092129f26834f0f3453c3c0cf6fc450c8d9c00e8521a464affb3b5696ae7263c

Resubmissions

17/04/2024, 16:38

240417-t5dqqsha6t 8

17/04/2024, 16:29

17/04/2024, 16:16

17/04/2024, 16:13

17/04/2024, 16:11

17/04/2024, 16:01

17/04/2024, 15:53

Analysis

max time kernel
149s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
17/04/2024, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

settings.json
Size

717B
MD5

9524b55958a0e976a0b97cda97c12516
SHA1

c27592c0c683be473ccc0f1299a1a464f9f4792b
SHA256

092129f26834f0f3453c3c0cf6fc450c8d9c00e8521a464affb3b5696ae7263c
SHA512

cf122e2a291baa58a753bccc0f7cc0d93ab35f62bd39ffce5cba29e9455f904727d7496f70154254c154481adcd25f59137d993b81c0f8d7c2642a6624ec5407

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2248	BonziSetup.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578455650581180"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	BonziSetup.EXE
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	BonziSetup.EXE
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BonziSetup.EXE:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe
Token: SeShutdownPrivilege	2168	chrome.exe
Token: SeCreatePagefilePrivilege	2168	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4256	OpenWith.exe
4888	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 4688	2168	chrome.exe	96
PID 2168 wrote to memory of 4688	2168	chrome.exe	96
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 912	2168	chrome.exe	97
PID 2168 wrote to memory of 4088	2168	chrome.exe	98
PID 2168 wrote to memory of 4088	2168	chrome.exe	98
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99
PID 2168 wrote to memory of 4664	2168	chrome.exe	99

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\settings.json
1⤵
- Modifies registry class
PID:3152

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4256

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2584

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb1c18ab58,0x7ffb1c18ab68,0x7ffb1c18ab78
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:2
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4176 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4364 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4404 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4452 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4748 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3284 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3236 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4952 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2364 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5384 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5652 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3080 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3260 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4040 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5948 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4288 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5904 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4240 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3400 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5968 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4104 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6192 --field-trial-handle=1916,i,6467866211456701694,15025716360797290712,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Users\Admin\Downloads\BonziSetup.EXE
  "C:\Users\Admin\Downloads\BonziSetup.EXE"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:2248

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\69599525-0266-46f4-b24c-fab99f9227e9.tmp

Filesize
7KB

MD5
138b131cf330945cca1ae30ec64985f9

SHA1
655d53823a3dd1ea4b396e3411309b4cb21ee83f

SHA256
f0989cec8c7a318c7e249fcebd40ebaa9661348899fb4c35b44ab23874e1ec79

SHA512
231e44392649315cd07c84ed7ff678520dc5935a0de838c61822355379bfdc3349d7ef281c40f3ef332cbaa7bb455cad0baef28a21f05f198e91dabe1edbb879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
aa19e79efa9c87a5c0f54401b4767e01

SHA1
fab44d72e44ed9e5f773db84dec89ca7cdc7a994

SHA256
601e767140828380a0c4416e169ce6b6594a1de3b0dc481921c5d98d86f1b287

SHA512
acf38ee65f1fe551fa2a4b6027fbd790af10f699ee53b9d84071ac7a65ae2c9ee0a0709365df27b8cefa0e56a84f9871458100d1ff9e6f820e19e5db57df0053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
45b15eccd6dc0a4639b3e0d5bc277411

SHA1
4906bf5754e39f847fc6bf565be11c63adad750f

SHA256
2df7ee9ebc7c6cbd91d6a89509523f57aa38218bf7c39c2777c73a0deea475a8

SHA512
b70dc26991ea04063a0be429e9f751c4db4a513705448401d3752357c6aa845c7c763c20f79e97fb64a04c767e79ff5ffd495590665e755542ea4aeadc73f45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6f4d0bcb-a47e-431e-bdcf-9b979dbabacc.tmp

Filesize
1KB

MD5
91b5c737fe8b101a595c9e52d3b2e9bd

SHA1
ad511eb3291477684e63532d1794d7fd3acc2b2f

SHA256
69f2ed31ed086b0eb1cf8f624d6ba508daf15a860ff1886905999e3f43877c6f

SHA512
e09614ec9c375e8890d0e5d7455e56844a2e4d9dc217b5c9098ce86eba612462bfaa26d14cb257c91d30073cc4ad0debd1cf1e2df0f98a7d4522a53d6f8ec5e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
32cdd595300f834c49416060a3bc90d6

SHA1
4341aa4eaf8d465bacfb2dca881740a73ff690ca

SHA256
a53c16d003b234bf5b00d65136f021d1edf796fabf0279379478b675f2b8be5e

SHA512
9dd44a49975b7500eb1e78f974e47ff98c6e02904bd0e7754fdeae45dd7ed895d61a5f8c3c42c44174047e44ccb76d84ff1ef53d669f1c1fb937d22534217148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9a63c5e952ed4a46e3da569ef24d8d09

