URL:

https://github.com/chillycontro/evil-mario-virus/blob/main/built-file/nice-computer-you-got-there.exe

Full analysis: https://app.any.run/tasks/e4b882f7-7978-4a3a-8a61-c28e1f2937ed
Verdict: Malicious activity
Analysis date: December 27, 2023, 13:35:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

EDB2FFFB1A2042B333CE0BBB61742BD2

SHA1:

A57D667BE6CE52DB015FBBF34458D194599B2B8C

SHA256:

69730D89BB5F2A9C59253B1D7FD4B008E7541487295F9FF61CE1D64513B45B5B

SSDEEP:

3:N8tEd2NMH6LxmT3vAyERw+iIZAxKQSBan:2ugNMH6qvAysg6pBan

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Steals credentials from Web Browsers

      • taskhost.exe (PID: 3100)
      • setup.exe (PID: 3976)

    • Changes the autorun value in the registry

      • unregmp2.exe (PID: 3452)
      • regsvr32.exe (PID: 3600)

    • Create files in the Startup directory

      • regsvr32.exe (PID: 3600)

  • SUSPICIOUS

    • Reads Internet Explorer settings

      • ie4uinit.exe (PID: 1124)

    • Reads the Internet Settings

      • ie4uinit.exe (PID: 1124)
      • taskhost.exe (PID: 3100)
      • rundll32.exe (PID: 3372)
      • rundll32.exe (PID: 3136)
      • ie4uinit.exe (PID: 3732)
      • ie4uinit.exe (PID: 3676)

    • Changes internet zones settings

      • ie4uinit.exe (PID: 1124)

    • Reads Microsoft Outlook installation path

      • ie4uinit.exe (PID: 1124)

    • Write to the desktop.ini file (may be used to cloak folders)

      • ie4uinit.exe (PID: 1124)
      • unregmp2.exe (PID: 3452)
      • regsvr32.exe (PID: 3600)

    • Uses RUNDLL32.EXE to load library

      • ie4uinit.exe (PID: 1124)
      • rundll32.exe (PID: 3136)

    • Changes default file association

      • unregmp2.exe (PID: 3452)

    • Reads settings of System Certificates

      • sipnotify.exe (PID: 2496)

  • INFO

    • Drops the executable file immediately after the start

      • chrome.exe (PID: 2404)
      • chrome.exe (PID: 2620)
      • nice-computer-you-got-there.exe (PID: 3900)

    • Checks supported languages

      • nice-computer-you-got-there.exe (PID: 3900)
      • setup.exe (PID: 3348)
      • setup.exe (PID: 3976)
      • setup.exe (PID: 924)
      • IMEKLMG.EXE (PID: 3068)
      • IMEKLMG.EXE (PID: 3544)
      • wmpnscfg.exe (PID: 1776)
      • IMKRMIG.EXE (PID: 3456)
      • wmpnscfg.exe (PID: 2256)

    • The process uses the downloaded file

      • chrome.exe (PID: 2768)
      • chrome.exe (PID: 2620)

    • Manual execution by a user

      • chrome.exe (PID: 2620)
      • ie4uinit.exe (PID: 1124)
      • ie4uinit.exe (PID: 3676)
      • unregmp2.exe (PID: 3452)
      • ie4uinit.exe (PID: 3732)
      • regsvr32.exe (PID: 3600)
      • chrmstp.exe (PID: 1168)
      • setup.exe (PID: 3976)
      • IMEKLMG.EXE (PID: 3068)
      • wmpnscfg.exe (PID: 1776)
      • IMEKLMG.EXE (PID: 3544)
      • wmpnscfg.exe (PID: 2256)

    • Application launched itself

      • chrome.exe (PID: 2620)
      • iexplore.exe (PID: 124)
      • ie4uinit.exe (PID: 1124)
      • rundll32.exe (PID: 3136)
      • chrmstp.exe (PID: 3876)
      • setup.exe (PID: 3976)
      • msedge.exe (PID: 4076)
      • chrmstp.exe (PID: 1168)

    • Reads the computer name

      • nice-computer-you-got-there.exe (PID: 3900)
      • setup.exe (PID: 3348)
      • setup.exe (PID: 924)
      • IMEKLMG.EXE (PID: 3544)
      • IMEKLMG.EXE (PID: 3068)
      • wmpnscfg.exe (PID: 2256)
      • wmpnscfg.exe (PID: 1776)

    • Create files in a temporary directory

      • nice-computer-you-got-there.exe (PID: 3900)

    • Executes as Windows Service

      • taskhost.exe (PID: 3100)
      • EOSNotify.exe (PID: 2088)

    • Reads security settings of Internet Explorer

      • ie4uinit.exe (PID: 1124)
      • sipnotify.exe (PID: 2496)

    • The process executes via Task Scheduler

      • sipnotify.exe (PID: 2496)

