Malware analysis BEST Roblox Executor Valex Free Windows Executor.exe Malicious activity

Add for printing

File name:	BEST Roblox Executor Valex Free Windows Executor.exe
Full analysis:	https://app.any.run/tasks/5dfb7191-c08f-407e-ab2c-d60a408caeed
Verdict:	Malicious activity
Threats:	Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security. Malware Trends Tracker >>>
Analysis date:	July 01, 2025, 20:38:27
OS:	Windows 10 Professional (build: 19044, 64 bit)
Tags:	adware
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, 11 sections
MD5:	50EC60EA4299BDC5AAE34A497053B958
SHA1:	791E1A819BF486C5B2C573CB800D5E5F1E20C008
SHA256:	E600510701408B686AE84C9150B5B53A307CD71BAF23CD3BC5D804DDA9D84AA4
SSDEEP:	98304:g6GavikUf6zxiAphww11+LGWTc64hp4MT5WeR6EnwZJy+FBlfnSRB6U8LaNLA9:coLduT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:: off
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (133.0.6943.127)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (133.0.3065.92)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (136.0)
Mozilla Maintenance Service (136.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Executable content was dropped or overwritten
  - BEST Roblox Executor Valex Free Windows Executor.exe (PID: 3652)
  - BEST Roblox Executor Valex Free Windows Executor.exe (PID: 4808)
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)
- Reads security settings of Internet Explorer
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 1356)
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)
- Reads the Windows owner or organization settings
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)
INFO
- Reads the computer name
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 1356)
  - BEST Roblox Executor Valex Free Windows Executor.exe (PID: 4808)
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)
- Checks supported languages
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 1356)
  - BEST Roblox Executor Valex Free Windows Executor.exe (PID: 3652)
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)
  - BEST Roblox Executor Valex Free Windows Executor.exe (PID: 4808)
- Create files in a temporary directory
  - BEST Roblox Executor Valex Free Windows Executor.exe (PID: 3652)
  - BEST Roblox Executor Valex Free Windows Executor.exe (PID: 4808)
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)
- Process checks computer location settings
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 1356)
- Reads the software policy settings
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)
- Creates files in the program directory
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)
- Creates a software uninstall entry
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)
- Creates files or folders in the user directory
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)
- Reads the machine GUID from the registry
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)
- Checks proxy server information
  - BEST Roblox Executor Valex Free Windows Executor.tmp (PID: 304)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Inno Setup installer (53.5)
.exe	\|	InstallShield setup (21)
.exe	\|	Win32 EXE PECompact compressed (generic) (20.2)
.exe	\|	Win32 Executable (generic) (2.1)
.exe	\|	Win16/32 Executable Delphi generic (1)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2025:02:12 05:53:16+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	2.25
CodeSize:	684032
InitializedDataSize:	159744
UninitializedDataSize:	-
EntryPoint:	0xa7f98
OSVersion:	6.1
ImageVersion:	-
SubsystemVersion:	6.1
Subsystem:	Windows GUI
FileVersionNumber:	1.0.0.0
ProductVersionNumber:	1.0.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	This installation was built with Inno Setup.
CompanyName:
FileDescription:	BEST Roblox Executor Valex Free Windows Executor.exe Setup
FileVersion:	1.0.0.0
LegalCopyright:	BEST Roblox Executor Valex Free Windows Executor.exe
OriginalFileName:
ProductName:	BEST Roblox Executor Valex Free Windows Executor.exe
ProductVersion:	1.0.0.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

142

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

304

"C:\Users\admin\AppData\Local\Temp\is-LQICI.tmp\BEST Roblox Executor Valex Free Windows Executor.tmp" /SL5="$6025A,934334,844800,C:\Users\admin\AppData\Local\Temp\BEST Roblox Executor Valex Free Windows Executor.exe" /SPAWNWND=$70272 /NOTIFYWND=$602BE

C:\Users\admin\AppData\Local\Temp\is-LQICI.tmp\BEST Roblox Executor Valex Free Windows Executor.tmp

BEST Roblox Executor Valex Free Windows Executor.exe

User:

admin

Company:

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-lqici.tmp\best roblox executor valex free windows executor.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll

1356

"C:\Users\admin\AppData\Local\Temp\is-B7637.tmp\BEST Roblox Executor Valex Free Windows Executor.tmp" /SL5="$602BE,934334,844800,C:\Users\admin\AppData\Local\Temp\BEST Roblox Executor Valex Free Windows Executor.exe"

C:\Users\admin\AppData\Local\Temp\is-B7637.tmp\BEST Roblox Executor Valex Free Windows Executor.tmp

—

BEST Roblox Executor Valex Free Windows Executor.exe

User:

admin

Company:

Integrity Level:

MEDIUM

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-b7637.tmp\best roblox executor valex free windows executor.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll

3652

"C:\Users\admin\AppData\Local\Temp\BEST Roblox Executor Valex Free Windows Executor.exe"

C:\Users\admin\AppData\Local\Temp\BEST Roblox Executor Valex Free Windows Executor.exe

explorer.exe

User:

admin

Company:

Integrity Level:

MEDIUM

Description:

BEST Roblox Executor Valex Free Windows Executor.exe Setup

Exit code:

Version:

1.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\best roblox executor valex free windows executor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll

4804

C:\WINDOWS\System32\slui.exe -Embedding

C:\Windows\System32\slui.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Activation Client

Version:

10.0.19041.1 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll

4808

"C:\Users\admin\AppData\Local\Temp\BEST Roblox Executor Valex Free Windows Executor.exe" /SPAWNWND=$70272 /NOTIFYWND=$602BE

C:\Users\admin\AppData\Local\Temp\BEST Roblox Executor Valex Free Windows Executor.exe

BEST Roblox Executor Valex Free Windows Executor.tmp

User:

admin

Company:

Integrity Level:

HIGH

Description:

BEST Roblox Executor Valex Free Windows Executor.exe Setup

Exit code:

Version:

1.0.0.0

Modules

Images
c:\users\admin\appdata\local\temp\best roblox executor valex free windows executor.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll

Add for printing

Total events

1 125

Read events

1 107

Write events

Delete events

Modification events


(PID) Process:	(304) BEST Roblox Executor Valex Free Windows Executor.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BEST Roblox Executor Valex Free Windows Executor.exe_is1
Operation:	write	Name:	Inno Setup: Setup Version
Value: 6.4.1
(PID) Process:	(304) BEST Roblox Executor Valex Free Windows Executor.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BEST Roblox Executor Valex Free Windows Executor.exe_is1
Operation:	write	Name:	Inno Setup: App Path
Value: C:\Program Files (x86)\Setup
(PID) Process:	(304) BEST Roblox Executor Valex Free Windows Executor.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BEST Roblox Executor Valex Free Windows Executor.exe_is1
Operation:	write	Name:	InstallLocation
Value: C:\Program Files (x86)\Setup\
(PID) Process:	(304) BEST Roblox Executor Valex Free Windows Executor.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BEST Roblox Executor Valex Free Windows Executor.exe_is1
Operation:	write	Name:	Inno Setup: Icon Group
Value: (Default)
(PID) Process:	(304) BEST Roblox Executor Valex Free Windows Executor.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BEST Roblox Executor Valex Free Windows Executor.exe_is1
Operation:	write	Name:	Inno Setup: User
Value: admin
(PID) Process:	(304) BEST Roblox Executor Valex Free Windows Executor.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BEST Roblox Executor Valex Free Windows Executor.exe_is1
Operation:	write	Name:	Inno Setup: Language
Value: default
(PID) Process:	(304) BEST Roblox Executor Valex Free Windows Executor.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BEST Roblox Executor Valex Free Windows Executor.exe_is1
Operation:	write	Name:	DisplayName
Value: BEST Roblox Executor Valex Free Windows Executor.exe version 1.0.0.0
(PID) Process:	(304) BEST Roblox Executor Valex Free Windows Executor.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BEST Roblox Executor Valex Free Windows Executor.exe_is1
Operation:	write	Name:	UninstallString
Value: "C:\Program Files (x86)\Setup\unins000.exe"
(PID) Process:	(304) BEST Roblox Executor Valex Free Windows Executor.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BEST Roblox Executor Valex Free Windows Executor.exe_is1
Operation:	write	Name:	QuietUninstallString
Value: "C:\Program Files (x86)\Setup\unins000.exe" /SILENT
(PID) Process:	(304) BEST Roblox Executor Valex Free Windows Executor.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BEST Roblox Executor Valex Free Windows Executor.exe_is1
Operation:	write	Name:	DisplayVersion
Value: 1.0.0.0

