File name:

kali_in_batch.zip

Full analysis: https://app.any.run/tasks/f49d128e-2265-4671-8411-275e56f9f5d5
Verdict: Malicious activity
Analysis date: August 01, 2025, 01:14:02
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
arch-doc
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

4E35E527809A04B8AF950FDE11DA1024

SHA1:

9E34E6E4083D0BD9F357771C2F11A695FED7AE6D

SHA256:

6778FDD58B4C15D48E9AFF301BDFEB01F388E1BF4179403B5280A45D05C0E04A

SSDEEP:

768:HS0MoUBLDXEIrGY2d+RSF5sOudOefmQ3EV+goCm1e3RV:fMfEIrGToRs51udOCmS16X

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 1816)

  • SUSPICIOUS

    • Starts application with an unusual extension

      • cmd.exe (PID: 5628)
      • cmd.exe (PID: 3656)
      • busybox.exe (PID: 4084)
      • busybox.exe (PID: 4192)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 5628)

    • Executable content was dropped or overwritten

      • curl.exe (PID: 5744)

    • Application launched itself

      • cmd.exe (PID: 5628)
      • cmd.exe (PID: 4684)
      • busybox.exe (PID: 6636)
      • cmd.exe (PID: 768)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 6356)

    • Starts CMD.EXE for commands execution

      • busybox.exe (PID: 4232)
      • busybox.exe (PID: 3740)
      • cmd.exe (PID: 4684)
      • busybox.exe (PID: 6524)
      • cmd.exe (PID: 768)
      • cmd.exe (PID: 5628)
      • busybox.exe (PID: 5460)
      • busybox.exe (PID: 3652)
      • busybox.exe (PID: 6164)
      • busybox.exe (PID: 3112)
      • busybox.exe (PID: 6676)
      • busybox.exe (PID: 5424)
      • busybox.exe (PID: 5528)
      • busybox.exe (PID: 5236)
      • busybox.exe (PID: 6472)
      • busybox.exe (PID: 4544)

    • The executable file from the user directory is run by the CMD process

      • busybox.exe (PID: 2064)

  • INFO

    • Manual execution by a user

      • cmd.exe (PID: 5628)

    • Changes the display of characters in the console

      • cmd.exe (PID: 5628)
      • cmd.exe (PID: 3656)

    • Checks supported languages

      • chcp.com (PID: 856)
      • curl.exe (PID: 5744)
      • busybox.exe (PID: 6636)
      • busybox.exe (PID: 3740)
      • busybox.exe (PID: 6524)
      • busybox.exe (PID: 4232)
      • busybox.exe (PID: 3652)
      • chcp.com (PID: 4844)
      • busybox.exe (PID: 7080)
      • busybox.exe (PID: 4444)
      • busybox.exe (PID: 6164)
      • busybox.exe (PID: 1236)
      • busybox.exe (PID: 5460)
      • busybox.exe (PID: 3112)
      • busybox.exe (PID: 6676)
      • busybox.exe (PID: 4084)
      • tree.com (PID: 6868)
      • tree.com (PID: 3880)
      • busybox.exe (PID: 4192)
      • busybox.exe (PID: 6260)
      • busybox.exe (PID: 1336)
      • busybox.exe (PID: 5424)
      • busybox.exe (PID: 5528)
      • curl.exe (PID: 6140)
      • curl.exe (PID: 3624)
      • curl.exe (PID: 3852)
      • busybox.exe (PID: 5236)
      • curl.exe (PID: 4688)
      • curl.exe (PID: 4700)
      • curl.exe (PID: 5476)
      • curl.exe (PID: 4648)
      • busybox.exe (PID: 2064)
      • busybox.exe (PID: 4544)
      • busybox.exe (PID: 6472)
      • busybox.exe (PID: 2356)

    • Execution of CURL command

      • cmd.exe (PID: 5628)
      • cmd.exe (PID: 768)

    • Reads the computer name

      • curl.exe (PID: 5744)
      • busybox.exe (PID: 6636)
      • curl.exe (PID: 6140)
      • curl.exe (PID: 3624)
      • curl.exe (PID: 3852)
      • curl.exe (PID: 4688)
      • curl.exe (PID: 4700)
      • curl.exe (PID: 5476)
      • curl.exe (PID: 4648)
      • busybox.exe (PID: 2064)
      • busybox.exe (PID: 2356)

    • The sample compiled with english language support

      • curl.exe (PID: 5744)

