File name:

fa5001018f58f4ff3ca038173b7a2fe2c1657ace0cab7c9e28fbf321bb85c019.bat

Full analysis: https://app.any.run/tasks/5c76994a-af2d-4a7c-a38e-9e062692a028
Verdict: No threats detected
Analysis date: April 14, 2026, 14:46:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
api-base64
MIME: text/x-msdos-batch
File info: DOS batch file, ASCII text, with very long lines (8005), with CRLF, CR line terminators
MD5:

3094FCF5B2B5073D011496276857ECF9

SHA1:

566B9B2CACD41E8EFD55725902029F9E2EB9305D

SHA256:

FA5001018F58F4FF3CA038173B7A2FE2C1657ACE0CAB7C9E28FBF321BB85C019

SSDEEP:

49152:rN0qNnMETIK6lLgIb6dYZZQ4lNNswYFeyCTQTIEkGYE0hYOa/YZ/4oTDzL5UjRMX:Y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Potential access to remote process (Base64 Encoded 'OpenProcess')

      • notepad.exe (PID: 2304)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 2304)

    • Potential library load (Base64 Encoded 'LoadLibrary')

      • notepad.exe (PID: 2304)

    • Potential dynamic function import (Base64 Encoded 'GetProcAddress')

      • notepad.exe (PID: 2304)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.bib/bibtex/txt | BibTeX references (100)
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
128
Monitored processes
1
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2304"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\fa5001018f58f4ff3ca038173b7a2fe2c1657ace0cab7c9e28fbf321bb85c019.bat.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
Total events
148
Read events
148
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
37
DNS requests
17
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6076
svchost.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
5800
SIHClient.exe
GET
200
74.178.240.51:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
5800
SIHClient.exe
GET
200
135.232.92.137:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
US
binary
958 b
whitelisted
5316
svchost.exe
POST
200
40.126.31.129:443
https://login.live.com/RST2.srf
US
xml
1.24 Kb
whitelisted
5316
svchost.exe
POST
400
40.126.31.129:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
5276
MoUsoCoreWorker.exe
GET
200
23.52.181.212:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
NL
binary
314 b
whitelisted
5316
svchost.exe
POST
400
40.126.31.129:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
5276
MoUsoCoreWorker.exe
23.52.181.212:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6076
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
92.123.104.5:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.11.41.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.120
  • 23.216.77.6
  • 23.216.77.36
  • 23.216.77.18
whitelisted
www.microsoft.com
  • 23.52.181.212
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
google.com
  • 192.178.183.138
  • 192.178.183.102
  • 192.178.183.100
  • 192.178.183.113
  • 192.178.183.139
  • 192.178.183.101
whitelisted
www.bing.com
  • 92.123.104.5
  • 92.123.104.6
  • 92.123.104.8
  • 92.123.104.9
  • 92.123.104.10
  • 92.123.104.7
  • 92.123.104.11
  • 92.123.104.66
  • 92.123.104.65
whitelisted
ocsp.digicert.com
  • 23.11.41.157
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 40.126.31.129
  • 40.126.31.131
  • 40.126.31.130
  • 40.126.31.1
  • 20.190.159.4
  • 20.190.159.68
  • 20.190.159.64
  • 20.190.159.131
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted

Threats

PID
Process
Class
Message
6076
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
fa5001018f58f4ff3ca038173b7a2fe2c1657ace0cab7c9e28fbf321bb85c019.bat