Analysis Overview
SHA256
33fafb94ff9356045aa16b920fd3289b045e3a0a6a76e96f62e1d3ca6eeabdad
Threat Level: Shows suspicious behavior
The file WhatsApp Image 2024-06-03 at 11.50.11 (3).jpeg was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Enumerates system info in registry
NTFS ADS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 12:06
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 12:06
Reported
2024-06-04 12:10
Platform
win11-20240426-en
Max time kernel
172s
Max time network
160s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619765221042136" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\WhatsApp Image 2024-06-03 at 11.50.11 (3).jpg"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd1ee9ab58,0x7ffd1ee9ab68,0x7ffd1ee9ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1580 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3500 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1748 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4948 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4936 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3352 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1612 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1672,i,4179136131791204327,17922364848218077734,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| GB | 142.250.187.206:443 | www.youtube.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 52.111.229.43:443 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.16.227:443 | id.google.com | tcp |
| GB | 216.58.204.86:443 | i.ytimg.com | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| GB | 216.58.204.86:443 | i.ytimg.com | udp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | tcp |
| GB | 216.58.213.6:443 | static.doubleclick.net | tcp |
| GB | 142.250.187.194:443 | googleads.g.doubleclick.net | udp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| FR | 151.106.4.82:443 | bonzi.link | tcp |
| GB | 172.217.16.227:443 | id.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.216:443 | codeload.github.com | tcp |
Files
\??\pipe\crashpad_1824_IQAKSOIWMKRCOPFQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 1dca05e5722b9b10d7234461cb5f1d1f |
| SHA1 | aab141168f04f6ccf64c3a8932e62d0f2f7b0432 |
| SHA256 | f2f8ea16c1e0e55c3a52654fdbdba080b539d6916b7c805938d11392168c53b6 |
| SHA512 | ea0d8ad043a58e1d1af29d7d0206adf5a563fc01db57887f6aff895a9b857c54325b3691eb6ab6686911614e2f3bb9fe03315b09c2ebd57d8589eb66def4e711 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9939517ce97a3608c19044d7c4311673 |
| SHA1 | 2cee2495ea9cf5830ff97caa0759bf1ad1dedd69 |
| SHA256 | e6755fca945fbd8914c349dfa840408edce6420693502718dc33ebdf9e988bdc |
| SHA512 | 4d1d8815fa0328dff4abfe5c36ab210f7c9d754656a0be8e8b420f7adeef9fcbd189bb10c4753be2c64365e238331b79f180ae3a0c01008f762cfcdffb55c658 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 356232c0eaed160b58f8fa6dce798d64 |
| SHA1 | eba6ba82c50ab2582b0dd3129c4add99e4ced69a |
| SHA256 | 09795d9ca5ef7b11908a4de6c78121f3220594d1fbeed1daad1ace8a51bc0fb2 |
| SHA512 | 49c200176e99b6eba84c83a815b8ad317cd2e3eeba966f33d206108937ac61b6215fd4769e882541ad754b6ab816dd26d68a0a9a0066771c20d5e2655f969981 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 020381148d1051de995da71818dbab3e |
| SHA1 | 72e7f4a116ceb6c192170559f8441f692e978025 |
| SHA256 | 237a7d952aa2066dff70983251527520c7bc57716f4ac5c6621bd685b9d81657 |
| SHA512 | 8267099f7e39e2718c3d9cbf0b4ad4254bd0852627a7f99915e4c83748616f3ccd48d468bc116f52221c7ca574eeb131a18e1a729288c4b93a3b9c6f6fcc888e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94275bde03760c160b707ba8806ef545 |
| SHA1 | aad8d87b0796de7baca00ab000b2b12a26427859 |
| SHA256 | c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968 |
| SHA512 | 2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58df4f.TMP
| MD5 | eae62139cd3b11089cd319b947f1bc99 |
| SHA1 | 32b3b234b0be940cae30b390f39174f25b78e5ee |
| SHA256 | 33a853ebb1cc1413b3b89260e079beaadd3b869b745018f45254c87085912333 |
| SHA512 | 02c4ef5729d43f25a459f951d5dd4db28c25da14091826144bb69e69f82b1f5b85dd81d748457efa135e8f7669bb7f7568261d15e36e354621bb4b330a08b75e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 992db227b0e930a8dd0187192faed386 |