    • Reads the machine GUID from the registry

      • busybox.exe (PID: 6636)
      • busybox.exe (PID: 3740)
      • busybox.exe (PID: 6524)
      • busybox.exe (PID: 4232)
      • busybox.exe (PID: 3652)
      • busybox.exe (PID: 7080)
      • busybox.exe (PID: 4444)
      • busybox.exe (PID: 6164)
      • busybox.exe (PID: 5460)
      • busybox.exe (PID: 1236)
      • busybox.exe (PID: 3112)
      • busybox.exe (PID: 6676)
      • busybox.exe (PID: 4084)
      • busybox.exe (PID: 4192)
      • busybox.exe (PID: 6260)
      • busybox.exe (PID: 1336)
      • busybox.exe (PID: 5424)
      • busybox.exe (PID: 5528)
      • busybox.exe (PID: 5236)
      • busybox.exe (PID: 2064)
      • busybox.exe (PID: 6472)
      • busybox.exe (PID: 4544)
      • busybox.exe (PID: 2356)

    • Checks operating system version

      • cmd.exe (PID: 4684)
      • cmd.exe (PID: 768)

    • Checks proxy server information

      • slui.exe (PID: 4196)

    • Reads the software policy settings

      • slui.exe (PID: 4196)

    • Checks the directory tree

      • tree.com (PID: 6868)
      • tree.com (PID: 3880)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:08:01 01:09:04
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: src/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
220
Monitored processes
78
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs rundll32.exe no specs cmd.exe conhost.exe no specs chcp.com no specs where.exe no specs where.exe no specs timeout.exe no specs choice.exe no specs xcopy.exe no specs xcopy.exe no specs xcopy.exe no specs xcopy.exe no specs xcopy.exe no specs curl.exe slui.exe where.exe no specs where.exe no specs subst.exe no specs where.exe no specs cmd.exe no specs powershell.exe no specs xcopy.exe no specs xcopy.exe no specs xcopy.exe no specs xcopy.exe no specs xcopy.exe no specs xcopy.exe no specs where.exe no specs where.exe no specs busybox.exe no specs busybox.exe no specs cmd.exe no specs busybox.exe no specs cmd.exe no specs cmd.exe no specs busybox.exe no specs cmd.exe no specs cmd.exe no specs busybox.exe no specs cmd.exe no specs busybox.exe no specs cmd.exe no specs chcp.com no specs busybox.exe no specs busybox.exe no specs busybox.exe no specs cmd.exe no specs busybox.exe no specs busybox.exe no specs cmd.exe no specs busybox.exe no specs cmd.exe no specs busybox.exe no specs tree.com no specs busybox.exe no specs tree.com no specs busybox.exe no specs cmd.exe no specs busybox.exe no specs busybox.exe no specs busybox.exe no specs cmd.exe no specs busybox.exe no specs cmd.exe no specs curl.exe curl.exe curl.exe curl.exe curl.exe curl.exe curl.exe busybox.exe no specs busybox.exe no specs busybox.exe no specs cmd.exe no specs busybox.exe no specs cmd.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
320where winget C:\Windows\System32\where.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Where - Lists location of files
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\where.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
592C:\WINDOWS\system32\cmd.exe /c clearC:\Windows\System32\cmd.exebusybox.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
768C:\WINDOWS\system32\cmd.exe /c uname -aC:\Windows\System32\cmd.exebusybox.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
768C:\WINDOWS\system32\cmd.exe /c pkg install example-packageC:\Windows\System32\cmd.exebusybox.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
856chcp 65001 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
1236sh --fs 0000000000000164C:\Users\admin\kali\usr\bin\busybox.exebusybox.exe
User:
admin
Company:
frippery.org
Integrity Level:
HIGH
Description:
BusyBox multi-call binary
Exit code:
0
Version:
1.38.0-FRP-5579-g5749feb35
Modules
Images
c:\users\admin\kali\usr\bin\busybox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1336C:\WINDOWS\system32\cmd.exe /c verC:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1336sh --fs 00000000000001FCC:\Users\admin\kali\usr\bin\busybox.exebusybox.exe
User:
admin
Company:
frippery.org
Integrity Level:
HIGH
Description:
BusyBox multi-call binary
Exit code:
0
Version:
1.38.0-FRP-5579-g5749feb35
Modules
Images
c:\users\admin\kali\usr\bin\busybox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1604C:\WINDOWS\system32\cmd.exe /c clearC:\Windows\System32\cmd.exebusybox.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
1632C:\WINDOWS\system32\cmd.exe /c clearC:\Windows\System32\cmd.exebusybox.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
Total events
10 424
Read events
10 210
Write events
46
Delete events
168

Modification events

(PID) Process:(1816) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(1816) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(1816) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(1816) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\kali_in_batch.zip
(PID) Process:(1816) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1816) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1816) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1816) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1816) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:15
Value:
(PID) Process:(1816) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\DialogEditHistory\ExtrPath
Operation:delete valueName:14
Value:
Executable files
1
Suspicious files
1
Text files
66
Unknown types
0

Dropped files

PID
Process
Filename
Type
1816WinRAR.exeC:\Users\admin\Desktop\kali_in_batch\src\bin\touch.battext
MD5:C40C37E4C424A72F77CBE28610CF29BC
SHA256:DAF92F9C839DE88B74E9E18A031D59907B87147422523FED3A1900C48177F620
1816WinRAR.exeC:\Users\admin\Desktop\kali_in_batch\src\lib\posix\fork.battext
MD5:0B86690A8980582618A3F92237E87064
SHA256:C0D8DD4A3F47A42A5B4839539D17AAEF6DCA2D3E83B46856F1E66F5573D4E497
1816WinRAR.exeC:\Users\admin\Desktop\kali_in_batch\src\lib\posix\mkdir.battext
MD5:328EF7B218E8DC695285CAA974CB762F
SHA256:B90D4397F7E905F34DCA883747BDBD9F2AEB7C0B24EB43DBE929F6561CFB2174
1816WinRAR.exeC:\Users\admin\Desktop\kali_in_batch\src\include\unistd.htext
MD5:7CB5F504030A0A1FAC832D326A22AE66
SHA256:49C5A10521786154DBFFE4819FFB0F76EF53090B27C657CB879720DE09ED9C7F
1816WinRAR.exeC:\Users\admin\Desktop\kali_in_batch\src\bin\uname.battext
MD5:5AB0E43BA2E24969CAB43974B4F79CF2
SHA256:084AED3312BABCCCE5A4873FADEBC31B2812E199053C1BF54704AC9795812513
1816WinRAR.exeC:\Users\admin\Desktop\kali_in_batch\src\lib\posix\execl.battext
MD5:2689FE82CB0697F6247EE8878B0CA36C
SHA256:C23B2152A37C93D1897F370AD05A09B86271A004CEB149501454D1099712848A
1816WinRAR.exeC:\Users\admin\Desktop\kali_in_batch\src\bin\kibfetch.battext
MD5:C9B023E75D9B70C45168FDBF3457A487
SHA256:A2643D82CAA0B3104C29A6D102EF2595719B550AEEAA07BE4850A759C5DB499C
1816WinRAR.exeC:\Users\admin\Desktop\kali_in_batch\src\bin\lsb_release.battext
MD5:AB3FC6D9C78BA77385B88998BB7D28E1
SHA256:BD242CA792A755111E33C6EAD9597AA65D5D4AE9DCB6C939F319482C6DDA563A
1816WinRAR.exeC:\Users\admin\Desktop\kali_in_batch\src\lib\posix\rmdir.battext
MD5:8034AF01C457D5F41B40ECB326E7873F
SHA256:F6496CEAEEED34462017720EE968D0CCA3FDBB91E92C6D594385D5D33BD6C264
1816WinRAR.exeC:\Users\admin\Desktop\kali_in_batch\src\lib\posix\README.mdtext
MD5:ED8F05D78673A2159B2909D67798ABD0
SHA256:C7B887A52DA8871CA297CBBDB1842CC3326CD134BADC3A87E36DD15820B5A2D6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
12
TCP/UDP connections
40
DNS requests
29
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
184.24.77.7:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2612
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2612
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7040
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
764
lsass.exe
GET
200
192.124.249.22:80
http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D
unknown
whitelisted
764
lsass.exe
GET
200
192.124.249.22:80
http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D
unknown
whitelisted
2940
svchost.exe
GET
200
72.246.169.163:80
http://x1.c.lencr.org/
unknown
whitelisted
6876
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
764
lsass.exe
GET
200
104.18.38.233:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6012
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
184.24.77.7:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
7040
svchost.exe
40.126.32.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
7040
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 142.250.186.110
whitelisted
crl.microsoft.com
  • 184.24.77.7
  • 184.24.77.12
  • 184.24.77.11
  • 184.24.77.37
  • 184.24.77.42
  • 184.24.77.23
  • 184.24.77.6
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
login.live.com
  • 40.126.32.68
  • 20.190.160.66
  • 20.190.160.14
  • 20.190.160.132
  • 40.126.32.76
  • 20.190.160.130
  • 40.126.32.138
  • 20.190.160.128
  • 40.126.32.134
  • 20.190.160.67
  • 20.190.160.20
  • 20.190.160.4
  • 20.190.160.131
  • 40.126.32.140
  • 20.190.160.65
whitelisted
ocsp.digicert.com
  • 184.30.131.245
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 74.178.240.61
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.242.39.171
whitelisted
web.archive.org
  • 207.241.237.3
whitelisted
ocsp.godaddy.com
  • 192.124.249.22
  • 192.124.249.36
  • 192.124.249.24
  • 192.124.249.41
  • 192.124.249.23
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
kali_in_batch.zip