hxxps://vx-underground[.]org/Samples/Families/AgentTesla?view=grid

Resubmissions

20/03/2025, 10:23

250320-me9bdszyfs 7

20/03/2025, 10:19

20/03/2025, 09:58

20/03/2025, 08:24

20/03/2025, 08:16

20/03/2025, 08:11

20/03/2025, 08:06

Analysis

max time kernel
155s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2025, 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vx-underground.org/Samples/Families/AgentTesla?view=grid

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3992	Z0MB.EXE

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Z0MB.EXE

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133869432423501989"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
4348	chrome.exe
4348	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe
Token: SeShutdownPrivilege	2788	chrome.exe
Token: SeCreatePagefilePrivilege	2788	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
4020	7zG.exe
4228	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe
2788	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 452	2788	chrome.exe	85
PID 2788 wrote to memory of 452	2788	chrome.exe	85
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1464	2788	chrome.exe	87
PID 2788 wrote to memory of 1824	2788	chrome.exe	88
PID 2788 wrote to memory of 1824	2788	chrome.exe	88
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89
PID 2788 wrote to memory of 5476	2788	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://vx-underground.org/Samples/Families/AgentTesla?view=grid
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffefd10dcf8,0x7ffefd10dd04,0x7ffefd10dd10
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1972,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2212,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4396,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4416 /prefetch:2
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5512,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=208,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4728,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5616,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4864,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5848,i,2966934896547681483,7920169804227769454,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2920

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1172

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\z0mbie Collection\" -ad -an -ai#7zMap18061:94:7zEvent14644
1⤵
- Suspicious use of FindShellTrayWindow
PID:4020

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\z0mbie Collection\z0mbie Collection\" -an -ai#7zMap10766:148:7zEvent27718
1⤵
- Suspicious use of FindShellTrayWindow
PID:4228

C:\Users\Admin\Downloads\z0mbie Collection\z0mbie Collection\Z0MB.EXE
"C:\Users\Admin\Downloads\z0mbie Collection\z0mbie Collection\Z0MB.EXE"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
5bb574705382047caa9eefcf1bcc99dc

SHA1
6edbb131baacefbc255d2a178283faae930e3ed7

SHA256
87fd57ad0b17fe9017cce892cf5033373e2207ed38f82a2ad11114d789b58c3c

SHA512
27af401e68ada8b0509a4cae278d7ca5f99d78249a6c9942c1cb24811a44251b9f25f6332015b3dfb1f9fb00a9e82c2ea3a3387647059ca0acf7d75e1f722a6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6d507704fffcaea0d870e7910a51b9a6

SHA1
4abdd6467284c7ab99fce017de30cf3c0e9ac8ea

SHA256
89a8b525d368b9280f5d501c5f48d7c7f1e23d7cd1e68e7e2ed7c82b5ab20033

SHA512
0d3801ce95e4cd38a72ebc3725482c683a3f6f293605f97452651ddd7580a8e742441d1e81e0fa22b8d34fd18d02f3ed97fff469c8e6235b090fd0365c4ed0c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
05c705b9d8ef85c708480395203d8e19

SHA1
8e923b02f54709fd6c951cd9b27b0865a6a6b374

SHA256
604b148e3df1109a2abfa46c2e2cad33bcef70ec6554ad66555f329926440ab1

SHA512
31e3ffcc089d05b1b994d1096530a8a5d9d014e2c79985b5ee547086419f80fc7e01ed1d6903a2fd8b25ac1823c83d3cdd822874b75664c772e19b76b9cbccff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
35f7579bbe9df082862f68b99c3ba821

SHA1
04cbf00086767a63b93985e6ba0fe921eb58b1c6

SHA256
79236994c4bce2e952eaa871d749c49938c3ebc886dc545bd59219ca2647b3cc

SHA512
b37c25e89add1edb846d8c35c7965ea2b0db1ecb25752575c85ef0f4f2e4340cb567f4dde0bb5c7fd9c697171da5637a31b8989229ef9c40b93bc2d3ab31cbed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7b0897f8ada796e1a5d113a2945811eb

SHA1
64f32b9e580513369f50e227ce9c310969fd9d3f

SHA256
5259a2d75e98a9cea48717b0fff817f6ee84645ad6b34767e2c779b4dbcc9d10

SHA512
88079977059f9023bf8ba64846d4066d45ca16afa04b700542ea100779bbe4e958177575e04c7311162ffe55c6c62ae9985967e7d7e2cffe1dacf2515be95873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a15a1577912f97ef11c96e994ced8375

SHA1
b6d42670bdd577e8cd79eeda8d422970abd16003

SHA256
3c0a27ff8fdfe67e812c6e105d7db3d7b5d0c0bdf1c83fa8cca55eda8d4eb22f

SHA512
56075aa42a17195156d9ed5f99c0d032dc6f69edea8e6c128affd478813f5b68c7c6679f91422d89ecda1ede2efbbbb28bcb3f1a41989386721345da09091da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e6c2b983aeec64af970475b86ba90382

