File name:

BonzifyDONOTUSEONHOSTMANCHINE.zip

Full analysis: https://app.any.run/tasks/2462ab73-5987-4bed-9515-6a98d8d9fefa
Verdict: Malicious activity
Analysis date: October 04, 2019, 16:57:31
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

E7217F2A4848EBB0020CA09A635DC3D7

SHA1:

7B5DCB93B0047DEAB8A8AF0BD176C226FE1E9EFD

SHA256:

25583E032BB8D882A70EFBD1A7990AF70B09A8EC384A244FDAB6F807E16080CC

SSDEEP:

98304:m8oleb6y2+cFSgSyv0vdiCkeIXUo3oybZ2ea71WFtI1oSmeRA+98Dp0xl9OEelng:mnC6y2+caliZlB339257YS0Dp0xQV7M

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • INSTALLER.exe (PID: 2404)
      • Bonzify.exe (PID: 2468)
      • INSTALLER.exe (PID: 3820)
      • Bonzify.exe (PID: 2404)

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 1472)
      • regsvr32.exe (PID: 3140)
      • AgentSvr.exe (PID: 3184)
      • regsvr32.exe (PID: 552)
      • INSTALLER.exe (PID: 2404)
      • INSTALLER.exe (PID: 3820)
      • DllHost.exe (PID: 2300)
      • SearchProtocolHost.exe (PID: 3624)
      • WerFault.exe (PID: 3604)
      • svchost.exe (PID: 956)
      • conhost.exe (PID: 2620)
      • explorer.exe (PID: 4092)
      • cleanmgr.exe (PID: 1124)
      • reader_sl.exe (PID: 2504)
      • sigverif.exe (PID: 3216)
      • WMIC.exe (PID: 3480)
      • conhost.exe (PID: 3940)
      • Microsoft.Workflow.Compiler.exe (PID: 668)
      • conhost.exe (PID: 2044)
      • conhost.exe (PID: 2444)
      • wuapp.exe (PID: 2672)
      • WerFault.exe (PID: 1128)
      • ielowutil.exe (PID: 3356)
      • WINWORD.EXE (PID: 3908)
      • WerFault.exe (PID: 3088)
      • svchost.exe (PID: 3124)
      • explorer.exe (PID: 2180)
      • conhost.exe (PID: 3944)
      • conhost.exe (PID: 2328)
      • iexplore.exe (PID: 3988)
      • svchost.exe (PID: 2832)
      • explorer.exe (PID: 1944)
      • sethc.exe (PID: 4012)
      • cmbins.exe (PID: 2684)
      • WerFault.exe (PID: 2368)
      • TRACERT.EXE (PID: 2000)
      • WerFault.exe (PID: 3012)
      • WerFault.exe (PID: 3256)
      • WerFault.exe (PID: 2704)
      • conhost.exe (PID: 3468)
      • dfsvc.exe (PID: 1420)
      • AppLaunch.exe (PID: 2556)
      • ehsched.exe (PID: 292)
      • svchost.exe (PID: 3964)
      • iexplore.exe (PID: 3008)
      • ntvdm.exe (PID: 3240)
      • msinfo32.exe (PID: 4016)
      • conhost.exe (PID: 3580)
      • conhost.exe (PID: 3584)
      • svchost.exe (PID: 3172)
      • conhost.exe (PID: 2236)
      • where.exe (PID: 3164)
      • PresentationSettings.exe (PID: 1868)
      • WerFaultSecure.exe (PID: 2104)
      • conhost.exe (PID: 2228)
      • qwinsta.exe (PID: 2552)
      • dpnsvr.exe (PID: 3648)
      • cmd.exe (PID: 2244)
      • conhost.exe (PID: 312)

    • Registers / Runs the DLL via REGSVR32.EXE

      • INSTALLER.exe (PID: 3820)
      • INSTALLER.exe (PID: 2404)

    • Changes the autorun value in the registry

      • INSTALLER.exe (PID: 3820)
      • Bonzify.exe (PID: 2468)
      • conhost.exe (PID: 3940)
      • explorer.exe (PID: 2180)
      • iexplore.exe (PID: 3988)
      • conhost.exe (PID: 3468)
      • conhost.exe (PID: 3580)

    • Loads the Task Scheduler COM API

      • explorer.exe (PID: 4092)

    • Changes internet zones settings

      • explorer.exe (PID: 4092)
      • cleanmgr.exe (PID: 1124)
      • sigverif.exe (PID: 3216)
      • reader_sl.exe (PID: 2504)
      • conhost.exe (PID: 2328)
      • iexplore.exe (PID: 3988)
      • conhost.exe (PID: 3468)
      • WerFault.exe (PID: 3012)
      • conhost.exe (PID: 3580)
      • conhost.exe (PID: 3584)

    • Changes AppInit_DLLs value (autorun option)

      • Bonzify.exe (PID: 2468)

    • Runs app for hidden code execution

      • WerFault.exe (PID: 3012)

    • Changes Windows Error Reporting flag

      • svchost.exe (PID: 3172)

  • SUSPICIOUS

    • Removes files from Windows directory

      • INSTALLER.exe (PID: 2404)
      • INSTALLER.exe (PID: 3820)

    • Creates COM task schedule object

      • regsvr32.exe (PID: 3400)
      • regsvr32.exe (PID: 3604)
      • regsvr32.exe (PID: 3380)
      • regsvr32.exe (PID: 2556)
      • regsvr32.exe (PID: 3636)
      • regsvr32.exe (PID: 2604)
      • regsvr32.exe (PID: 3688)
      • regsvr32.exe (PID: 552)
      • regsvr32.exe (PID: 3140)
      • explorer.exe (PID: 4092)
      • cleanmgr.exe (PID: 1124)
      • reader_sl.exe (PID: 2504)
      • sigverif.exe (PID: 3216)
      • wuapp.exe (PID: 2672)
      • conhost.exe (PID: 2328)
      • iexplore.exe (PID: 3988)
      • WerFault.exe (PID: 3012)
      • conhost.exe (PID: 3468)
      • conhost.exe (PID: 3584)
      • conhost.exe (PID: 3580)

    • Creates files in the Windows directory

      • INSTALLER.exe (PID: 2404)
      • INSTALLER.exe (PID: 3820)
      • Bonzify.exe (PID: 2468)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 772)
      • INSTALLER.exe (PID: 3820)
      • Bonzify.exe (PID: 2468)

    • Starts CMD.EXE for commands execution

      • Bonzify.exe (PID: 2468)
      • WerFault.exe (PID: 3012)

    • Creates a software uninstall entry

      • INSTALLER.exe (PID: 3820)
      • iexplore.exe (PID: 3988)

    • Starts SC.EXE for service management

      • explorer.exe (PID: 4092)

    • Executes application which crashes

      • sigverif.exe (PID: 3216)
      • WerFault.exe (PID: 3012)

    • Changes IE settings (feature browser emulation)

      • Microsoft.Workflow.Compiler.exe (PID: 668)

    • Uses ICACLS.EXE to modify access control list

      • cmd.exe (PID: 1928)

    • Executed via COM

      • explorer.exe (PID: 2180)

    • Starts itself from another location

      • WerFault.exe (PID: 3012)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 1928)

    • Modifies the open verb of a shell class

      • iexplore.exe (PID: 3988)
      • WerFault.exe (PID: 3012)

    • Application launched itself

      • iexplore.exe (PID: 3988)

  • INFO

    • Manual execution by user

      • WinRAR.exe (PID: 772)
      • Bonzify.exe (PID: 2404)
      • Bonzify.exe (PID: 2468)
      • SndVol.exe (PID: 3400)

    • Dropped object may contain Bitcoin addresses

      • Bonzify.exe (PID: 2468)

    • Application was crashed

      • SearchProtocolHost.exe (PID: 3624)
      • explorer.exe (PID: 4092)
      • conhost.exe (PID: 3940)
      • explorer.exe (PID: 1944)
      • explorer.exe (PID: 2180)
      • sigverif.exe (PID: 3216)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2018:12:31 23:30:28
ZipCRC: 0x1f63e226
ZipCompressedSize: 5871582
ZipUncompressedSize: 6700544
ZipFileName: Bonzify.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
159
Monitored processes
102
Malicious processes
16
Suspicious processes
4

Behavior graph

Click at the process to see the details
start drop and start drop and start winrar.exe no specs winrar.exe searchprotocolhost.exe no specs bonzify.exe no specs bonzify.exe cmd.exe no specs taskkill.exe no specs takeown.exe no specs icacls.exe no specs installer.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs agentsvr.exe no specs sndvol.exe no specs grpconv.exe no specs installer.exe regsvr32.exe no specs regsvr32.exe no specs grpconv.exe no specs agentsvr.exe explorer.exe Thumbnail Cache Out of Proc Server no specs searchprotocolhost.exe svchost.exe no specs werfault.exe no specs cleanmgr.exe sc.exe no specs conhost.exe no specs reader_sl.exe no specs setupsqm.exe no specs sigverif.exe wmic.exe no specs conhost.exe no specs microsoft.workflow.compiler.exe no specs conhost.exe svchost.exe no specs conhost.exe no specs wuapp.exe no specs winword.exe no specs werfault.exe no specs ielowutil.exe no specs werfault.exe no specs sethc.exe no specs explorer.exe explorer.exe chglogon.exe no specs conhost.exe no specs iexplore.exe taskeng.exe no specs hh.exe no specs werfault.exe no specs werfault.exe no specs tracert.exe no specs cmbins.exe no specs svchost.exe no specs conhost.exe no specs cmdkey.exe no specs smsvchost.exe no specs werfault.exe no specs werfault.exe no specs wsmanhttpconfig.exe no specs imjpdsvr.exe no specs atbroker.exe no specs werfault.exe datasvcutil.exe no specs rtlcpl.exe no specs dfsvc.exe no specs aspnet_wp.exe no specs dfsvc.exe no specs ehsched.exe no specs ntvdm.exe no specs rmactivate_ssp.exe no specs conhost.exe applaunch.exe no specs svchost.exe no specs where.exe no specs iexplore.exe no specs wpnpinst.exe no specs icardagt.exe no specs msinfo32.exe no specs conhost.exe presentationsettings.exe no specs smss.exe no specs systempropertiescomputername.exe no specs werfaultsecure.exe no specs qwinsta.exe no specs conhost.exe no specs dpnsvr.exe no specs cmd.exe no specs conhost.exe no specs wbengine.exe no specs pushprinterconnections.exe no specs xpsrchvw.exe no specs svchost.exe no specs conhost.exe no specs conhost.exe no specs brmfrsmg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
292"C:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_a54954fd9d61ab4b\ehsched.exe"C:\Windows\winsxs\x86_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_a54954fd9d61ab4b\ehsched.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Center Scheduler Service
Exit code:
2147942405
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\winsxs\x86_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_a54954fd9d61ab4b\ehsched.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
312\??\C:\Windows\system32\conhost.exeC:\Windows\system32\conhost.execsrss.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\conhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
552regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dllC:\Windows\system32\regsvr32.exeINSTALLER.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
668"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exereader_sl.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft.Workflow.Compiler.exe
Exit code:
0
Version:
4.7.3062.0 built by: NET472REL1
Modules
Images
c:\windows\microsoft.net\framework\v4.0.30319\microsoft.workflow.compiler.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
772"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\BonzifyDONOTUSEONHOSTMANCHINE.zip" C:\Users\admin\Desktop\BonzifyDONOTUSEONHOSTMANCHINE\C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
956C:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\System32\svchost.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Exit code:
3221226356
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\svchost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wersvc.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\faultrep.dll
1124"C:\Windows\System32\cleanmgr.exe"C:\Windows\System32\cleanmgr.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Disk Space Cleanup Manager for Windows
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\cleanmgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1128C:\Windows\system32\WerFault.exe -u -p 4092 -s 2100C:\Windows\system32\WerFault.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Exit code:
3221226356
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\werfault.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1148"C:\Windows\System32\chglogon.exe"C:\Windows\System32\chglogon.exewuapp.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change Logon Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\chglogon.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
1420"C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exereader_sl.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
ClickOnce
Exit code:
3221226356
Version:
4.7.3062.0 built by: NET472REL1
Modules
Images
c:\windows\microsoft.net\framework\v4.0.30319\dfsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
8 130
Read events
2 640
Write events
5 472
Delete events
18

Modification events

(PID) Process:(3696) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3696) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3696) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3696) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\BonzifyDONOTUSEONHOSTMANCHINE.zip
(PID) Process:(3696) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3696) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3696) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3696) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3696) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(3696) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
15
Suspicious files
20
Text files
29
Unknown types
6

Dropped files

PID
Process
Filename
Type
772WinRAR.exeC:\Users\admin\Desktop\BonzifyDONOTUSEONHOSTMANCHINE\Bonzify.ipdbbinary
MD5:
SHA256:
772WinRAR.exeC:\Users\admin\Desktop\BonzifyDONOTUSEONHOSTMANCHINE\Bonzify.iobjbinary
MD5:
SHA256:
772WinRAR.exeC:\Users\admin\Desktop\BonzifyDONOTUSEONHOSTMANCHINE\HookDLL.pdbpdb
MD5:
SHA256:
772WinRAR.exeC:\Users\admin\Desktop\BonzifyDONOTUSEONHOSTMANCHINE\HookDLL.ipdbbinary
MD5:
SHA256:
3820INSTALLER.exeC:\Windows\lhsp\tv\SETE75F.tmp
MD5:
SHA256:
772WinRAR.exeC:\Users\admin\Desktop\BonzifyDONOTUSEONHOSTMANCHINE\HookDLL.iobjbinary
MD5:
SHA256:
3820INSTALLER.exeC:\Windows\lhsp\tv\SETE770.tmp
MD5:
SHA256:
772WinRAR.exeC:\Users\admin\Desktop\BonzifyDONOTUSEONHOSTMANCHINE\HookDLL.dllexecutable
MD5:
SHA256:
3820INSTALLER.exeC:\Windows\lhsp\help\SETE781.tmp
MD5:
SHA256:
772WinRAR.exeC:\Users\admin\Desktop\BonzifyDONOTUSEONHOSTMANCHINE\Bonzify.pdbpdb
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
Process
Message
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
BonzifyDONOTUSEONHOSTMANCHINE.zip