File name:

BonziWORLDTheNextLevel_2.2.1.exe

Full analysis: https://app.any.run/tasks/bebecb40-74e7-422b-9f9f-0e08b6785666
Verdict: Malicious activity
Analysis date: September 27, 2025, 20:50:41
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
nodejs
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

46F0B8988E05EF801082519492256896

SHA1:

11994F18B7AC3F5510E4BD542DD36FE9C4743BF2

SHA256:

DD3038161349DCD7E786D7AEBD76892F04F6DFD59D1D1D5E7BE113DFD4FE7A6D

SSDEEP:

393216:MBI6ueOoW4G4Tpy/7FyRwcH1eUl+j+0MM1d56e4ARGFNsmDfjGLin/WSacCvz1X5:zo+4sjFYzV0MMX4i1mD7Z/WLr+hNXRxo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

    • Get information on the list of running processes

      • cmd.exe (PID: 4540)
      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

    • Executable content was dropped or overwritten

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

    • Reads security settings of Internet Explorer

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

    • The process creates files with name similar to system file names

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

    • Application launched itself

      • BonziWORLD The Next Level.exe (PID: 2356)

    • Drops 7-zip archiver for unpacking

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

    • There is functionality for taking screenshot (YARA)

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

    • Process drops legitimate windows executable

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

    • Creates a software uninstall entry

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

    • Starts CMD.EXE for commands execution

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

  • INFO

    • The sample compiled with english language support

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

    • Checks supported languages

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)
      • BonziWORLD The Next Level.exe (PID: 5416)
      • BonziWORLD The Next Level.exe (PID: 2356)
      • BonziWORLD The Next Level.exe (PID: 2428)
      • BonziWORLD The Next Level.exe (PID: 6540)

    • Reads the computer name

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)
      • BonziWORLD The Next Level.exe (PID: 2356)
      • BonziWORLD The Next Level.exe (PID: 5416)
      • BonziWORLD The Next Level.exe (PID: 6540)

    • Create files in a temporary directory

      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)
      • BonziWORLD The Next Level.exe (PID: 2356)

    • Manual execution by a user

      • BonziWORLD The Next Level.exe (PID: 2356)

    • Creates files or folders in the user directory

      • BonziWORLD The Next Level.exe (PID: 2356)
      • BonziWORLD The Next Level.exe (PID: 6540)
      • BonziWORLDTheNextLevel_2.2.1.exe (PID: 1204)

    • Checks proxy server information

      • BonziWORLD The Next Level.exe (PID: 2356)
      • slui.exe (PID: 1160)

    • Process checks computer location settings

      • BonziWORLD The Next Level.exe (PID: 2356)
      • BonziWORLD The Next Level.exe (PID: 2428)

    • Reads the machine GUID from the registry

      • BonziWORLD The Next Level.exe (PID: 6540)

    • Reads the software policy settings

      • slui.exe (PID: 1160)
      • BonziWORLD The Next Level.exe (PID: 6540)