SHA1
e0ba30c0749b570c4f005632e48a7a7b04abced7

SHA256
0fa9091e537c10ab9248e45f4eb7b79c31b7fa34c41dbae6c6b6d254682e11c3

SHA512
47e2ff51339bf83c34bab1fa9fc8acd444e0942c70896264dbbff83ed89678cc5e68d1e62b343ad086f05804898fc8418fea14caa8e0f9fa20086baf44d0a0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8f56e88e0fc5f0bd4c365a1910d1ea38

SHA1
013d4623acb133b5f08be4c2d6e50658b6eb8bef

SHA256
ce1a5f8ab88dc06fae06c518ee08abed39093d17d6ffd5b3b8f5edb2ef3b18e7

SHA512
92d3270d5d6dbaa897cb6396055884144e69121087db038d36ce9c105a6c87eb429b60dd335590ab71395c077c694034a9d928e57fb56e396465565bd4708599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ea585096c9e055c20c4356477a747fa5

SHA1
0e5c880347aa8c86597dd22715eb5872b156928c

SHA256
7ea6e063080fb7d86015772421805096886819eb38d951d5389e91bff1a1d6e3

SHA512
218668fefdf55852430acf475bc1ec1322e1c37cb6c53b8937cf47453ff2cc20fa4c942e569b44969c6b5335319873368e48897f5b2f5a78f3a25dedfd2f4d6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a5b6.TMP

Filesize
48B

MD5
e2532ed62ae5ef1044c56e786fb51a62

SHA1
0b82e8086b2e705b6a73a27170c084cae5a9015e

SHA256
4c66d5493e9f01a327bdf23ff5676677c1b1ee12bedf925dfb1396ea115b13a9

SHA512
aefa23882ae53fd2adf98566ca4fb46f4c7ba82fcd90d1d45b172b9540399424a3275ccbc3aba02d1ecb4ea79ef1d129c7183612a33e4c084c55956c38cb02e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
d8b40bae9bbefd3a4dfa591679ee5e5e

SHA1
f9795b8252645d4adc4ee69bfc0c837eaa57d914

SHA256
78cdc8d79926e3174b48097144a7e626ddffce1cc48cdaa774a65b5e764bba3c

SHA512
e1604d4f6a406d7e6ea972338ffabb89808aadd79c33462af9403d34ffbc1489f14075ba09010135a55fb17b198e336daa64a48ed622029a2e93bf78d105271a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
16fee7d9f2b1d344fcde95021ca23229

SHA1
aca383b3789bc5ab10c65b68330139149928b018

SHA256
9eea82cf8e8d382678e14a4637ab9ceaaf02e60435715f494652043283ed97f1

SHA512
30aad69d25ddb0ff6f9e9c2fe125ac495e048f79ce7693c9340691aadf32b5bb574f89c1de025d3411585f4f2e5a378f3b1d105d1abf085cd6ab6adb3988d8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
b7f2872f8ea0a10e692259b39f84ab3e

SHA1
bb373e52c678519d76a467b8a33ffe984b4eaf37

SHA256
638101b89c03841fed1f517b7749df6c7928e7bffa027bfe0fd4ead30beb3336

SHA512
33658dca1c7155f0f9f72ed6710811725f50be69f4f735624d4b9a1f86adbfe3ea80ea27cf0b343f93357f5b961f730010c31f0eac8ea0b18fa1d7e9e8e05470

Download Submit
C:\Users\Admin\Downloads\z0mbie Collection.7z

Filesize
9.2MB

MD5
5a09219eae4a975afdf30f36cb4d0e92

SHA1
efcecdb07c7df697fa042f35cf18d73740b9d458

SHA256
b58962b1c85d882a9c8e116557b1ba6eabac5671989daa3d28c6440fe2f8b475

SHA512
6837f7a840566d716cdfa8222c4808cce2ebf500d6e971cfd68082e45bba22bfdff7785b4b30eff8a4f878c13c308fe0962bb8bb30eece3fd66d38190fb7ec89

Download Submit
C:\Users\Admin\Downloads\z0mbie Collection\z0mbie Collection\Z0MB.EXE

Filesize
58KB

MD5
dc7fa76dd24cb813a824489ac3556678

SHA1
329cdd8acfbc8b22f260e117053867a01742c79f

SHA256
7c0923cf62ca86c5e09c53ea1b652cdada570482b1b85864f5199c1ccc20c0f8

SHA512
a6c504b651d6f1cc07ac499591ee72ac07d97d027d53295c1e6265ce512be25c387336f2b98ed0c24184adbafdebc3b116c2ca188d0df5320fe7c469452bb48c

Download Submit
C:\Users\Admin\Downloads\z0mbie Collection\z0mbie Collection\z0mbie1.zip

Filesize
112KB

MD5
835c5cd69f326f44b803d6d6e275a76b

SHA1
9640fd408ad3ba3550c3d4a8e5393163f2ad69a0

SHA256
7a7e3892134bdca4c3cf0d2b41f6acd65716584f4856345fa791f3f7a38bae9c

SHA512
b0a8ef7430658173f66c8985074d441091d6f83f85ee5bdf78fbc80887ea20bbdc378f41cc076b446cea9f462e07ac2d351143ce4c96085ee18a1fdd908c98e4

Download Submit
memory/3992-839-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3992-840-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download