| SHA1 | 27eaab3c602f28c0bd1fb78c98fc72e6f9ea4c36 |
| SHA256 | d2d08484278111272beaec12134d7af8939d363f79f87862dd4a1516a7e9f85c |
| SHA512 | 963220068331e2367d7cdd0cf7b3d8613a717a5c1587da1fe910efb4fb9e49908f2c1dc7ebb2398ccf3b01a791a1ac6eb7d91a3eaaf1cd92094cca4b2fdef103 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8cb9e59707318a3746b2d36ff8b442b5 |
| SHA1 | 15e8ff314d3a9c6a0564e71f5d648060ede66c74 |
| SHA256 | ef858af0f8ce369913de585a6ab641147e37d19e7889390cc9c00036d12ca4ae |
| SHA512 | fb4a878fd9175451080feea637f24ecce4e73b6830732e28f8b718b6cd963e65d81748bd5d0ed0bf340f33252aae1941b6c938da9fa470b781d5b0a2010c1ab6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 227a04e7101b327bd6632099bcdc3e85 |
| SHA1 | a8f0ff03f255acda49edb14f489f2e6b5c3d3841 |
| SHA256 | ee339e3ea2754c5457c334d4adab849cb5fe8abe36614db78dc568807e95620a |
| SHA512 | 55b63359e2b96d31d69df9840693beeba6532a92c2fd9f6d44a3200fb888712902e235316bec45cac2cf0e76cc0e0cab8b2e8dc19e5e6b1e67ece3dcfe2a69e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 071b0154e2b095510821116ccf3c6c36 |
| SHA1 | 11bcac270e3e63e7dc2a34a05c9246cc6d2cdba7 |
| SHA256 | 58320a7ef00408eb37e3ac40c5d881715a026af2aac83c028c35350dfa86ad13 |
| SHA512 | 40915447cc9e8d0af23aa978d0ecb459c2817c304bd0e9b002160c7972d86d0f11e2ed85a779867c7ec4d517a36506da348db72b907379e4d5f3803af5f48d86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac8adef24be3476890156578b525483b |
| SHA1 | 62608f83672c0a9be9531ce80e199e846b49bbba |
| SHA256 | f61898aac0227d2b8a36db2fbc6fdf9a44e379234da4d2258fee6ea1e878a634 |
| SHA512 | 4902ef6e293f1190f90de92d7eb017a8c86099f3bc64971081e74803a8ee38148494ea6dafa9cadd26b46d2d122b617e431162a2aade79134a161baccbd67072 |
C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier
| MD5 | c0aaf6dc437b95d10bb053831c3cba7c |
| SHA1 | f3b57f1b2dfc8a4ca0f366b7d1051d68f59110d7 |
| SHA256 | 5d3db06bf246f33b99bfabbac16d6142e6bac695092228d5367b3cc03959653a |
| SHA512 | 9effe9ccb34ac61508648e32efb4f7fe8dd5ce195259f60707c720ac4cb9ebee0f5e944bda0ebd804eb441a8a32cf56336677389a9ad59a8c1d4402c164f2ff0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 37b3ee89acf2bb63e1a0e5a70e2adf64 |
| SHA1 | 050e3216d70e9c66af7011c2e6aa02a70cbeaae4 |
| SHA256 | 459caf016b76fec6e4526fdfae80e175dcb7401c8e35b3468425404972688f6b |
| SHA512 | 5ee11c4bc40b0d0bfbabd4190f72ef82ca2e6726a5234c7b089c0e05eb373436ece3dd72a09f18921763604dc843a260cdb264bed258b33ec09535bf0a94a4c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bb8ba83db5680e9deb940c97e0ea45a1 |
| SHA1 | 97f01c24f9b413be118f1cb3515090638ddd9ed3 |
| SHA256 | 76bd0de6888a34b91c43125602ac4d4b751def5454628440242ce82e7df431e2 |
| SHA512 | efff58f25a65a7319f3a096b5a28e14e992cb2a4cd4a22183dbf0c0b41e06844aad116deca52a41b3dadf82a2955e03ab31b1dc0b081b425fe81061c103ce6e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1e7b090b8d34b64ff393de989a1338a8 |
| SHA1 | 4185f2211f1d2649c72de332cc92b9bc20799110 |
| SHA256 | 1f18af5645898f97b76765ec598a378e2a084146cf06fa19d4573a051d88e7b1 |
| SHA512 | 483bf46052c6a33266ff68dc56680448ad7b33b751fea85f84c5f9041df1db9fbcbf4efaf9d223ee880416193b4d254b624214e388d79d61d8ce27fd620574e0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6c496c0fd7226f9ae24f44288e6060f9 |
| SHA1 | 95c3af71b3fee6158498524d5b2b2b4bf999dd54 |
| SHA256 | cdba642d1da605640734e001ff30b2702c1c951f41e5ebb999ce084b27be54de |
| SHA512 | 77e12378c0283bbec5f49ec7f3c79342a53bc18019de0020512c9dbab5beb46e17bbe8dc2a08f12772c8a8a11fe9ad37e81ea41d4ebcc8b421025e303c988c5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a1fa0aff50ec93481ed47e1deeb499c |
| SHA1 | 8667f78a5dec8782e23ceea4e3f59f0a9f47a4b1 |
| SHA256 | 7e4fae77989d2b2f00f1198802010943258da5989a0e7b35463713bbbc222899 |
| SHA512 | abafe767a4992ba3733391a95ee29b75e200c201f93d0b25ae76e737d12144495a3479cf4316e11fcfbecd9e5b90c46108fe20533014719ad2f5344cd25b15c5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | de6971c9f7c4032893b6e00f90041cb9 |
| SHA1 | 7b82239706b4e2ecf654f724d0d5156898d5660a |
| SHA256 | 78e40ff5dcba8a8892cc586af38f95e24f3494269da3289275cc70c2c2b3b9c1 |
| SHA512 | f374fd7329f97369eb89a93e8fb841d1969344fbf0528a06506f6d694cdc1115f994bb938c2746d57c21c6b3088baca13296ba256806d63893f4fbc7073e0b18 |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |