File name:

Bonzify.exe

Full analysis: https://app.any.run/tasks/19ec96c4-ae8a-405b-88ef-c6f3841fa8f8
Verdict: Malicious activity
Analysis date: January 06, 2024, 00:02:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

7E5FBEA7EE5A03D2C6DEE20854DEED2E

SHA1:

E3D6D23BACC182E8036FB5E38D9E8FD26830045C

SHA256:

E369B688C86695960657DCF3CF63626C8C47095832C4A85E2D317E31AB8EF497

SSDEEP:

98304:5YFIsQd4i6QcdsbjxHqi/iXrPFt4BZkHj+Ml8TV9EFvxiKJT+7L51fo6bxHKrDWt:5yQ8nQqClXF

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • INSTALLER.exe (PID: 2052)
      • INSTALLER.exe (PID: 2792)

    • Creates a writable file in the system directory

      • INSTALLER.exe (PID: 2792)

    • Changes the AppInit_DLLs value (autorun option)

      • Bonzify.exe (PID: 2644)

    • Changes the autorun value in the registry

      • PrintIsolationHost.exe (PID: 3900)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • Bonzify.exe (PID: 2644)

    • Executing commands from a ".bat" file

      • Bonzify.exe (PID: 2644)

    • Takes ownership (TAKEOWN.EXE)

      • cmd.exe (PID: 2620)

    • Uses ICACLS.EXE to modify access control lists

      • cmd.exe (PID: 2620)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 2620)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 984)
      • chrome.exe (PID: 532)
      • chrome.exe (PID: 3772)
      • PrintIsolationHost.exe (PID: 3900)
      • chrome.exe (PID: 1432)
      • iexplore.exe (PID: 3024)
      • chrome.exe (PID: 4664)

    • Changes internet zones settings

      • PrintIsolationHost.exe (PID: 3900)
      • PresentationFontCache.exe (PID: 4172)

    • Modifies the phishing filter of IE

      • PresentationFontCache.exe (PID: 4172)

    • The system shut down or reboot

      • chrome.exe (PID: 532)

  • INFO

    • Drops the executable file immediately after the start

      • Bonzify.exe (PID: 956)
      • Bonzify.exe (PID: 2644)
      • INSTALLER.exe (PID: 2792)
      • INSTALLER.exe (PID: 2052)

    • Checks supported languages

      • Bonzify.exe (PID: 956)
      • Bonzify.exe (PID: 2644)
      • INSTALLER.exe (PID: 2792)
      • AgentSvr.exe (PID: 2884)
      • wmpnscfg.exe (PID: 2444)
      • wmpnscfg.exe (PID: 2580)
      • pcawrk.exe (PID: 2724)
      • mscorsvw.exe (PID: 3516)
      • WindowsAnytimeUpgradeResults.exe (PID: 2764)
      • INSTALLER.exe (PID: 2052)
      • winlogon.exe (PID: 1832)
      • odbcconf.exe (PID: 5408)
      • ieinstal.exe (PID: 2112)
      • AgentSvr.exe (PID: 2724)
      • WSManHTTPConfig.exe (PID: 4808)
      • PresentationFontCache.exe (PID: 4172)
      • TabTip.exe (PID: 4692)
      • lsass.exe (PID: 4524)
      • charmap.exe (PID: 4984)
      • upnpcont.exe (PID: 4980)
      • mcupdate.exe (PID: 5260)
      • dw20.exe (PID: 4552)

    • Manual execution by a user

      • Bonzify.exe (PID: 2644)
      • wmpnscfg.exe (PID: 2444)
      • pcawrk.exe (PID: 2724)
      • wmpnscfg.exe (PID: 2580)
      • MuiUnattend.exe (PID: 2520)
      • imjppdmg.exe (PID: 3968)
      • BdeUISrv.exe (PID: 3100)
      • chrome.exe (PID: 3772)
      • esentutl.exe (PID: 3888)
      • WindowsAnytimeUpgradeResults.exe (PID: 2764)
      • chrome.exe (PID: 532)
      • MdSched.exe (PID: 3196)
      • ieUnatt.exe (PID: 664)
      • mtstocom.exe (PID: 5276)
      • cmdkey.exe (PID: 5528)
      • iexplore.exe (PID: 3024)
      • chrome.exe (PID: 4664)

    • Create files in a temporary directory

      • Bonzify.exe (PID: 2644)
      • INSTALLER.exe (PID: 2052)
      • INSTALLER.exe (PID: 2792)

    • Process drops legitimate windows executable

      • Bonzify.exe (PID: 2644)
      • INSTALLER.exe (PID: 2792)
      • INSTALLER.exe (PID: 2052)

    • Reads the computer name

      • INSTALLER.exe (PID: 2792)
      • Bonzify.exe (PID: 2644)
      • AgentSvr.exe (PID: 2884)
      • wmpnscfg.exe (PID: 2444)
      • wmpnscfg.exe (PID: 2580)
      • mscorsvw.exe (PID: 3516)
      • WindowsAnytimeUpgradeResults.exe (PID: 2764)
      • INSTALLER.exe (PID: 2052)
      • upnpcont.exe (PID: 4980)

    • Reads the machine GUID from the registry

      • Bonzify.exe (PID: 2644)
      • AgentSvr.exe (PID: 2884)
      • odbcconf.exe (PID: 5408)
      • PresentationFontCache.exe (PID: 4172)
      • upnpcont.exe (PID: 4980)
      • WindowsAnytimeUpgradeResults.exe (PID: 2764)

    • Application launched itself

      • chrome.exe (PID: 3772)
      • chrome.exe (PID: 532)
      • chrome.exe (PID: 4664)
      • iexplore.exe (PID: 3024)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 MS Cabinet Self-Extractor (WExtract stub) (80.4)
.exe | Win32 Executable MS Visual C++ (generic) (8.2)
.exe | Win64 Executable (generic) (7.3)
.dll | Win32 Dynamic Link Library (generic) (1.7)
.exe | Win32 Executable (generic) (1.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:11:07 19:29:20+01:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 4096
InitializedDataSize: 3719680
UninitializedDataSize: -
EntryPoint: 0x16b0
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
285
Monitored processes
89
Malicious processes
8
Suspicious processes
3

Behavior graph

Click at the process to see the details
start bonzify.exe bonzify.exe cmd.exe no specs taskkill.exe no specs takeown.exe no specs icacls.exe no specs installer.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs agentsvr.exe no specs grpconv.exe no specs installer.exe no specs regsvr32.exe no specs regsvr32.exe no specs grpconv.exe no specs agentsvr.exe wmpnscfg.exe no specs wmpnscfg.exe no specs pcawrk.exe no specs muiunattend.exe no specs bdeuisrv.exe no specs imjppdmg.exe no specs mscorsvw.exe no specs chrome.exe no specs chrome.exe esentutl.exe no specs ntoskrnl.exe no specs chrome.exe no specs chrome.exe no specs configureieoptionalcomponents.exe no specs windowsanytimeupgraderesults.exe no specs chrome.exe no specs chrome.exe no specs ieunatt.exe no specs rundll32.exe no specs repair-bde.exe no specs chrome.exe no specs fveupdate.exe no specs chrome.exe no specs imscprop.exe no specs shutdown.exe no specs mdsched.exe no specs winlogon.exe no specs change.exe no specs printisolationhost.exe iexplore.exe no specs ntoskrnl.exe no specs fsquirt.exe no specs presentationfontcache.exe no specs wbemtest.exe no specs chrome.exe no specs dw20.exe no specs helppane.exe no specs expand.exe no specs chrome.exe no specs rmclient.exe no specs chrome.exe no specs chrome.exe no specs wsmanhttpconfig.exe no specs doskey.exe no specs mtstocom.exe no specs odbcconf.exe no specs ntoskrnl.exe no specs cmdkey.exe no specs chkdsk.exe no specs chrome.exe no specs runas.exe no specs chkdsk.exe no specs ieinstal.exe no specs poqexec.exe no specs cscript.exe no specs lsass.exe no specs cleanmgr.exe no specs tabtip.exe no specs appidpolicyconverter.exe no specs rstrui.exe no specs upnpcont.exe no specs charmap.exe no specs rstrui.exe no specs caspol.exe no specs iexplore.exe no specs diagtrackrunner.exe no specs mcupdate.exe no specs bonzify.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
240regsvr32 /s C:\Windows\lhsp\tv\tv_enua.dllC:\Windows\System32\regsvr32.exeINSTALLER.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
532"C:\Program Files\Google\Chrome\Application\chrome.exe" "--disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction,OptimizationHints"C:\Program Files\Google\Chrome\Application\chrome.exeexplorer.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
664"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7601.17514_none_4c23b12bef429251\ieUnatt.exe"C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7601.17514_none_4c23b12bef429251\ieUnatt.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
IE 7.0 Unattended Install Utility
Exit code:
0
Version:
8.00.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7601.17514_none_4c23b12bef429251\ieunatt.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
956"C:\Users\admin\Desktop\Bonzify.exe" C:\Users\admin\Desktop\Bonzify.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\bonzify.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
984regsvr32 /s "C:\Windows\msagent\AgentCtl.dll"C:\Windows\System32\regsvr32.exeINSTALLER.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1268regsvr32 /s "C:\Windows\msagent\AgentDP2.dll"C:\Windows\System32\regsvr32.exeINSTALLER.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1388"C:\Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_fa237f5ab41ca1cf\fsquirt.exe"C:\Windows\System32\DriverStore\FileRepository\bth.inf_x86_neutral_fa237f5ab41ca1cf\fsquirt.exechrome.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.1.7601.24511 (win7sp1_ldr_escrow.190729-1700)
1432"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xe4,0xe8,0xec,0xb8,0xf0,0x6dcb8b38,0x6dcb8b48,0x6dcb8b54C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1736"C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.1.7601.18523_none_403420e1ac8197f0\CasPol.exe"C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.1.7601.18523_none_403420e1ac8197f0\CasPol.exechrome.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft .NET Framework CAS Policy Manager
Exit code:
0
Version:
2.0.50727.5483 (Win7SP1GDR.050727-5400)
Modules
Images
c:\windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.1.7601.18523_none_403420e1ac8197f0\caspol.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
1768icacls C:\Windows\MsAgent /c /t /grant "everyone":(f)C:\Windows\System32\icacls.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
4 738
Read events
3 194
Write events
1 527
Delete events
17

Modification events

(PID) Process:(984) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Control
Operation:delete keyName:(default)
Value:
(PID) Process:(984) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(984) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus\1
Operation:delete keyName:(default)
Value:
(PID) Process:(984) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\MiscStatus
Operation:delete keyName:(default)
Value:
(PID) Process:(984) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ProgID
Operation:delete keyName:(default)
Value:
(PID) Process:(984) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Programmable
Operation:delete keyName:(default)
Value:
(PID) Process:(984) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\ToolboxBitmap32
Operation:delete keyName:(default)
Value:
(PID) Process:(984) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\TypeLib
Operation:delete keyName:(default)
Value:
(PID) Process:(984) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\Version
Operation:delete keyName:(default)
Value:
(PID) Process:(984) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F}\VersionIndependentProgID
Operation:delete keyName:(default)
Value:
Executable files
54
Suspicious files
30
Text files
15
Unknown types
0

Dropped files

PID
Process
Filename
Type
2644Bonzify.exeC:\Windows\executables.binbinary
MD5:F3160BA7F8BB9D7A9C6080EF2C9869C5
SHA256:F6A3286714A661612EAC65E4A6CB78736C370492151B692A8F1E666740C0A00E
2052INSTALLER.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\AGT0409.DLLexecutable
MD5:0CBF0F4C9E54D12D34CD1A772BA799E1
SHA256:6B0B57E5B27D901F4F106B236C58D0B2551B384531A8F3DAD6C06ED4261424B1
2052INSTALLER.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\AGENTMPX.DLLexecutable
MD5:4FBBAAC42CF2ECB83543F262973D07C0
SHA256:6550582E41FC53B8A7CCDF9AC603216937C6FF2A28E9538610ADB7E67D782AB5
2052INSTALLER.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\AGENTSR.DLLexecutable
MD5:9FAFB9D0591F2BE4C2A846F63D82D301
SHA256:E78E74C24D468284639FAF9DCFDBA855F3E4F00B2F26DB6B2C491FA51DA8916D
2052INSTALLER.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\AGENTDPV.DLLexecutable
MD5:7C5AEFB11E797129C9E90F279FBDF71B
SHA256:394A17150B8774E507B8F368C2C248C10FCE50FC43184B744E771F0E79ECAFED
2052INSTALLER.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\AGENTPSH.DLLexecutable
MD5:B4AC608EBF5A8FDEFA2D635E83B7C0E8
SHA256:8414DFE399813B7426C235BA1E625BD2B5635C8140DA0D0CFC947F6565FE415F
2052INSTALLER.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\AGTEULA.TXTtext
MD5:7070B77ED401307D2E9A0F8EAAAA543B
SHA256:225D227ABBD45BF54D01DFC9FA6E54208BF5AE452A32CC75B15D86456A669712
2052INSTALLER.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\AGENTANM.DLLexecutable
MD5:48C00A7493B28139CBF197CCC8D1F9ED
SHA256:905CB1A15ECCAA9B79926EE7CFE3629A6F1C6B24BDD6CEA9CCB9EBC9EAA92FF7
2644Bonzify.exeC:\Users\admin\AppData\Local\Temp\TakeOwn.battext
MD5:E5F461B27469D58FCFFDAEA1BA1E0172
SHA256:8EA7E9F2130A1B1ACA020740E8F81623761EFAA3F5FE0D34C730F4641480250D
2052INSTALLER.exeC:\Users\admin\AppData\Local\Temp\IXP000.TMP\AGT0409.HLPbinary
MD5:466D35E6A22924DD846A043BC7DD94B8
SHA256:E4CCF06706E68621BB69ADD3DD88FED82D30AD8778A55907D33F6D093AC16801
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
AgentSvr.exe
ClaimOutput
AgentSvr.exe
ClaimOutput
AgentSvr.exe
UnclaimOutput
AgentSvr.exe
UnclaimOutput
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Bonzify.exe