    • Node.js compiler has been detected

      • BonziWORLD The Next Level.exe (PID: 2356)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.2.1.0
ProductVersionNumber: 2.2.1.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: [email protected]
FileDescription: BonziWORLD: The Next Level
FileVersion: 2.2.1
LegalCopyright: Copyright © 2024 [email protected]
ProductName: BonziWORLD: The Next Level
ProductVersion: 2.2.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
137
Monitored processes
10
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start bonziworldthenextlevel_2.2.1.exe cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs bonziworld the next level.exe no specs bonziworld the next level.exe no specs bonziworld the next level.exe bonziworld the next level.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
1160C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1204"C:\Users\admin\Desktop\BonziWORLDTheNextLevel_2.2.1.exe" C:\Users\admin\Desktop\BonziWORLDTheNextLevel_2.2.1.exe
explorer.exe
User:
admin
Company:
[email protected]
Integrity Level:
MEDIUM
Description:
BonziWORLD: The Next Level
Exit code:
0
Version:
2.2.1
Modules
Images
c:\users\admin\desktop\bonziworldthenextlevel_2.2.1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
2356"C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\BonziWORLD The Next Level.exe" C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\BonziWORLD The Next Level.exeexplorer.exe
User:
admin
Company:
[email protected]
Integrity Level:
MEDIUM
Description:
BonziWORLD: The Next Level
Version:
2.2.1
Modules
Images
c:\users\admin\appdata\local\programs\bonziworld the next level\bonziworld the next level.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2428"C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\BonziWORLD The Next Level.exe" --type=renderer --no-sandbox --field-trial-handle=1612,15831248924669192774,8135185027408990384,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\resources\app" --enable-plugins --no-sandbox --no-zygote --context-isolation --background-color=#fff --enable-spellcheck --enable-websql --disable-electron-site-instance-overrides --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\BonziWORLD The Next Level.exeBonziWORLD The Next Level.exe
User:
admin
Company:
[email protected]
Integrity Level:
MEDIUM
Description:
BonziWORLD: The Next Level
Version:
2.2.1
Modules
Images
c:\users\admin\appdata\local\programs\bonziworld the next level\bonziworld the next level.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
4540"C:\WINDOWS\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BonziWORLD The Next Level.exe" /FO csv | "C:\WINDOWS\system32\find.exe" "BonziWORLD The Next Level.exe"C:\Windows\SysWOW64\cmd.exeBonziWORLDTheNextLevel_2.2.1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
5416"C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\BonziWORLD The Next Level.exe" --type=gpu-process --field-trial-handle=1612,15831248924669192774,8135185027408990384,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --no-sandbox --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1616 /prefetch:2C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\BonziWORLD The Next Level.exeBonziWORLD The Next Level.exe
User:
admin
Company:
[email protected]
Integrity Level:
MEDIUM
Description:
BonziWORLD: The Next Level
Version:
2.2.1
Modules
Images
c:\users\admin\appdata\local\programs\bonziworld the next level\bonziworld the next level.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\users\admin\appdata\local\programs\bonziworld the next level\ffmpeg.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\uiautomationcore.dll
6540"C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\BonziWORLD The Next Level.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,15831248924669192774,8135185027408990384,131072 --enable-features=WebComponentsV0Enabled --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --no-sandbox --mojo-platform-channel-handle=1668 /prefetch:8C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\BonziWORLD The Next Level.exe
BonziWORLD The Next Level.exe
User:
admin
Company:
[email protected]
Integrity Level:
MEDIUM
Description:
BonziWORLD: The Next Level
Version:
2.2.1
Modules
Images
c:\users\admin\appdata\local\programs\bonziworld the next level\bonziworld the next level.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6768tasklist /FI "USERNAME eq admin" /FI "IMAGENAME eq BonziWORLD The Next Level.exe" /FO csv C:\Windows\SysWOW64\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6900\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7084"C:\WINDOWS\system32\find.exe" "BonziWORLD The Next Level.exe"C:\Windows\SysWOW64\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (grep) Utility
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\find.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
8 946
Read events
8 915
Write events
13
Delete events
18

Modification events

(PID) Process:(1204) BonziWORLDTheNextLevel_2.2.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\fb239a0a-e5a3-5fe6-b21d-5f032827c9b3
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level
(PID) Process:(1204) BonziWORLDTheNextLevel_2.2.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\fb239a0a-e5a3-5fe6-b21d-5f032827c9b3
Operation:writeName:KeepShortcuts
Value:
true
(PID) Process:(1204) BonziWORLDTheNextLevel_2.2.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\fb239a0a-e5a3-5fe6-b21d-5f032827c9b3
Operation:writeName:ShortcutName
Value:
BonziWORLD The Next Level
(PID) Process:(1204) BonziWORLDTheNextLevel_2.2.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb239a0a-e5a3-5fe6-b21d-5f032827c9b3
Operation:writeName:DisplayName
Value:
BonziWORLD: The Next Level 2.2.1
(PID) Process:(1204) BonziWORLDTheNextLevel_2.2.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb239a0a-e5a3-5fe6-b21d-5f032827c9b3
Operation:writeName:UninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\Uninstall BonziWORLD The Next Level.exe" /currentuser
(PID) Process:(1204) BonziWORLDTheNextLevel_2.2.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb239a0a-e5a3-5fe6-b21d-5f032827c9b3
Operation:writeName:QuietUninstallString
Value:
"C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\Uninstall BonziWORLD The Next Level.exe" /currentuser /S
(PID) Process:(1204) BonziWORLDTheNextLevel_2.2.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb239a0a-e5a3-5fe6-b21d-5f032827c9b3
Operation:writeName:DisplayVersion
Value:
2.2.1
(PID) Process:(1204) BonziWORLDTheNextLevel_2.2.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb239a0a-e5a3-5fe6-b21d-5f032827c9b3
Operation:writeName:DisplayIcon
Value:
C:\Users\admin\AppData\Local\Programs\BonziWORLD The Next Level\BonziWORLD The Next Level.exe,0
(PID) Process:(1204) BonziWORLDTheNextLevel_2.2.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb239a0a-e5a3-5fe6-b21d-5f032827c9b3
Operation:writeName:Publisher
(PID) Process:(1204) BonziWORLDTheNextLevel_2.2.1.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb239a0a-e5a3-5fe6-b21d-5f032827c9b3
Operation:writeName:NoModify
Value:
1
Executable files
28
Suspicious files
671
Text files
222
Unknown types
0

