File name:

RobloxPlayerLauncher1.exe

Full analysis: https://app.any.run/tasks/48ad4cfd-7de5-431e-91cc-868079383805
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: November 20, 2024, 04:22:12
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
arch-scr
arch-doc
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

88E64EC3895DB7E1DADEB7E28A149642

SHA1:

B566A1A6B0EE3B43488143C8EC3C69F4CA15D05C

SHA256:

6408DBD08796F501BAF4A67F98C859A6A581A41B1909A987B15E60D06F27FE26

SSDEEP:

49152:GrihbF2YzW7juDDUrEC19YTl10auIyhhTxHMOPMQ3d2y7TMb64:84bF2P7jukrEWo1fbB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • RobloxPlayerLauncher1.exe (PID: 236)
      • RobloxPlayerLauncher1.exe (PID: 444)

    • Application launched itself

      • RobloxPlayerLauncher1.exe (PID: 236)
      • RobloxPlayerLauncher.exe (PID: 4724)

    • Checks Windows Trust Settings

      • RobloxPlayerLauncher1.exe (PID: 236)
      • RobloxPlayerLauncher1.exe (PID: 444)

    • Executable content was dropped or overwritten

      • RobloxPlayerLauncher1.exe (PID: 236)
      • RobloxPlayerLauncher.exe (PID: 4724)

  • INFO

    • Reads the computer name

      • RobloxPlayerLauncher1.exe (PID: 236)
      • RobloxPlayerLauncher1.exe (PID: 444)

    • Reads the machine GUID from the registry

      • RobloxPlayerLauncher1.exe (PID: 236)
      • RobloxPlayerLauncher1.exe (PID: 444)

    • Checks supported languages

      • RobloxPlayerLauncher1.exe (PID: 236)
      • RobloxPlayerLauncher1.exe (PID: 444)

    • Checks proxy server information

      • RobloxPlayerLauncher1.exe (PID: 236)
      • RobloxPlayerLauncher1.exe (PID: 444)

    • Reads the software policy settings

      • RobloxPlayerLauncher1.exe (PID: 236)
      • RobloxPlayerLauncher1.exe (PID: 444)

    • Creates files or folders in the user directory

      • RobloxPlayerLauncher1.exe (PID: 236)

    • Create files in a temporary directory

      • RobloxPlayerLauncher1.exe (PID: 236)
      • RobloxPlayerLauncher1.exe (PID: 444)