SHA1
21d520240ab6932b9d80bfc794f2fe769a4745ee

SHA256
70b70713699562545baf39c74aeb59b532ab11bff251b86bf313412273b1fa67

SHA512
350a9465468f7730c92542654946f907d0e60c31ccfab165cd232e0fe9e151cc2bbda38e92c699fb2100bf5eff4be977b0bdb53380b33659a0094f4461c8b0dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
ed1a6d812d39bd92925ab5dd5ac37b49

SHA1
8e2fd19da5ea9c5dd8bed7cd196c96e0282d4135

SHA256
0cf5e3708ec84e2d9d4b4d8b2e027076f52180278b7b16965a929a9fde7ebada

SHA512
eba8f488c20c662e64ada7fa086dfdffa1ce53201a8d29d56ee6e8c9f9f0b12a213bca095af47ac333935fd95a4bed18915327e027f2080be1779dd48526324a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
0b6c25499e7979fa64b1768703158f6c

SHA1
502716ea98b2c6ef8046dbdf37d81092a52375ca

SHA256
ad3e97f57252afc9e3220ef10f667b16947f9db0d74414787cf6f5771c5b42db

SHA512
51abbf81ed79826bc2c955771bda754760567639c4f0b7dc5a76d7bc66e46466b68e37f2136604e73df9041fea0327b36f9c03f0a800f2c44dfcd626423dee0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
aea5904deb42806e1631819d60230b2d

SHA1
f7598552021946edb8d5a4b46979cc1af693ebeb

SHA256
9d1987e2e16134c138391eb0c7e970cfa139de4b6aa164e7cde91b962ce472f9

SHA512
a9e7af84619c2c4c08279d3e89e3332420d2081bfcb156f4c38dc5c9fece81d8fecc77f6d7e69a0f65d297849804e3245a926df8b3bbbbbdc0b179d355e2306e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
29bd7a3e4f9e68c806588dbd72555e40

SHA1
0d20268165c708c06af78b22bfd442bad1653b72

SHA256
dcecf6621e73de31b850aa1074bd978fa84c4a86ba5fc7e50169ef8f0cf51853

SHA512
77b36efd815b40890e30203ba3f06d2499710bc7ad5f8eed25adc84965bbc5582096f96f9e174bf5db0cf4ae310ee4b0003c113b395f7c39aceb8ce033dd4815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
21494925bdb24e7e90c8d4d570b818b3

SHA1
28602c0f85f7fccbdb15db32a04e2d0ae1f62379

SHA256
6bfe772381541c69e2bbe8078264128e1d79401a839fc09a3a264039abf8a51b

SHA512
fc2a87f95bda3faa96b677041929b7c54903053ad2738f8dcbb226b52c5e1e19d50485552cca1215a6366927dea7e388a3ad0a974e94b721785cf05f12e2de0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b5075cad4a54ff052dd66f41b297f682

SHA1
ddbc86e993dd89379ebd99ab90765dc5735ba6aa

SHA256
f6084fe1ed920ef98146f9cecb1c3326e8af0874f1d4a844d40fe3487f1c71cf

SHA512
e2cc1052c87e2fec3045ce951d871d9d7bb35752ffeeba861eb45f0cd4947ee378f925ba333d83b7df860df4ade9efac124cbdc75643a553e12ea2e30e9dd0a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2737651cf6d867ddd9c00f8ae130da77

SHA1
992fbcb5690f1f5d228617d1908a4fa83186fa14

SHA256
56afab9eba2c201b7518db670b4f8d73ce0e5ffc104aaea16823144bbee79a70

SHA512
288579cee61ad6981cc0d9db0d4ba1ca9ca8241d6502df5d2acce4e8890c6e3233e7e9a326c4efb8a75ad815488466bd719bc9c60648412182c4ca5bb968b9b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c519761818ce975d4e62131c9345a38f

SHA1
33593550360465c2408d73434645864b35b3befb

SHA256
c6200b4087a48c54aab9f82f30a6ea52007da109dff41a033e4f399b1e0ca870

SHA512
a8af011aac6677946172b080c0639525576e33550b86433278568f5de1b73e0ff101182bdb6f41352660d2241651978483b79ab67b3cd94533dda2ee266ecad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
d363d92653cb4c8e68c205d7d044bf7a

SHA1
1a0e78062c0b28e0fc497d88eedd1bce2c38b3fe

SHA256
8924979fa2edc76cf7877fb94fe30fcb7bc77c426766937f6e1754dda657c7a7

SHA512
93d0cbcdb110a0d5d3b0fad35e72c2ba63f244e760ba4cf73a94f413608dfe3c05da21c30015f182c33810e0d2d4c1b13245e04a1a96760ffb3889e444234f83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe584b7b.TMP

Filesize
120B

MD5
4038b6b3f8e301ab905bff2ba90eedb0

SHA1
b40b327e7a9c4d6fa862fd7c531f3169ff597c2b

SHA256
ff04893bba13aff03a977ea01bba1fde007153f8dbbbaecd227e074ef5895af0

SHA512
e477886cda99b6800e68088b61dd94fb941c059e29d2869f4c63e43a862a998cf9d1bbd384922e4933ecfccc1c5a36f43a1e2ea3827158a653eb2f48d6dfc43c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
0fa97665339936e06ea9c47324e0a2cc

