hxxps://archive[.]org/download/bonzi-buddy-virus

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-fr
resource tags

arch:x64arch:x86image:win11-20240802-frlocale:fr-fros:windows11-21h2-x64systemwindows
submitted
04/10/2024, 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://archive.org/download/bonzi-buddy-virus

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133725276343892466"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Bonzify-master.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\bonzi-buddy-virus_meta.sqlite:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Bonzify-master (1).zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe
1912	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1936	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe
Token: SeShutdownPrivilege	5064	chrome.exe
Token: SeCreatePagefilePrivilege	5064	chrome.exe

Suspicious use of FindShellTrayWindow 49 IoCs

pid	Process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe
5064	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1936	OpenWith.exe
3840	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 1416	5064	chrome.exe	77
PID 5064 wrote to memory of 1416	5064	chrome.exe	77
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 3628	5064	chrome.exe	78
PID 5064 wrote to memory of 2768	5064	chrome.exe	79
PID 5064 wrote to memory of 2768	5064	chrome.exe	79
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80
PID 5064 wrote to memory of 2880	5064	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://archive.org/download/bonzi-buddy-virus
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3398cc40,0x7ffc3398cc4c,0x7ffc3398cc58
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1380,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:8
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=212,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5316,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5328,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3976,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5348,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5296,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5528,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5652,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5776,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5344,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1000 /prefetch:1
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5456,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5332,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4268,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3116 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5280,i,5387376853072098846,12584277015265826288,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:3652

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e67f177aa98238b3b4dbe041c0f0b61a

SHA1
b9d317bca076442d361bc8ca6fafd84b72f9cd46

SHA256
bbca5647efc3a72f69df2c6a4c88e998852902274423c3d03f8f9ada244911e5

SHA512
bbfdb724f71b2e1c367d28a5894eea3e25f9ed2bbb263b45a95f14ba86be9d269b6cead933a53298ba415ca13d03788d0825be015f881060c510d8df769a90e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
33KB

MD5
6819bfa1fe84adc83b1732ac89527d83

SHA1
b20cf9c137e4038e51f7e7584c4990b823a2d8ad

SHA256
2145d35bcebcd47957faccef977de773f8785e31d836605a98932bf9e04c4d52

SHA512
e9183bcec29958cbde9da41335f65726aeda4c11dc5eb002d889c482ff529fd714976c8185d88138774c3d165d166c52e3a14eeebfd4f2a1d9ef3299ee4939d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
76ecc8fbd31f8ce8503a00ee1be1d9de

SHA1
ca0532b918c8ed1d06bf21991acd63bc7850b511

SHA256
1a987a5c524dc9d7edd9f2f137882432d5ad9cd9a3fbaaafcfa8fb55d8f03d30

SHA512
b4aff03814566bd918286991e59510f227c5ae19c4037e78c8253573695b674b7b7641254657199b6aacc9771ffc6a197aa5f1e9dbd1d832334e6af1319e9fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4709320f1b7ac8d9a71fdc7c899d3728

SHA1
3356e392ec9c1ad7818c7181eb1b653458384c7d

SHA256
b43f5efb22b9e1cea800b1266bfc5c6a3e875ebe88c770a8ad32214a59e9c513

SHA512
e5de72cacffe531d7bc7b7f707b1118185b74c143e9364b0cff8489bf01d78e4afb009c928eeb6e6aac2456921abee2f0b06b5f159419c6664d09b755d5bb22c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9e9284a7c43fb72c3cc056792b0f3f2e

SHA1
3acf98f6af02ced86cf7f2c56d8e6f748ae8a865

SHA256
3ebebdcd2911a2297d7c6bd8dc3387395339d1394f72a9f278f07d6a42315f2b

SHA512
ea92a0e7e3c2cee345cb9b2e21b2511b9a6efa9725e54e13ad8059f569c682e7055b58035ebb544c3fbfbd58273f424264c2aecc065e4f82e7b00c4888b06ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
b0bcbdf1bc41c24be33409bf31fab781

SHA1
5319e9e7ebec3e34ad37806f850e85acee218584

SHA256
66d540698f35eae9048e829c79f9db4ca54d733da9986e6daae492587b8fb72b

SHA512
a1992b3087cdbd0b364c1a312a61c9110cb1cd3e55dbf29693f5feba78306dd41d7a98948fff0f68db599a13c1b4eda7a5d4ea2f82473084cac3bfb002cc2183

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
4f83d3ce82f7122815bb740a5c97d1fd

SHA1
358a3804fc97abc1b69a421d61770253e0cd5682

SHA256
3fd47b91eeea801e9316b9843c74e38b1c871de341cf0299fccb62dcb7410bcf

SHA512
82265a59538e8f85843abbe6ab36e039a85ce08e9c816f86f2a4ebe61009485d40162ee51c29428d614aedd5948e7c5c46e123dca17b00b75a410fe2ae035f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
9926aece6665c1d2a024a1ed83b789d4

SHA1
55e9cab1e451e0eb5de432640fe51b49e9588b6e

SHA256
7850eeeb72a4189a825d5f995c2d25fe145826979e2066d80524355183f2c2c8

SHA512
f459ef365f338ad499d8165165bb2c126cbcff4d57abdf6b3850b66f2e9d5a51c531758cfed7547271f2788842712d6017b36c2dbf01e6cd2425935408c337b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
74a09a32363b9b122d2fba6638dfa35c

SHA1
f4554a8ca5402780e94a3b44e3ff4d83a3abed1a

SHA256
492901cbccf4d0003c552b054b958564fef179d446796eadd3645acbd622b632

SHA512
e3c9a06a3dfb122e4cabfa52ba79f3781ba87e5e54b815ec314949d72051f895b6d97da2cf625289379c08ee12c41266d978c9e49d93eb6f10e1ede74be91618

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
744c4482356ff5798a4602180d17d3ed

SHA1
438fad0f2767535348c27d1e700c90c7afb4303d

SHA256
efda6ab527c5274cc9592fa224892a351bdfe7e62667f01cc8176131ef25565a

SHA512
9ce3d6ff844feafa9bcbd6d511aad733c4c8bf4c1837169dc55b890891bc22a4d3e0e9b80f159f4db446367e8b6c82d20a8926d10bfb4fe1620d0274a505832f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
f3604e24af4dfffc272e841115e03ee9

SHA1
3607b01f355df6042e842b2a8ebe4482540db5b8

SHA256
ba539b6af669b05e68fa50ac56023dc0fdc95eadcaf7b5a2902f0d854a8a9c5d

SHA512
bd0c148a9421d8a431c1f7fec1934f3df271be511b219a0c64a6761491902d22d74e13784ceda20caa92d5a1a87d997e8bfb68d035d560d9b9e09c36d5cc06d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
050c2727ce1e3c1f443d2a92a8a0376b

SHA1
a15d094b2517f236de8c9a35437d9f5c5139bc0f

SHA256
6d784522612b54cb7871791f111f5addff56920ca08d8c4c145a897b2c5d559b

SHA512
2e43720cb0dc38dbe55a97f8ec8c2f20e173c0cd6970fb6f302cb2149a9c5648fea30208b8c18c6d5b2255ca9f73a452e2659602b04e2ffb4b65c7fa5f4a3eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
91e115f127e666c921a0dd7333be9597

SHA1
75afbb098c06e2cfe4a230923e8207f032459e11

SHA256
511c105ec9c9feb2328a06c413e13fabacb7c57132a12b5b011f32c56a4247e5

SHA512
8a9633816d32070f39a78b913579cd776147a89e37b45320d22d87557f9f535f74073b03dcd8b377c574d9b875afe4cfce24e9603462e4bd732e3339b4b46df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c687d7650ce440cd52d2ac33c868b4b9

SHA1
e8362a83a3034603ca83ef02978b7c2bad52ae4f

SHA256
29d6fab8b94cd86585407e8d1454f8704b1414fbd5609b93d45cbc68fcffe179

SHA512
6b44e47bddbfb601ac85a66c7726c8a08afc8c2d8530a58810a6da249e0ce8626f2d42c0d07e36ec0715bd54da8df7aaf536d5127a4558cc52330da4aee20ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7c58ab72c14be72fbd1e75b5b1b9022f

SHA1
8fee92e5d3a369e1435c2c00469d6b0db4420617

SHA256
9f222680ecb53d8bc40c082ba74ed4293e55dfb4ad56af30e9d3e0e294287436

SHA512
5737b350f078c9bf702ba3b094b3be81efd07f8d9b5acec483caf7197d3216669dbd4fc0458757506a760071d9925f5067fc24551d36c3d5aa236aa87008e59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fbabf5e86e3588aa15656b0fe0baf83b

SHA1
bdea9b2e68ea26c81b25e2cf5962ed9d3b1033fb

SHA256
c235de5e9888b66d23ffd7415e879ee7806db0638e8ef3a1a3b24d525278f288

SHA512
35fbd3b3f3bec0d59d0566afe89e4b94dd82b29bcc0cf1c2a4f9829ed2764584c27173a701c11a01b8945967d1e16e4d73f3797ec1efbf3c19734b2b29ae804e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53de262d4a23d34dfcbdfb3afaa254a8

SHA1
da26e4300820aeeabe5266c5d54a9766e8cbdfee

SHA256
0d709dcc7ac4822a72fe7d9aa937a6479de6a43d83db8ac87b75cf0475b75a38

SHA512
b64b122fbb407e21cee5831dbdf79dddca01125ff81719fa7f47d21602aae07bbedf44488507ba9924a816d9f1408b15af767287bb7147f1025752ce096c7575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14f83eb3754b83532e34313ffb3224b5

SHA1
bf396f2e73650d3b467518bce1e1bd617146d557

SHA256
24a7aeb2093ea20718f3b9ac983d77bd1ac52c5dcc8666eb14e7a991d2548fab

SHA512
e293347a64e184811dce47edffc73e58533f178e6e27f3ce61c87587060cf30dd523e8e1e6819788f01f134a255ff9f5625b89431b9d10a12a1ccd945d1e780c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
88ba85f803614fb30045197329a842d9

SHA1
c828ea223e5db90d48f86831b3ae8a92e08f3e8d

SHA256
7cdcc9e8746c9dda0933fd6873eac61afd071d0c789f7aef892aae79bfaccb77

SHA512
3111fd517191e0a3575a886bcbe7995d7d3e2e800f41e074cb69eb311cd96122c8299946fc1a105b682ade7dc6fc78753fa13c11796dc1f0b9846a17f2c226be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
91d41937a04a2733688e9d791ac0c790

SHA1
4258bf41dfd19a273e3503dd001b64dac4886fa8

SHA256
41b0dfa898d5162a2a725db2ce949387b0f0dd518a3e4de98cbd330e44225357

SHA512
d39ad68d52e34283b8590c2a20f88be60cca40d34f51275075082861fbe09b25ec83672aecd91cc8dfadf1dfba30f88f4963b0a0ddf3c17a99f9be34cb54f40d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
d0b9f9c0d0fba5ed352843c9175033de

SHA1
6bf98818e1f33ed121b858b685e5fd2e6c09e4cb

SHA256
d0fb90b68d6ec439d56fc6283cd92ff22db9ea4bc90cf7c39b7a3b44742b2de3

SHA512
02883f3ec043bb6d6e6bd9a2a0762d930a27c826f53b9f27b4e5740ad56774d0220a0ced627492e39543237b9eaa5cb49f912be04211c6eeda160ceab4dc2269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
5fb0cccc727ea21cc1ba1f56343c82fb

SHA1
25f6e52d156daffbda9fac73414650f621d85c6e

SHA256
40d94661aeb706525aef5d081747925dc049f8d721452150922e9ce2866c0ead

SHA512
747eb5ed2d102023d5abb4b68055caffda9014856546d5f6124fd91f5bfa92081006736d3a1ba39de94f791a1ddc94edb54926f000e4f0d4c7f1dd810aa50397

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
197KB

MD5
a0f07a18665d3daac18ce3b66933a53d

SHA1
ed3a7ae506c5914f5fa4d09d2abe9b43e2535df1

SHA256
62041062930dfdc54b1b77d1ad08cd62c9fdc9a0c67f175005a7e4b3b8809f20

SHA512
31b7fcb70d7e68ac1fe86545afc9b7db4e423792e9be6c51669a22deae68ad8d31e7c849c364b166b5cad6873f05f014028d6985c7035a0d630eaefd05c5702b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
226KB

MD5
19e58adbfda9b78e0512d66526559d28

SHA1
d3156f2edf1688f2fb4aa9f24da13ad8c7938b5d

SHA256
4ce74f223450e58043dad6f6f11f2750cb2488b884dc8e2c25255ef4dd170062

SHA512
4a14c6d64f9e7e3662804d1514250842ed4d0dfe14b5fc9e7f989168217236114ac23e79b0de6bafa4caf7f7011de0e7c850c657116b5b515735a3d84fa10665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
ac983482ce185ea582f2ec6278e8dffe

SHA1
99fe50d060a8c837a56aac74e8020dadf7096bc2

SHA256
10a93c93ae813d79c7ef8f4ce1a076bb908b3a517d233e67d8f811aabfcc0b56

SHA512
91147b32c12732e2d22b158d7e05723e61dff2c851ffbc88f3cd05c640be4b04b8d93579b5e2fbece0369ff530fa9f74efcd4a71f683143b695f8cfeb1e96e7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
1a83dde352344606193433238530eb70

SHA1
0ab3e254e674ed1c6f0b602f382a07e1e5b189b0

SHA256
e4bb9232dbf3837692fd9af928d24f2dd54757f2907d873a6aa02866bcac014a

SHA512
d76cf5c7d6f88437c83ecd7e3147c38cbf08ce2ba751d9afc44314c8a663b41daff34c055eb8795d9fb08ddf5c7570f0298cb85453002ceda32bd3eb4b85e2a4

Download Submit
C:\Users\Admin\Downloads\Bonzify-master.zip

Filesize
3KB

MD5
512066537f528631b41638ed25891d6b

SHA1
c640b7acd1ade524d4351052eb400881f2f8dff6

SHA256
bbcce67b9de792a506cf0228321d4a4e02d0cee128d3085dd7f7e7f989c45850

SHA512
d02ef9cf4b92cff6cb758d77179e6d2d1bdb5901fecbad7110e2394219d63cecdf2aee51d39b684fbe37fbf52048bbf35ef8a04cad6a9ac4ec01092eab9ef8ba

Download Submit
C:\Users\Admin\Downloads\Bonzify-master.zip:Zone.Identifier

Filesize
173B

MD5
85ca1c947f801484fa30cd25c62e66eb

SHA1
14cf43a34c98d4340a2154365934b674da45748c

SHA256
c5794cc25286e2282148e6bf8240c3d992d3fde7e7664990bfa5f064210cabf1

SHA512
d59f12259c04064084d6e5a3e7a86042c2c4564f192b8482960a1316988f5c94d75688075f9cab2b86d173129d8ecea03c43a7050a4b8ef511123d601f331c85

Download Submit
C:\Users\Admin\Downloads\bonzi-buddy-virus_meta.sqlite

Filesize
20KB

MD5
5f5bc95775918382ce4d66e287e9aed1

SHA1
621f45cb01cd8c3825955af6187a792ba06ccb0b

SHA256
a6d6b3a58220fd9cf07ff42fe4b861f2c33f173d0b86b0a70c976b9622ab05b2

SHA512
278f3f5441cca6d6009601d29010465e122db6bd86a70e67e29c0cc2bab24f15db21ab49df0ff53675109a9961b0979e40822945b5afb693b22669c7e60062e4

Download Submit
C:\Users\Admin\Downloads\bonzi-buddy-virus_meta.sqlite:Zone.Identifier

Filesize
184B

MD5
13492fcb38f00192ffd4f51a401720ac

SHA1
1669937e6c45688cbd1aa76573010534dfcfcae7

SHA256
e1820f666e4b29819ae49c988c1669c35bce53ccb7c8a6def527e05aca4d0694

SHA512
f2a457f09b6e1894142b16131f638c940b686a109e443aeeb5aed9874ce8ccca6377c65bb60ef15b29b70bd8034eb17aa303e453378c01b03e4024c7d69d2fec

Download Submit