    • Manual execution by a user

      • notepad.exe (PID: 5880)
      • OpenWith.exe (PID: 5656)
      • wscript.exe (PID: 5780)
      • OpenWith.exe (PID: 5776)
      • OpenWith.exe (PID: 4576)
      • OpenWith.exe (PID: 5648)
      • OpenWith.exe (PID: 5576)
      • wscript.exe (PID: 2548)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2034:08:07 23:39:33+00:00
ImageFileCharacteristics: Executable, Large address aware, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 1383424
InitializedDataSize: 728576
UninitializedDataSize: -
EntryPoint: 0x115042
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.6.1.45850
ProductVersionNumber: 1.6.1.45850
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Roblox Corporation
FileDescription: Roblox
FileVersion: 1, 6, 1, 5550874
LegalCopyright: Copyright © 2020 Roblox Corporation. All rights reserved.
OriginalFileName: Roblox.exe
ProductName: Roblox Bootstrapper
ProductVersion: 1, 6, 1, 5550874
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
126
Monitored processes
12
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start robloxplayerlauncher1.exe robloxplayerlauncher1.exe robloxplayerlauncher.exe robloxplayerlauncher.exe wscript.exe no specs wscript.exe no specs notepad.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs openwith.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236"C:\Users\admin\Desktop\RobloxPlayerLauncher1.exe" C:\Users\admin\Desktop\RobloxPlayerLauncher1.exe
explorer.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox
Exit code:
0
Version:
1, 6, 1, 5550874
Modules
Images
c:\users\admin\desktop\robloxplayerlauncher1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
444C:\Users\admin\Desktop\RobloxPlayerLauncher1.exe --crashpad --no-rate-limit --database=C:\Users\admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\admin\AppData\Local\Temp\crashpad_roblox --url=https://upload.crashes.rbxinfra.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=142432bbee131ec1e680ff4280b83f65c7d4b91b --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x8d8,0x8dc,0x8e0,0x844,0x8e8,0x690af4,0x690b04,0x690b14C:\Users\admin\Desktop\RobloxPlayerLauncher1.exe
RobloxPlayerLauncher1.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox
Exit code:
0
Version:
1, 6, 1, 5550874
Modules
Images
c:\users\admin\desktop\robloxplayerlauncher1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2548"C:\Windows\System32\WScript.exe" C:\Users\admin\Desktop\rofiler.tools.jsC:\Windows\System32\wscript.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Version:
5.812.10240.16384
Modules
Images
c:\windows\system32\wscript.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3692C:\Users\admin\AppData\Local\Temp\RBX-45B07598\RobloxPlayerLauncher.exe --crashpad --no-rate-limit --database=C:\Users\admin\AppData\Local\Temp\crashpad_roblox --metrics-dir=C:\Users\admin\AppData\Local\Temp\crashpad_roblox --url=https://uploads.backtrace.rbx.com/post --annotation=RobloxChannel=production --annotation=RobloxGitHash=6b51e19a99b2797bc9e3f5cdb1efd11e326437d5 --annotation=UploadAttachmentKiloByteLimit=100 --annotation=UploadPercentage=100 --annotation=format=minidump --annotation=token=a2440b0bfdada85f34d79b43839f2b49ea6bba474bd7d126e844bc119271a1c3 --initial-client-data=0x8b4,0x8b8,0x8bc,0x834,0x8c4,0x115500c,0x115501c,0x115502cC:\Users\admin\AppData\Local\Temp\RBX-45B07598\RobloxPlayerLauncher.exe
RobloxPlayerLauncher.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox
Version:
1, 6, 0, 6510833
Modules
Images
c:\users\admin\appdata\local\temp\rbx-45b07598\robloxplayerlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4576"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\zh-cjv.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
4724"C:\Users\admin\AppData\Local\Temp\RBX-45B07598\RobloxPlayerLauncher.exe" C:\Users\admin\AppData\Local\Temp\RBX-45B07598\RobloxPlayerLauncher.exe
RobloxPlayerLauncher1.exe
User:
admin
Company:
Roblox Corporation
Integrity Level:
MEDIUM
Description:
Roblox
Version:
1, 6, 0, 6510833
Modules
Images
c:\users\admin\appdata\local\temp\rbx-45b07598\robloxplayerlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5576"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\es-mx.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5648"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\pt-br.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5656"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\DiscoveryOtaPatchConfig.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
5776"C:\WINDOWS\System32\OpenWith.exe" C:\Users\admin\Desktop\fr-ca.jsonC:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147943623
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
Total events
17 652
Read events
17 631
Write events
19
Delete events
2

Modification events

(PID) Process:(236) RobloxPlayerLauncher1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(236) RobloxPlayerLauncher1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(236) RobloxPlayerLauncher1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(444) RobloxPlayerLauncher1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(444) RobloxPlayerLauncher1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(444) RobloxPlayerLauncher1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(236) RobloxPlayerLauncher1.exeKey:HKEY_CURRENT_USER\SOFTWARE\ROBLOX Corporation\Roblox
Operation:writeName:CPath
Value:
C:\Users\admin\AppData\LocalLow\rbxcsettings.rbx
(PID) Process:(236) RobloxPlayerLauncher1.exeKey:HKEY_CURRENT_USER\SOFTWARE\ROBLOX Corporation\Environments\roblox-player
Operation:delete valueName:curStudioVer
Value:
(PID) Process:(236) RobloxPlayerLauncher1.exeKey:HKEY_CURRENT_USER\SOFTWARE\ROBLOX Corporation\Environments\roblox-player
Operation:delete valueName:curStudioUrl
Value:
(PID) Process:(4724) RobloxPlayerLauncher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
5
Suspicious files
31
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
444RobloxPlayerLauncher1.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\BatchIncrement[1].jsonbinary
MD5:BEDBF7D7D69748886E9B48F45C75FBBE
SHA256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
236RobloxPlayerLauncher1.exeC:\Users\admin\AppData\Local\Temp\crashpad_roblox\settings.datbinary
MD5:4C50C352110AE1434588D062DD167C20
SHA256:C5DCF09727401A0114B1453269399086718B82BD18F8D3BAB5A16CCBE2AFD9DD
236RobloxPlayerLauncher1.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\WindowsPlayer[1].jsonbinary
MD5:D1F83577D0B8D252737FDFC0FCAA15BE
SHA256:0923174D4598617CFDF4FDAE6CF0AAF2650C9B67997FCD1FA971714E46ADDEE1
236RobloxPlayerLauncher1.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\version-32f36ac944b34913-rbxPkgManifest[1].txttext
MD5:58CAA7A41D957191181882E958A8CF5D
SHA256:68AD24D2545FC4C3FE5E5B11C6654958345A65A3206CE869C357DBAA97477B17
236RobloxPlayerLauncher1.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\BatchIncrement[1].jsonbinary
MD5:BEDBF7D7D69748886E9B48F45C75FBBE
SHA256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
236RobloxPlayerLauncher1.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\BatchIncrement[1].jsonbinary
MD5:BEDBF7D7D69748886E9B48F45C75FBBE
SHA256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
444RobloxPlayerLauncher1.exeC:\Users\admin\AppData\Local\Temp\RBX-5258DFF0.logtext
MD5:779C61CDFC5346146C560E99856C6A5C
SHA256:13B56DDA04703784023A1615E74D6291F4D891BD04257A61451F03AF3986665E
236RobloxPlayerLauncher1.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\RobloxPlayerLauncher[1].exeexecutable
MD5:C261FA92769BC5AB6443AADE831BDC18
SHA256:C6F1C59442953FB894B7414E2BC7C494D379DF20A81BEF8A974AFEC150E0CAB5
236RobloxPlayerLauncher1.exeC:\Users\admin\AppData\Local\Temp\RBX-45B07598\RobloxPlayerLauncher.exeexecutable
MD5:C261FA92769BC5AB6443AADE831BDC18
SHA256:C6F1C59442953FB894B7414E2BC7C494D379DF20A81BEF8A974AFEC150E0CAB5
3692RobloxPlayerLauncher.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\AH8CR9J5\BatchIncrement[1].jsonbinary
MD5:BEDBF7D7D69748886E9B48F45C75FBBE
SHA256:B4A55CFD050F4A62B1C4831CA0AB6FFADDE1FE1C3F583917EADE12F8C6726F61
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
33
DNS requests
32
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4932
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4932
svchost.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
307
128.116.21.3:443
https://www.roblox.com/install/GetInstallerCdns.ashx
unknown
unknown
4712
MoUsoCoreWorker.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
23.216.77.17:443
https://setup.rbxcdn.com/version-32f36ac944b34913-RobloxPlayerLauncher.exe
unknown
unknown
5660
RUXIMICS.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5660
RUXIMICS.exe
GET
200
2.16.164.9:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
304
52.222.236.113:443
https://clientsettingscdn.roblox.com/v2/settings/application/PCClientBootstrapper
unknown
unknown
GET
13.32.121.54:443
https://s3.amazonaws.com/setup.roblox.com/version-32f36ac944b34913-RobloxApp.zip
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5660
RUXIMICS.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4712
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4932
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
236
RobloxPlayerLauncher1.exe
52.222.236.113:443
clientsettingscdn.roblox.com
AMAZON-02
US
whitelisted
4932
svchost.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
236
RobloxPlayerLauncher1.exe
128.116.44.4:443
ephemeralcounters.api.roblox.com
ROBLOX-PRODUCTION
US
whitelisted
444
RobloxPlayerLauncher1.exe
128.116.44.4:443
ephemeralcounters.api.roblox.com
ROBLOX-PRODUCTION
US
whitelisted
5660
RUXIMICS.exe
2.16.164.9:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.142
whitelisted
clientsettingscdn.roblox.com
  • 52.222.236.113
  • 52.222.236.86
  • 52.222.236.6
  • 52.222.236.43
whitelisted
crl.microsoft.com
  • 2.16.164.9
  • 2.16.164.49
whitelisted
ephemeralcounters.api.roblox.com
  • 128.116.44.4
  • 128.116.123.3
whitelisted
setup.rbxcdn.qq.com
  • 0.0.0.1
whitelisted
clientsettingscdn.roblox.qq.com
  • 0.0.0.1
whitelisted
setup.rbxcdn.com
  • 2.16.164.82
  • 2.16.164.129
  • 13.224.189.83
  • 13.224.189.58
  • 13.224.189.57
  • 13.224.189.122
  • 13.32.27.4
  • 13.32.27.22
  • 13.32.27.39
  • 13.32.27.35
whitelisted
setup-ak.rbxcdn.com
  • 2.16.164.82
  • 2.16.164.129
whitelisted
setup-ll.rbxcdn.com
whitelisted
setup-cfly.rbxcdn.com
  • 205.234.175.102
whitelisted

Threats

No threats detected
Process
Message
RobloxPlayerLauncher.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RobloxPlayerLauncher1.exe