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
304	BEST Roblox Executor Valex Free Windows Executor.tmp	C:\Users\admin\AppData\Local\Temp\is-CJGDN.tmp\_isetup\_setup64.tmp		executable
		MD5:E4211D6D009757C078A9FAC7FF4F03D4	SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
304	BEST Roblox Executor Valex Free Windows Executor.tmp	C:\Users\admin\AppData\Local\Temp\is-CJGDN.tmp\idp.dll		executable
		MD5:55C310C0319260D798757557AB3BF636	SHA256:54E7E0AD32A22B775131A6288F083ED3286A9A436941377FC20F85DD9AD983ED
4808	BEST Roblox Executor Valex Free Windows Executor.exe	C:\Users\admin\AppData\Local\Temp\is-LQICI.tmp\BEST Roblox Executor Valex Free Windows Executor.tmp		executable
		MD5:F728B601429ED664DC52196592F83077	SHA256:85220BAB690630D30DB557EAF473276C4B7EF27C1F0DE0FE07052BF9FC6E9749
3652	BEST Roblox Executor Valex Free Windows Executor.exe	C:\Users\admin\AppData\Local\Temp\is-B7637.tmp\BEST Roblox Executor Valex Free Windows Executor.tmp		executable
		MD5:F728B601429ED664DC52196592F83077	SHA256:85220BAB690630D30DB557EAF473276C4B7EF27C1F0DE0FE07052BF9FC6E9749
304	BEST Roblox Executor Valex Free Windows Executor.tmp	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12		der
		MD5:4A90329071AE30B759D279CCA342B0A6	SHA256:4F544379EDA8E2653F71472AB968AEFD6B5D1F4B3CE28A5EDB14196184ED3B60
304	BEST Roblox Executor Valex Free Windows Executor.tmp	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8		binary
		MD5:C7F044C304A3DD0980F80B1D6C3A2BF0	SHA256:14C152DCB2D0138150D329C60056F9E2F554A00DA32A47B6CD302F6C42E40728
304	BEST Roblox Executor Valex Free Windows Executor.tmp	C:\Program Files (x86)\Setup\unins000.exe		executable
		MD5:8051839847E6C044C6790543BB3B903B	SHA256:D55989F3954C46C8F890CB7685664A17405E96A5639113D4ECB5120C652D58A2
304	BEST Roblox Executor Valex Free Windows Executor.tmp	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8		der
		MD5:1FBB37F79B317A9A248E7C4CE4F5BAC5	SHA256:9BF639C595FE335B6F694EE35990BEFD2123F5E07FD1973FF619E3FC88F5F49F
304	BEST Roblox Executor Valex Free Windows Executor.tmp	C:\Program Files (x86)\Setup\is-JD3B9.tmp		executable
		MD5:8051839847E6C044C6790543BB3B903B	SHA256:D55989F3954C46C8F890CB7685664A17405E96A5639113D4ECB5120C652D58A2
304	BEST Roblox Executor Valex Free Windows Executor.tmp	C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12		binary
		MD5:275DF1789FAED8CE14E8BAFBFB610013	SHA256:00990504E9C643CE5D6848EF5827287273E63A633881EB963D78A8A8B56ABF13

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
304	BEST Roblox Executor Valex Free Windows Executor.tmp	GET	200	216.58.212.131:80	http://c.pki.goog/r/gsr1.crl	unknown	—	—	whitelisted
304	BEST Roblox Executor Valex Free Windows Executor.tmp	GET	200	216.58.212.131:80	http://c.pki.goog/r/r4.crl	unknown	—	—	whitelisted
1268	svchost.exe	GET	200	104.123.41.162:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
6892	SIHClient.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
1268	svchost.exe	GET	200	2.18.121.147:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
1200	svchost.exe	GET	200	2.17.190.73:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
6892	SIHClient.exe	GET	200	95.101.149.131:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
5944	MoUsoCoreWorker.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1268	svchost.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
3572	RUXIMICS.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
304	BEST Roblox Executor Valex Free Windows Executor.tmp	104.21.112.1:443	flybreath.xyz	CLOUDFLARENET	—	unknown
304	BEST Roblox Executor Valex Free Windows Executor.tmp	216.58.212.131:80	c.pki.goog	GOOGLE	US	whitelisted
1268	svchost.exe	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
1268	svchost.exe	2.18.121.147:80	crl.microsoft.com	AKAMAI-AS	FR	whitelisted
1268	svchost.exe	104.123.41.162:80	www.microsoft.com	AKAMAI-AS	NL	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	40.127.240.158 51.124.78.146 51.104.136.2	whitelisted
google.com	142.250.186.110	whitelisted
flybreath.xyz	104.21.112.1 104.21.96.1 104.21.64.1 104.21.32.1 104.21.16.1 104.21.80.1 104.21.48.1	unknown
c.pki.goog	216.58.212.131	whitelisted
crl.microsoft.com	2.18.121.147 2.18.121.139	whitelisted
www.microsoft.com	104.123.41.162 95.101.149.131	whitelisted
login.live.com	20.190.160.2 20.190.160.66 40.126.32.134 20.190.160.67 20.190.160.22 20.190.160.4 20.190.160.128 20.190.160.20	whitelisted
ocsp.digicert.com	2.17.190.73	whitelisted
nexusrules.officeapps.live.com	52.111.227.13	whitelisted
slscr.update.microsoft.com	4.245.163.56	whitelisted

Threats

PID	Process	Class	Message
—	—	Possibly Unwanted Program Detected	ADWARE [ANY.RUN] Inno Download Plugin UA
—	—	Possibly Unwanted Program Detected	ADWARE [ANY.RUN] Inno Download Plugin UA
—	—	Unknown Traffic	ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)

Add for printing

No debug info

General Info

BEST Roblox Executor Valex Free Windows Executor.exe

50EC60EA4299BDC5AAE34A497053B958

791E1A819BF486C5B2C573CB800D5E5F1E20C008

E600510701408B686AE84C9150B5B53A307CD71BAF23CD3BC5D804DDA9D84AA4

98304:g6GavikUf6zxiAphww11+LGWTc64hp4MT5WeR6EnwZJy+FBlfnSRB6U8LaNLA9:coLduT

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Executable content was dropped or overwritten

Reads security settings of Internet Explorer

Reads the Windows owner or organization settings

INFO

Reads the computer name

Checks supported languages

Create files in a temporary directory

Process checks computer location settings

Reads the software policy settings

Creates files in the program directory

Creates a software uninstall entry

Creates files or folders in the user directory

Reads the machine GUID from the registry

Checks proxy server information

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings