F3F02FE033EDEC9A0125B6175AD10C464AB88C89536
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
21
DNS requests
11
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
8044
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
8044
svchost.exe
GET
200
23.216.77.35:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
8044
svchost.exe
GET
200
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/WaaSAssessment?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&ring=Retail&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=10.0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=WaaSAssessment&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&ServicingBranch=CB&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&HonorWUfBDeferrals=1&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
text
5.74 Kb
whitelisted
2116
powershell.exe
GET
185.178.208.168:443
https://marsalek.cy/psc?uid=628%5E
RU
2116
powershell.exe
GET
502
185.178.208.168:443
https://marsalek.cy/psc?uid=628%5E
RU
html
137 b
unknown
3280
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
US
binary
814 b
whitelisted
3280
svchost.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.3.crl
US
binary
400 b
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
23.216.77.35:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
8044
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7824
slui.exe
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
92.123.104.15:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
23.216.77.35:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
8044
svchost.exe
23.216.77.35:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
8044
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
www.bing.com
  • 92.123.104.15
  • 92.123.104.64
  • 92.123.104.62
  • 92.123.104.10
  • 92.123.104.63
  • 92.123.104.66
  • 92.123.104.13
  • 92.123.104.65
  • 92.123.104.12
whitelisted
google.com
  • 142.251.36.110
whitelisted
crl.microsoft.com
  • 23.216.77.35
  • 23.216.77.5
  • 23.216.77.27
  • 23.216.77.42
  • 23.216.77.28
  • 23.216.77.31
  • 23.216.77.30
  • 23.216.77.38
  • 23.216.77.39
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 23.52.181.212
whitelisted
marsalek.cy
  • 185.178.208.168
unknown
self.events.data.microsoft.com
  • 20.42.73.31
whitelisted

Threats

PID
Process
Class
Message
5276
MoUsoCoreWorker.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
2116
powershell.exe
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
roblox.bat