URL:

https://dropcheats.net/download/?game=Roblox

Full analysis: https://app.any.run/tasks/f5d3ab41-d8e1-4c06-a5b3-453529124774
Verdict: Malicious activity
Analysis date: June 21, 2025, 08:20:44
OS: Windows 11 Professional (build: 22000, 64 bit)
Tags:
autoit
autoit-loader
Indicators:
MD5:

3C53A1DC70D2D6145111358938E1664D

SHA1:

6F135DAFBBBAEC919329A861EE4CDAD6F4830FBB

SHA256:

2B0E21C428D097EB557BBD8CF994310550880AF24334F39B4421F5D9B3FA5C1B

SSDEEP:

3:N8PKVILao93c0:23uoVc0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • AutoIt loader has been detected (YARA)

      • Swedish.com (PID: 3608)

    • Executing a file with an untrusted certificate

      • DropCheats.exe (PID: 6232)

  • SUSPICIOUS

    • Get information on the list of running processes

      • cmd.exe (PID: 4424)

    • Starts the AutoIt3 executable file

      • cmd.exe (PID: 4424)

    • Starts CMD.EXE for commands execution

      • DropCheats.exe (PID: 6232)

    • Starts application with an unusual extension

      • cmd.exe (PID: 4424)

    • Executing commands from a ".bat" file

      • DropCheats.exe (PID: 6232)

    • There is functionality for taking screenshot (YARA)

      • DropCheats.exe (PID: 6232)
      • Swedish.com (PID: 3608)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 4424)

    • The executable file from the user directory is run by the CMD process

      • Swedish.com (PID: 3608)

    • Executes application which crashes

      • Swedish.com (PID: 3608)

    • Connects to unusual port

      • OpenWith.exe (PID: 7388)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6932)

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 6932)

  • INFO

    • The sample compiled with chinese language support

      • WinRAR.exe (PID: 6932)

    • Application launched itself

      • msedge.exe (PID: 6860)
      • msedge.exe (PID: 5052)
      • chrome.exe (PID: 2736)

    • Checks supported languages

      • identity_helper.exe (PID: 6224)

    • Reads the computer name

      • identity_helper.exe (PID: 6224)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 5052)

    • Reads Environment values

      • identity_helper.exe (PID: 6224)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6932)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 6932)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
207
Monitored processes
89
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs winrar.exe msedge.exe no specs chrome.exe no specs findstr.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs werfault.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs conhost.exe no specs chrome.exe msedge.exe no specs chrome.exe msedge.exe no specs msedge.exe msedge.exe no specs openwith.exe swedish.com tasklist.exe no specs cmd.exe no specs chrome.exe no specs chrome.exe no specs findstr.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs tasklist.exe no specs msedge.exe no specs msedge.exe no specs findstr.exe no specs dropcheats.exe no specs extrac32.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs openwith.exe chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs choice.exe no specs chrome.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
148"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=8052,i,4333281607968744494,11022926406272646925,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:14C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
520"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2496,i,4333281607968744494,11022926406272646925,262144 --variations-seed-version --mojo-platform-channel-handle=2508 /prefetch:13C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
620"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Local\Temp\chr48D.tmp /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Local\Temp\chr48D.tmp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.36 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffc96c44f38,0x7ffc96c44f44,0x7ffc96c44f50C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
134.0.6998.36
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\google\chrome\application\134.0.6998.36\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcp_win.dll
852findstr /V "Involvement" Queens C:\Windows\SysWOW64\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
10.0.22000.653 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64base.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64con.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
856"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=4352,i,1830905957775360539,7064325363661602486,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:9C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
868"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=7012,i,4333281607968744494,11022926406272646925,262144 --variations-seed-version --mojo-platform-channel-handle=7128 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
876"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,4333281607968744494,11022926406272646925,262144 --variations-seed-version --mojo-platform-channel-handle=3464 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
928"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=1904,i,550474012170085146,18436284846297859303,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1C:\Program Files (x86)\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
134.0.6998.36
Modules
Images
c:\program files (x86)\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
956"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6932,i,4333281607968744494,11022926406272646925,262144 --variations-seed-version --mojo-platform-channel-handle=7000 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1120"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3500,i,1830905957775360539,7064325363661602486,262144 --variations-seed-version --mojo-platform-channel-handle=3364 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
12 433
Read events
12 293
Write events
137
Delete events
3

Modification events

(PID) Process:(1984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(1984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(1984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:DisableFirstRunCustomize
Value:
1
Executable files
34
Suspicious files
470
Text files
108
Unknown types
0

Dropped files

PID
Process
Filename
Type
6932WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6932.40933\DropCheats\assets\lib\SystemAdministration
MD5:
SHA256:
6932WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6932.40933\DropCheats\assets\lib\rt.jar
MD5:
SHA256:
6932WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6932.40933\DropCheats\assets\lib\resources.jarjava
MD5:9A084B91667E7437574236CD27B7C688
SHA256:A1366A75454FC0F1CA5A14EA03B4927BB8584D6D5B402DFA453122AE16DBF22D
6932WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6932.40933\DropCheats\assets\alibabacloud.dllexecutable
MD5:2698F138E8C4D573BB0DAEDC47ACD123
SHA256:2EE24618C12271B7C9C18DF5F2BEDDF02FD93EE7457707E0A6A54D8D8E88AAA2
5052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RF141442.TMPbinary
MD5:864F6EC995C31D2484D5DCCE33B2DD76
SHA256:CD8D625A236E9CE6B2FB5DF044893DB152B1789061E29C19EFD871E92CAB304F
5052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLogbinary
MD5:864F6EC995C31D2484D5DCCE33B2DD76
SHA256:CD8D625A236E9CE6B2FB5DF044893DB152B1789061E29C19EFD871E92CAB304F
5052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\30a5880a-2d95-4f57-a221-c85470c138e7.tmpbinary
MD5:41C1930548D8B99FF1DBB64BA7FECB3D
SHA256:16CEE17A989167242DD7EE2755721E357DD23BCFCB61F5789CC19DEAFE7CA502
6932WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6932.40933\DropCheats\ReadMe.txttext
MD5:86851F0AE000F744375226D71B1269A4
SHA256:9C357E9778B381142FA90A42D6AACF62F5C9717DEF39099816A8B782302165E4
5052msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RF141432.TMPbinary
MD5:9AD0B6796B336C23767FC5A8E66A2A3E
SHA256:FE3E6BF854401FFDAAD7291D82DD868FFACE216404C118CDB512FF858321B6F3
6932WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6932.40933\DropCheats\assets\csgo_icons.ttfbinary
MD5:15A58B8434E672BB272F655759D898CB
SHA256:885EDB828B3BDB0A2BD61ED9F588D2B6FD5540A234C0BD25CCB0ADC44A64205A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
236
DNS requests
333
Threats
23

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2840
svchost.exe
GET
200
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?13436be0d10cbdfe
unknown
whitelisted
2840
svchost.exe
GET
304
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6c478a3cb1f9bc68
unknown
whitelisted
2840
svchost.exe
GET
200
199.232.210.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?bab80a0e0e91e0ea
unknown
whitelisted
6284
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:H_hf0nwS_p8-DF1kRFT5bY2h8Ndc0JYtPWi7bhb9MVM&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1524
svchost.exe
GET
200
2.18.64.212:80
http://www.msftconnecttest.com/connecttest.txt
unknown
whitelisted
4132
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5268
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1750793256&P2=404&P3=2&P4=Vqw%2bRM%2bTo3YQ%2bdEgDOR7m3mihjxWFtSLjLVTta1r8ykd5vn6jVN1jRuDq%2fBS2FLKzV4aOntrB6sinO5AqhWa6w%3d%3d
unknown
whitelisted
5268
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1750793256&P2=404&P3=2&P4=Vqw%2bRM%2bTo3YQ%2bdEgDOR7m3mihjxWFtSLjLVTta1r8ykd5vn6jVN1jRuDq%2fBS2FLKzV4aOntrB6sinO5AqhWa6w%3d%3d
unknown
whitelisted
5268
svchost.exe
GET
206
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/bf8090eb-6e5c-4c51-9250-5bf9b46cf160?P1=1750793256&P2=404&P3=2&P4=Vqw%2bRM%2bTo3YQ%2bdEgDOR7m3mihjxWFtSLjLVTta1r8ykd5vn6jVN1jRuDq%2fBS2FLKzV4aOntrB6sinO5AqhWa6w%3d%3d
unknown
whitelisted
6284
msedge.exe
GET
200
216.239.32.29:80
http://pki.goog/gsr1/gsr1.crt
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
3716
rundll32.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6424
OfficeC2RClient.exe
52.109.28.46:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
52.109.28.46:443
officeclient.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
GB
whitelisted
6964
firefox.exe
34.120.208.123:443
incoming.telemetry.mozilla.org
GOOGLE-CLOUD-PLATFORM
US
whitelisted
4424
pingsender.exe
34.120.208.123:443
incoming.telemetry.mozilla.org
GOOGLE-CLOUD-PLATFORM
US
whitelisted
1524
svchost.exe
2.18.64.200:80
Administracion Nacional de Telecomunicaciones
UY
unknown
2860
svchost.exe
20.42.65.90:443
v10.events.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2840
svchost.exe
199.232.210.172:80
ctldl.windowsupdate.com
FASTLY
US
whitelisted
6284
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
officeclient.microsoft.com
  • 52.109.28.46
whitelisted
incoming.telemetry.mozilla.org
  • 34.120.208.123
whitelisted
telemetry-incoming.r53-2.services.mozilla.com
  • 34.120.208.123
whitelisted
google.com
  • 142.250.186.46
whitelisted
v10.events.data.microsoft.com
  • 20.42.65.90
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
dropcheats.net
  • 104.21.6.136
  • 172.67.154.225
unknown
ctldl.windowsupdate.com
  • 199.232.210.172
  • 199.232.214.172
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Image Sharing Service (imgur.com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Not Suspicious Traffic
INFO [ANY.RUN] Image Sharing Service (imgur.com)
Not Suspicious Traffic
INFO [ANY.RUN] Image Sharing Service (imgur.com)
Not Suspicious Traffic
INFO [ANY.RUN] Image Sharing Service (imgur.com)
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Potentially Bad Traffic
ET HUNTING File Sharing Related Domain (www .mediafire .com) in DNS Lookup
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
Process
Message
chrome.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\Temp\chr48D.tmp directory exists )
msedge.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\Temp\chr171C.tmp directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://dropcheats.net/download/?game=Roblox