    • Creates files in the program directory

      • ie4uinit.exe (PID: 1124)
      • chrmstp.exe (PID: 3876)
      • chrmstp.exe (PID: 1168)
      • setup.exe (PID: 3976)
      • setup.exe (PID: 3348)
      • setup.exe (PID: 924)

    • Process checks are UAC notifies on

      • IMEKLMG.EXE (PID: 3068)
      • IMEKLMG.EXE (PID: 3544)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
102
Monitored processes
56
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs nice-computer-you-got-there.exe no specs Profile Notification Host no specs taskhost.exe sipnotify.exe ie4uinit.exe no specs ie4uinit.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs ie4uinit.exe no specs unregmp2.exe ie4uinit.exe no specs regsvr32.exe chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs chrmstp.exe no specs setup.exe setup.exe no specs setup.exe no specs msedge.exe no specs msedge.exe no specs imeklmg.exe no specs imeklmg.exe no specs imkrmig.exe no specs Thumbnail Cache Out of Proc Server no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs wmpnscfg.exe no specs eosnotify.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\Internet Explorer\iexplore.exe" "https://github.com/chillycontro/evil-mario-virus/blob/main/built-file/nice-computer-you-got-there.exe"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1073807364
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
292"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --disable-quic --mojo-platform-channel-handle=3612 --field-trial-handle=1200,i,10001080234903040669,10074260923991646665,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
548"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1260 --field-trial-handle=1300,i,1316802875711040264,2922886012659368562,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
Administrator
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
924"C:\Program Files\Microsoft\Edge\Application\109.0.1518.115\Installer\setup.exe" --msedge --channel=stable --launch-msedge-after-unlock --verbose-logging --system-levelC:\Program Files\Microsoft\Edge\Application\109.0.1518.115\Installer\setup.exesetup.exe
User:
Administrator
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Installer
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\109.0.1518.115\installer\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
952"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2324 --field-trial-handle=1200,i,10001080234903040669,10074260923991646665,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1124"C:\Windows\System32\ie4uinit.exe" -UserConfigC:\Windows\System32\ie4uinit.exeexplorer.exe
User:
Administrator
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
IE Per-User Initialization Utility
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\windows\system32\ie4uinit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1168"C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-levelC:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exeexplorer.exe
User:
Administrator
Company:
Google LLC
Integrity Level:
HIGH
Description:
Google Chrome Installer
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\109.0.5414.120\installer\chrmstp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\shell32.dll
1572"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=1612 --field-trial-handle=1200,i,10001080234903040669,10074260923991646665,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1776"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
Administrator
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1924"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6a4d8b38,0x6a4d8b48,0x6a4d8b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
1073807364
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
29 236
Read events
28 263
Write events
964
Delete events
9

Modification events

(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(124) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
19
Suspicious files
261
Text files
245
Unknown types
2

Dropped files

PID
Process
Filename
Type
2204iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQDHICYI.txttext
MD5:F2D27CC785BB8FD02E9DB99C3A13F00C
SHA256:3E053045F3E58F884037BFB14AAF12366D546DAC13F4248160378C646BADDDEF
2204iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\nice-computer-you-got-there[1].htmhtml
MD5:5042A41EDC9E9A6BAA7BCDBD9BF6A30B
SHA256:75DA9AFA547B6ADDC8CE0B3EB0068A7B94AD82DAC16800394791D698D8CBBDC3
2204iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\github-9ed33716809f[1].csstext
MD5:A73A04919D3934755B5E41F0C2417616
SHA256:2FC6FE36E52251D5184230BAFA10A9E6EC14A971A5FE64F0EFE52ED2C3A73ED9
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\50CD3D75D026C82E2E718570BD6F44D0_D222662A57BAA60D2F5EA0D2CC7B2F1Cbinary
MD5:96641C25D317A6BB29DE0CF7B3573C0F
SHA256:5C9ED16F09391E207F2E7A50BCF5D919BEBC5374AE740C9061AAF561BBCE459B
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:ECB284C70991039CE9612BE9BCC4E8C4
SHA256:90982BF7FE3DE16A8497655115D203AFF6FC08080DB9D974E8CCC69718116167
2204iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\light-38f1bf52eeeb[1].csstext
MD5:A42BEC9F78A4A06DB5216358416DD0CC
SHA256:30A7DB90B8A00A79548E168113FFA6DE2F8A6D1A30A4242D2570C02F43A4BF67
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565binary
MD5:14E82BFC8E9BC0CA25DC1B36B72C210E
SHA256:CAD96E2BAB4E85B3E08B88FEFBA1D661CFD3BEA0DEA420ACD521D56FB05D585D
2204iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\primer-primitives-971c6be3ec9f[1].csstext
MD5:A22465990ABA9644964F77D64B0544CC
SHA256:5A5714B3410DB5A37CA06954C5E34D1332A511683276730E6C85105535B9328F
2204iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\vendors-node_modules_dompurify_dist_purify_js-6890e890956f[1].jstext
MD5:80FA30C00E347B5BBC8B7FF9DC2C9F44
SHA256:BE77C75CF182F1830D0F90B8D7AEE460F0108C6E7F5A143A524F709B9023C80D
2204iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419binary
MD5:1CFFFD3049B8BFF696BCF4B80F155267
SHA256:C2D9177B46E4A83FA01CC53A3F68CE0949102A222324B8E919220726248851E5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
64
DNS requests
64
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2204
iexplore.exe
GET
200
178.79.208.1:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6b21170b0e7a1648
unknown
compressed
4.66 Kb
unknown
2204
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAfy81yHqHeveu%2FpR5k1Jb0%3D
unknown
binary
471 b
unknown
2204
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrHR6YzPN2BNbByL0VoiTIBBMAOAQUCrwIKReMpTlteg7OM8cus%2B37w3oCEAzQqL7GMs%2FmReygqbCE%2Bxw%3D
unknown
binary
312 b
unknown
124
iexplore.exe
GET
304
178.79.208.1:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a85e8d0c2f0a71a5
unknown
unknown
124
iexplore.exe
GET
304
178.79.208.1:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1a6e676fbb64f2cc
unknown
unknown
124
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
314 b
unknown
124
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAqvpsXKY8RRQeo74ffHUxc%3D
unknown
binary
471 b
unknown
124
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA177el9ggmWelJjG4vdGL0%3D
unknown
binary
471 b
unknown
2496
sipnotify.exe
HEAD
200
23.212.215.38:80
http://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2JgkA?v=133481578235420000
unknown
unknown
2496
sipnotify.exe
GET
200
23.212.215.38:80
http://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2JgkA?v=133481578235420000
unknown
compressed
78.4 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2204
iexplore.exe
140.82.121.4:443
github.com
GITHUB
US
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2204
iexplore.exe
178.79.208.1:80
ctldl.windowsupdate.com
LLNW
NL
unknown
2204
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2204
iexplore.exe
185.199.109.154:443
github.githubassets.com
FASTLY
US
unknown
124
iexplore.exe
185.199.109.154:443
github.githubassets.com
FASTLY
US
unknown
124
iexplore.exe
178.79.208.1:80
ctldl.windowsupdate.com
LLNW
NL
unknown
124
iexplore.exe
23.37.226.90:443
www.bing.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
github.com
  • 216.58.212.170
  • 216.58.212.138
  • 142.250.185.74
  • 142.250.185.106
  • 142.250.185.138
  • 142.250.185.170
  • 142.250.185.202
  • 142.250.185.234
  • 142.250.186.74
  • 142.250.186.106
  • 142.250.181.234
  • 142.250.184.202
  • 142.250.184.234
  • 142.250.186.138
  • 142.250.186.42
  • 172.217.18.10
  • 140.82.121.4
shared
ctldl.windowsupdate.com
  • 178.79.208.1
  • 87.248.202.1
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
github.githubassets.com
  • 185.199.109.154
  • 185.199.111.154
  • 185.199.110.154
  • 185.199.108.154
whitelisted
avatars.githubusercontent.com
  • 185.199.108.133
  • 185.199.109.133
  • 185.199.110.133
  • 185.199.111.133
whitelisted
github-cloud.s3.amazonaws.com
  • 16.182.103.97
  • 52.216.48.41
  • 52.216.212.233
  • 52.217.224.201
  • 52.217.229.41
  • 16.182.71.113
  • 52.217.123.49
  • 54.231.171.161
  • 54.231.231.81
  • 3.5.29.78
  • 52.217.230.225
  • 52.216.212.249
  • 3.5.28.217
  • 52.217.142.81
  • 52.217.121.137
  • 16.182.72.73
  • 16.182.72.9
  • 3.5.28.113
  • 52.217.201.1
  • 3.5.0.21
  • 52.216.166.91
  • 52.217.106.28
  • 52.216.35.249
  • 3.5.27.104
  • 52.216.10.163
  • 52.216.42.49
  • 3.5.25.218
  • 52.217.137.137
  • 52.217.128.129
  • 52.216.39.41
  • 3.5.9.225
  • 54.231.195.249
shared
user-images.githubusercontent.com
  • 185.199.108.133
  • 185.199.109.133
  • 185.199.110.133
  • 185.199.111.133
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 23.37.226.90
  • 23.53.43.185
  • 23.37.226.89
  • 23.53.43.170
  • 23.53.43.177
  • 23.53.43.179
  • 23.37.226.88
  • 23.37.226.80
  • 23.37.226.81
  • 23.37.226.96
  • 23.53.43.96
  • 23.53.43.113
  • 23.37.226.106
  • 23.53.43.98
  • 23.53.43.104
  • 23.37.226.113
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/chillycontro/evil-mario-virus/blob/main/built-file/nice-computer-you-got-there.exe