SHA1
acbd9667f45aadd6d2033c204c97bc3811ac6255

SHA256
ce066945f9e7bcdc00f6094159cf78723c836fb4e91820f06c8ffa31636b52c8

SHA512
eb296f441885354b9b3843e955b38f35a16f992aa1f01ddbb411e2810cfdf3a9272550dd3dabff3888e6cc5d3c007ea905a0dc41defe699d23bda7c4de718a88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
43c514c85312d0b5f5a0e72a77ad24d7

SHA1
0bd64b9fea18e1fc2d962c42dc6f268c547ee158

SHA256
428902b23401e7fc5d7fdfdecf8f8f2655e652589c42f4205ba8024981bf6960

SHA512
090b40bfff77f37e54661e331447bf7e70cbb538a76668cd8583c2d7663e7cec7183ae2bc401799091bf32b318d5621c2663261f79bb94c69b33139f2c29fa4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
1efd89b5b0fba867913db6f8bed5f18e

SHA1
31bc96e66a6e8f982e745f0f6612bdffa39fedb0

SHA256
2c8242aac8468fc960216e91f1cbc1a13bdd9e48c28897042184d25d6319240e

SHA512
061a3a9740fb9f3e403d3aea1d931f592db04692fc874e6815a84285c3d2285b7f22169d184a6b6e9e3f4bcb845f73c3f6061e12cdbc8b90167d850a99bb5f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
6e9cbfe1308ea8c7d9ab5f20ba571d7c

SHA1
f9985d504749d8a41834d9022f8cd36b81d9ceb0

SHA256
5889338063d4efddc823edfaba2c2bfc4ff1ccc752e30395c9d08362b7e95871

SHA512
d61ff14ec68200f91b56e316e27cf3597e6c91f4fcf8a197024eed4b49eb24c16365c675740fd292dcd4c7774f446488869dd5ea711fbf810dc3366c32bb0ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
8c2912a92bb8f4cbe08ac9674eea819a

SHA1
3526d591043ab2a1a2abc0acd035d00d04d82621

SHA256
de7106662b2f43ca4e5748d57b8aa1df9e32d643ad71212ef111f2670e8d180e

SHA512
0d051add53375b5d0afccefc5a6d746c10b67581f7269aa50502fe9f99626dba52633c158cd5261461b555127335248bbc4c6ed84ed5ab7ea18527fedeaace5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
231946d2982126615977fbf6024968f0

SHA1
82ac34233913d0d6ef5c40fc1c5aa425846d3844

SHA256
a345e4f06b0a85aa7b7957a8b098a2cf9f3bbc144dcbb2416ef6f75d31a9d744

SHA512
fea34d1a8134d69f3f080981a86aa4c84a080292d1997da103e2911dc6f10a5c4545cbb16b5b0ee84b78262ad4f1e681891ac108ad859db8bdc04eb5682db6b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
86KB

MD5
9702d5a1d2483af2524c4ea653c4e1ff

SHA1
62864fe33f3c57c71b652eb617da28b3cf148d88

SHA256
3f79ee983c1b8e7b851e1c201b341f29bc68dacf7fae13ff6b55c801eb8caaf5

SHA512
248f5e431909df479d52f3e873164a9cf591dee65c02d80545ec58ecd0f9b958ef11bd178f21a91f972c88de57de07128fec554e9ccf1308b04fead4208f3cc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586c42.TMP

Filesize
83KB

MD5
17546835c406744d4d68d6637a31e804

SHA1
af67d0cb748af09028a13df8722d0e629f9b98aa

SHA256
a089d2c2c5f64447f3ab022ff9a15abb848747896701ee873e9346f0c9ff7dbe

SHA512
c156316e8737c4678bde1ecef93ebca0f6662bff8cbdb3e72a33812524ea6588891ecb7c080e8c82e581c229bc1ccdde4c6b7127380d4a7cd9f194503d9de8df

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
ecb8bb6da8424f5c9d3047b6a4da567b

SHA1
07ba5c0b6d136c725f31a3c55cc7c4f060fb014c

SHA256
155c89f8430e6a9a33dee522bfab40365ce354be545a2c346afc6b0459a34860

SHA512
db11874e3152e0f0a8350e439035ff28613761c08ce8d717712b0adf5b455f85957e2680e591a1734615ed4bc5af1d4dce9def78f90be01d2fe07c0d608006b3

Download Submit
C:\Users\Admin\Downloads\BonziSetup.EXE

Filesize
91.1MB

MD5
f275f72b431dc3d3f066a4892d62de09

SHA1
6b246a62699697d0a11bb6e3a11fc85e9f1731b6

SHA256
f7167f506ddd2d76329f7a8d77f235491bb75ca5825fa5176e8a5cf612b0e053

SHA512
078b06ea93e6eb307894b2df577442240d900426832a2333c80f4b0d45fd97d28a471d67ef8126f8cd07cdc4829a13646cb105954d5a283aeebdbe5458b5ba5b

Download Submit
C:\Users\Admin\Downloads\BonziSetup.EXE:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit