File name:

battoexe.exe

Full analysis: https://app.any.run/tasks/ca6a13e5-42d6-4e04-8fa9-53aa02546281
Verdict: Malicious activity
Analysis date: May 18, 2025, 09:55:47
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
inno
installer
auto-download
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

6347AD106E9B68B5D30DE78FA7AE8CF8

SHA1:

81987153B4BE7BC3E26362C2C29D4BCC0DF7F345

SHA256:

62C750D829F9606D8AA2BE5D72BAF48825ABD9AA6A3408B244DF6A75BA1293BA

SSDEEP:

98304:8kLtTk7XacnJquZ2EAG4loScUzNb5AEuS5OyZbOcACbR2guM7tPpx:7xuKcnvZ2g4l7zJMygxCH7tPn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • battoexe.exe (PID: 7348)
      • battoexe.exe (PID: 7492)
      • battoexe.tmp (PID: 7528)

    • Reads security settings of Internet Explorer

      • battoexe.tmp (PID: 7368)
      • quickbfc.exe (PID: 8096)

    • Reads the Windows owner or organization settings

      • battoexe.tmp (PID: 7528)

    • There is functionality for taking screenshot (YARA)

      • quickbfc.exe (PID: 8096)

  • INFO

    • Checks supported languages

      • battoexe.exe (PID: 7348)
      • battoexe.tmp (PID: 7368)
      • battoexe.exe (PID: 7492)
      • battoexe.tmp (PID: 7528)
      • identity_helper.exe (PID: 7704)
      • quickbfc.exe (PID: 8096)

    • Create files in a temporary directory

      • battoexe.exe (PID: 7348)
      • battoexe.exe (PID: 7492)
      • battoexe.tmp (PID: 7528)

    • Reads the computer name

      • battoexe.tmp (PID: 7368)
      • battoexe.tmp (PID: 7528)
      • quickbfc.exe (PID: 8096)
      • identity_helper.exe (PID: 7704)

    • Process checks computer location settings

      • battoexe.tmp (PID: 7368)

    • Detects InnoSetup installer (YARA)

      • battoexe.exe (PID: 7348)
      • battoexe.tmp (PID: 7368)
      • battoexe.exe (PID: 7492)
      • battoexe.tmp (PID: 7528)

    • Compiled with Borland Delphi (YARA)

      • battoexe.exe (PID: 7348)
      • battoexe.tmp (PID: 7368)
      • battoexe.exe (PID: 7492)
      • battoexe.tmp (PID: 7528)
      • quickbfc.exe (PID: 8096)

    • The sample compiled with english language support

      • battoexe.tmp (PID: 7528)

    • Creates files in the program directory

      • battoexe.tmp (PID: 7528)

    • Checks proxy server information

      • quickbfc.exe (PID: 8096)
      • battoexe.tmp (PID: 7368)

    • The sample compiled with russian language support

      • battoexe.tmp (PID: 7528)

    • Creates files or folders in the user directory

      • battoexe.tmp (PID: 7528)
      • quickbfc.exe (PID: 8096)

    • Creates a software uninstall entry

      • battoexe.tmp (PID: 7528)

    • Local mutex for internet shortcut management

      • battoexe.tmp (PID: 7368)

    • Application launched itself

      • msedge.exe (PID: 8144)

    • Reads the machine GUID from the registry

      • quickbfc.exe (PID: 8096)

    • Reads the software policy settings

      • quickbfc.exe (PID: 8096)

    • Reads Environment values

      • identity_helper.exe (PID: 7704)

    • Manual execution by a user

      • msedge.exe (PID: 456)
      • OpenWith.exe (PID: 7800)
      • OpenWith.exe (PID: 6480)
      • OpenWith.exe (PID: 728)
      • OpenWith.exe (PID: 6264)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4408)
      • msedge.exe (PID: 8144)

    • Auto-launch of the file from Downloads directory

      • msedge.exe (PID: 8052)
      • msedge.exe (PID: 7472)
      • msedge.exe (PID: 7216)
      • msedge.exe (PID: 444)
      • msedge.exe (PID: 8144)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2022:04:14 16:10:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 76800
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 5.3.1.0
ProductVersionNumber: 5.3.1.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: AbyssMedia.com
FileDescription: Quick Batch File Compiler Setup
FileVersion: 5.3.1.0
LegalCopyright: Copyright © 2001-2023 by AbyssMedia.com
OriginalFileName:
ProductName: Quick Batch File Compiler
ProductVersion: 5.3.1.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
197
Monitored processes
66
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start battoexe.exe battoexe.tmp no specs battoexe.exe battoexe.tmp quickbfc.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs openwith.exe no specs openwith.exe no specs msedge.exe no specs msedge.exe no specs openwith.exe no specs openwith.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
444"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7048 --field-trial-handle=2476,i,4308115192426716771,8757035890450536253,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
456"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-startC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
684"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=7344 --field-trial-handle=2476,i,4308115192426716771,8757035890450536253,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
728"C:\WINDOWS\System32\OpenWith.exe" "C:\Users\admin\Downloads\wavecut (4).exe:Zone.Identifier"C:\Windows\System32\OpenWith.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Pick an app
Exit code:
2147942487
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\openwith.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
732"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4624 --field-trial-handle=2476,i,4308115192426716771,8757035890450536253,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
812"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6512 --field-trial-handle=2476,i,4308115192426716771,8757035890450536253,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6848 --field-trial-handle=2476,i,4308115192426716771,8757035890450536253,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2468 --field-trial-handle=2476,i,4308115192426716771,8757035890450536253,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2240"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7452 --field-trial-handle=2476,i,4308115192426716771,8757035890450536253,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
2908"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=4412 --field-trial-handle=2476,i,4308115192426716771,8757035890450536253,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
17 239
Read events
17 159
Write events
80
Delete events
0

Modification events

(PID) Process:(7528) battoexe.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.1
(PID) Process:(7528) battoexe.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files (x86)\Abyssmedia\Quick Batch File Compiler
(PID) Process:(7528) battoexe.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\Abyssmedia\Quick Batch File Compiler\
(PID) Process:(7528) battoexe.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Icon Group
Value:
Abyssmedia\Quick Batch File Compiler
(PID) Process:(7528) battoexe.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(7528) battoexe.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Setup Type
Value:
full
(PID) Process:(7528) battoexe.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Selected Components
Value:
main,help
(PID) Process:(7528) battoexe.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Deselected Components
Value:
(PID) Process:(7528) battoexe.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
desktopicon,quicklaunchicon
(PID) Process:(7528) battoexe.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Quick Batch File Compiler_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
Executable files
36
Suspicious files
233
Text files
48
Unknown types
0

Dropped files

PID
Process
Filename
Type
7348battoexe.exeC:\Users\admin\AppData\Local\Temp\is-23NN6.tmp\battoexe.tmpexecutable
MD5:5833EC81747058A0816810CE98CDCC31
SHA256:29EBEA51CD8C86790066B71E76FF9FF33D8C13976A818A28D5BB23D245C45D82
7528battoexe.tmpC:\Program Files (x86)\Abyssmedia\Quick Batch File Compiler\quickbfcc.x86binary
MD5:E216CC20488C42A92AD3A105AEAC661B
SHA256:72EC97E134452EC5F9735812EFD7C389DAB8354C41421A8E34AEDBC6B56BE0F6
7528battoexe.tmpC:\Program Files (x86)\Abyssmedia\Quick Batch File Compiler\is-F7171.tmpexecutable
MD5:6A9E0B6A9FE597B872B70AF7A5350EB1
SHA256:6A8ED4DF8D464A8C40B57EEC8E08D1E83504AAAFF84FA3FA7CAF4873C0985845
7528battoexe.tmpC:\Users\admin\AppData\Local\Temp\is-9L86T.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7528battoexe.tmpC:\Program Files (x86)\Abyssmedia\Quick Batch File Compiler\is-ELPQN.tmpexecutable
MD5:4C8759553AEC34F5BDCF77F5F4462E37
SHA256:CDB5F99FB3BD0762D2280E702073F3805CD20246195775F070347F1F83651026
7528battoexe.tmpC:\Program Files (x86)\Abyssmedia\Quick Batch File Compiler\is-DJJIK.tmpbinary
MD5:4D85BD981865347141BD5636A680F36A
SHA256:32D25AB6077D8CBEF99D1275796F2344490F263425D52CDA013A61F1B276C1F7
7492battoexe.exeC:\Users\admin\AppData\Local\Temp\is-K9OLD.tmp\battoexe.tmpexecutable
MD5:5833EC81747058A0816810CE98CDCC31
SHA256:29EBEA51CD8C86790066B71E76FF9FF33D8C13976A818A28D5BB23D245C45D82
7528battoexe.tmpC:\Program Files (x86)\Abyssmedia\Quick Batch File Compiler\unins000.exeexecutable
MD5:4C8759553AEC34F5BDCF77F5F4462E37
SHA256:CDB5F99FB3BD0762D2280E702073F3805CD20246195775F070347F1F83651026
7528battoexe.tmpC:\Program Files (x86)\Abyssmedia\Quick Batch File Compiler\is-9S7LB.tmpbinary
MD5:3C9F3E1D90C84C3B7252E24F493142A6
SHA256:138498868093E96160F01A4822EA848771C8A4F1E7D4ABBE1D7E725BB11D8E87
7528battoexe.tmpC:\Program Files (x86)\Abyssmedia\Quick Batch File Compiler\quickbfc.exeexecutable
MD5:6A9E0B6A9FE597B872B70AF7A5350EB1
SHA256:6A8ED4DF8D464A8C40B57EEC8E08D1E83504AAAFF84FA3FA7CAF4873C0985845
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
29
TCP/UDP connections
128
DNS requests
67
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2104
svchost.exe
GET
200
23.216.77.15:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7704
SIHClient.exe
GET
200
23.216.77.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
7704
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
2104
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7704
SIHClient.exe
GET
200
23.216.77.19:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
7704
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
7704
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
7704
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7704
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
3008
svchost.exe
HEAD
200
199.232.214.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1747705117&P2=404&P3=2&P4=C087x87gRt0PM3x9IY9I0M8RQvvHWrzx0bq%2fX6jwE2sE5j8uvZuOhYYfVEzdMewJa0oyXcvhks7xNkfMHqNfvg%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
23.216.77.15:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2104
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.134:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7704
SIHClient.exe
52.149.20.212:443
slscr.update.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 23.216.77.15
  • 23.216.77.28
  • 23.216.77.22
  • 23.216.77.21
  • 23.216.77.42
  • 23.216.77.20
  • 23.216.77.18
  • 23.216.77.6
  • 23.216.77.19
  • 23.216.77.13
  • 23.216.77.25
  • 23.216.77.37
  • 23.216.77.36
  • 23.216.77.31
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 40.126.32.134
  • 40.126.32.68
  • 20.190.160.128
  • 20.190.160.22
  • 20.190.160.67
  • 20.190.160.131
  • 20.190.160.65
  • 40.126.32.74
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
www.abyssmedia.com
  • 170.130.40.51
unknown

Threats

PID
Process
Class
Message
4408
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4408
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4408
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
4408
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
4408
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
4408
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
4408
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
4408
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
battoexe.exe