Dropped files

PID
Process
Filename
Type
1204BonziWORLDTheNextLevel_2.2.1.exeC:\Users\admin\AppData\Local\Temp\nsmEAC9.tmp\app-64.7z
MD5:
SHA256:
1204BonziWORLDTheNextLevel_2.2.1.exeC:\Users\admin\AppData\Local\Temp\nsmEAC9.tmp\7z-out\icudtl.dat
MD5:
SHA256:
1204BonziWORLDTheNextLevel_2.2.1.exeC:\Users\admin\AppData\Local\Temp\nsmEAC9.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
1204BonziWORLDTheNextLevel_2.2.1.exeC:\Users\admin\AppData\Local\Temp\nsmEAC9.tmp\nsDialogs.dllexecutable
MD5:466179E1C8EE8A1FF5E4427DBB6C4A01
SHA256:1E40211AF65923C2F4FD02CE021458A7745D28E2F383835E3015E96575632172
1204BonziWORLDTheNextLevel_2.2.1.exeC:\Users\admin\AppData\Local\Temp\nsmEAC9.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
1204BonziWORLDTheNextLevel_2.2.1.exeC:\Users\admin\AppData\Local\Temp\nsmEAC9.tmp\StdUtils.dllexecutable
MD5:C6A6E03F77C313B267498515488C5740
SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
1204BonziWORLDTheNextLevel_2.2.1.exeC:\Users\admin\AppData\Local\Temp\nsmEAC9.tmp\7z-out\locales\ca.pakbinary
MD5:D92F01E66DBEFBE28D9DDC0A0B318258
SHA256:14E99F4D94868A454F40EE8E0F62D056E0ABB303CAF6E184A9A61BDEC18AC271
1204BonziWORLDTheNextLevel_2.2.1.exeC:\Users\admin\AppData\Local\Temp\nsmEAC9.tmp\nsExec.dllexecutable
MD5:EC0504E6B8A11D5AAD43B296BEEB84B2
SHA256:5D9CEB1CE5F35AEA5F9E5A0C0EDEEEC04DFEFE0C77890C80C70E98209B58B962
1204BonziWORLDTheNextLevel_2.2.1.exeC:\Users\admin\AppData\Local\Temp\nsmEAC9.tmp\7z-out\locales\en-GB.pakbinary
MD5:32F8D0492B73CE67DF70C2F6B65A9DB6
SHA256:C4FDFA9C6F30AD657BF12CCB95F70542A0FADE45D8490259A4507629F4B33299
1204BonziWORLDTheNextLevel_2.2.1.exeC:\Users\admin\AppData\Local\Temp\nsmEAC9.tmp\7z-out\locales\ar.pakbinary
MD5:985EFAD36A2C07C95FC304319D6CD1F1
SHA256:1CDEF40BA8343E7F826C2020906915EFAAC5E56F543CD2ED6EBF704882525D8C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
41
TCP/UDP connections
50
DNS requests
19
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5944
MoUsoCoreWorker.exe
GET
200
23.72.36.90:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.72.36.90:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
69.192.161.161:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.72.36.90:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
POST
400
40.126.31.69:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
POST
400
20.190.159.130:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
204 b
POST
400
20.190.159.75:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
204 b
POST
400
20.190.159.0:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.72.36.90:80
crl.microsoft.com
Akamai International B.V.
IE
whitelisted
5944
MoUsoCoreWorker.exe
23.72.36.90:80
crl.microsoft.com
Akamai International B.V.
IE
whitelisted
23.72.36.90:80
crl.microsoft.com
Akamai International B.V.
IE
whitelisted
1268
svchost.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5944
MoUsoCoreWorker.exe
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
69.192.161.161:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
whitelisted
google.com
  • 142.250.187.174
whitelisted
crl.microsoft.com
  • 23.72.36.90
  • 23.72.36.123
  • 23.72.36.115
  • 23.72.36.98
  • 23.72.36.131
  • 23.72.36.128
  • 23.72.36.104
  • 23.72.36.107
  • 23.72.36.106
  • 23.72.36.177
  • 23.72.36.138
  • 23.72.36.161
  • 23.72.36.168
  • 23.72.36.176
  • 23.72.36.160
  • 23.72.36.120
whitelisted
www.microsoft.com
  • 69.192.161.161
  • 23.40.125.183
whitelisted
login.live.com
  • 40.126.31.1
  • 20.190.159.0
  • 40.126.31.0
  • 40.126.31.3
  • 20.190.159.23
  • 20.190.159.75
  • 20.190.159.130
  • 40.126.31.69
whitelisted
slscr.update.microsoft.com
  • 74.178.76.128
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
jlm5pubfmy69rgtvxjcrtvdpqbzhx7ec4w3snaas.onrender.com
  • 216.24.57.7
  • 216.24.57.251
unknown
self.events.data.microsoft.com
  • 40.79.167.8
whitelisted
activation-v2.sls.microsoft.com
  • 4.154.209.85
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Host dynamic web apps service (.onrender .com)
2200
svchost.exe
Misc activity
ET INFO DNS Query to Online Application Hosting Domain (onrender .com)
6540
BonziWORLD The Next Level.exe
Misc activity
ET INFO Observed Online Application Hosting Domain (onrender .com in TLS SNI)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
BonziWORLDTheNextLevel_2.2.1.exe