snakebot | hxxps://mega[.]nz/file/ZywCRDJS#tH9RAR_pk7xnF5hgSh05ZcuQTDAqW8eEN5lP-OIoUUc

Analysis

max time kernel
196s
max time network
1587s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/ZywCRDJS#tH9RAR_pk7xnF5hgSh05ZcuQTDAqW8eEN5lP-OIoUUc

Score

10^/10

snakebot snakebot

Malware Config

Signatures

SnakeBOT
SnakeBOT is a heavily obfuscated .NET downloader.
snakebot

Contains SnakeBOT related strings 2 IoCs

snakebot

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\673K GAMING ✅MIXED COMBOS GOOD FOR EVERY SITE✅.txt	snakebot_strings
C:\Users\Admin\Downloads\673K GAMING ✅MIXED COMBOS GOOD FOR EVERY SITE✅.txt	snakebot_strings

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247651118130379"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3116 chrome.exe
3116 chrome.exe
3116 chrome.exe
3116 chrome.exe
3624 chrome.exe
3624 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

3116 chrome.exe
3116 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: 33	5076	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5076	AUDIODG.EXE
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe
Token: SeShutdownPrivilege	3116	chrome.exe
Token: SeCreatePagefilePrivilege	3116	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exeNOTEPAD.EXE

pid	process
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
1644	NOTEPAD.EXE

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe
3116	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3116 wrote to memory of 3524	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3524	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 4204	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 1328	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 1328	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe
PID 3116 wrote to memory of 3532	3116	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://mega.nz/file/ZywCRDJS#tH9RAR_pk7xnF5hgSh05ZcuQTDAqW8eEN5lP-OIoUUc
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcec559758,0x7ffcec559768,0x7ffcec559778
2⤵
PID:3524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1816 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:2
2⤵
PID:4204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:8
2⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:8
2⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:1
2⤵
PID:828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3192 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:1
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5096 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:8
2⤵
PID:1092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5516 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:8
2⤵
PID:3252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:8
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:8
2⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:8
2⤵
PID:5048

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\673K GAMING ✅MIXED COMBOS GOOD FOR EVERY SITE✅.txt
2⤵
- Suspicious use of FindShellTrayWindow
PID:1644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:8
2⤵
PID:2896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:8
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5984 --field-trial-handle=1836,i,15882732165107316255,1090074337970445798,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3920

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5076

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
081e14304eda540ec5cb2f6ae797899a

SHA1
709f0ed65be824ecce668eedc4e3d0254421ba1d

SHA256
bbacc83711179ea5ad8c5817a1019970b9f79010bf5200c0adc4e59b1be66062

SHA512
8efb3a6fd05cf7776e24ac40796010b189b730a88de352cedf791b7f00c40e00c036df91c441e221cc3dcd0735c7e1c69c069bbef25ea46a63ba9d743565b234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
1e2cb692dcee7b0cc009fdc5c049dc92

SHA1
15a34a483abd844243c0e5a69b1c242e368af8d3

SHA256
a7e6a334a1217f9175bde380ba222bec790add934cb18a6f66ddb436b494cd67

SHA512
cb1a3ad23beba21c957f841815fd84ec94a1fd097cd4a3fe2178e9947f1e9a2b64666e1699ba17c5655d97a68cd4685b337a82760e79eaec824cd3ea335e7f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
538B

MD5
065f209263dc8165646f7e41ae3a896c

SHA1
7ed041ab46cbd9d79c3c095b23451b9596818010

SHA256
b661572e238b0c23152020410df988c47fa46ab95c93ee771214c9d0c183018f

SHA512
35890294a5bf927b3044e224f7890937458babbade63a6da8039105e9a993b73a95d1880214d9ae81e3e911b57950e15913ab5e7c09074227f8524bd9e23c258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bc37ca4434bd1e9a50250b4864415fa0

SHA1
a2d3722697637c1e6e0938c6615169dce07b27c2

SHA256
703343148c1bb5d8d992a0d64a05359ce48d6131c4a70663dc0eb225bceab417

SHA512
c7225899ecd402cb7b65f09456c7b340d77c409a166a66122b48709f3f7f1c9c6ce1a50cd47f660b13033376572ef624e9a6ff2564df588890aa2bf83c70857b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a8b9d2ef769afdc230309205024c404e

SHA1
4fe7471c8564566917c83f90a867a8b5cb73ffcd

SHA256
08c45a953b98f8a70a84966bc3039efe663ec2f0a9018327983e54204d91fcb3

SHA512
ec72552be50e77cf751843be72fd0b48116f84e39e676d865578ac122c9fe4e642abd6057da4b5d07251ec52b2e6cff23a1fc83921e99f22e472046a0a8c9b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
163313bb8fc3f0679005f0a0926da75f

SHA1
4dd986d1c6ed83a6b46f0fe29ec7bf27d7b86f80

SHA256
e50837d52b861c95f7f0c38ea410bf0f330b6353d152f64d7306b4e28f1c8ef4

SHA512
192a25d48d2bd98ec0df92eb90cdff1b244697f07e1726656186046c89b76b545a1a8cfddd51b5fb68193b7905574c9c73d962e2cb2d997a13bfb5c5d232beac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
cfb0c06e9e9d57c1ab229752be00e737

SHA1
cd18618f022036fec368406ce58fc269103e7742

SHA256
8ab0f520162b3c34452e0fd019cab377092313e0e0a6b8fe4ddffdec78e11fc5

SHA512
7924d5a74cf72e473e65e0591f6481314526d0325f4a45928f77b3b8cd61573496126613fb3922eacb6bb66b4b733dcc3a87b731aebd09c75f5785b8cf77bf68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
4b7255518d746c6c0b679d2a03b3a5e2

SHA1
76d87c2439b20b0bfa22f18c9b1afffd67401d64

SHA256
47f2bf48a55266acff8853e4e2495bdbef70a12701475fc44b5477463d754816

SHA512
8c9404c2e7dc24ff77a2511faa2fff593c0ae791b06a0e0abd04d54c8b32005a3a55c1e1adb23dec3e78e671f620660a057a49865ac6d161285c82d3ec87d941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
d8d07c48e958920481038401f2f2e8bc

SHA1
fe6868aad81c7d103b96cfd03722067e1c98ca5b

SHA256
acea816a052c3a7f666e38d95698fb261150edd78f82cfa65a7c44cd6d613324

SHA512
5dedc137e8bf32b6bad4e803107b038061b2b618cf70881ec617477332bb9e0191f3ae1b1d75146a9da059a74dcfeb2473d7bdef77df0769496759da98f4d898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
e27858a9351e53648c75c1fcacd07f77

SHA1
88da31a4fbb7ee3c37ad2d264ce12993afb00dfb

SHA256
943644900b2a71e4257df0f73a0bf6e86a850e3c1693c50f484828cde3314aa0

SHA512
f147ff8629530207b8f85eea58538b4007be50b208103d1f60e03ad5e595b15f86964a0b2046b059229eb1c8ab478ec4e51e1e42c8007f40cb13e00417288da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
175KB

MD5
bf74980e8b0632df1678c5a872c38495

SHA1
59a9aaa33aa76a560c24c6bc018e891db74608f7

SHA256
75756ef3483b38f0ee6a632185927c1519570cb73d03e418ade3803b6813391e

SHA512
59cc510cf7672cb685a80815079c6e4dc05a9f9e3b30fa07ddfd18fae1234884929f2ff4ba3423c0944c7fd4a1059ed4bb9e549e9a0a956024e2edac4bd23137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\673K GAMING ✅MIXED COMBOS GOOD FOR EVERY SITE✅.txt
Filesize
21.1MB

MD5
3dd4f2e9e595a355649d265c9d08b8b7

SHA1
52859df28153fdd7843dcab12f1bb811f2a0bd64

SHA256
226c1dcdf65576e9c6c5fcbc8af1e604601b536744a117e3fc34473ae0233ad9

SHA512
72c194998e7c14a3b073e26d58fd9e8329df2d377c11c7b903dfbf3923c634c8cc3a013c38abd5f0f9d05774b7ab307b0b4582a55fb85b9dd19c66e495b93f35

Download Submit
C:\Users\Admin\Downloads\673K GAMING ✅MIXED COMBOS GOOD FOR EVERY SITE✅.txt
Filesize
21.1MB

MD5
3dd4f2e9e595a355649d265c9d08b8b7

SHA1
52859df28153fdd7843dcab12f1bb811f2a0bd64

SHA256
226c1dcdf65576e9c6c5fcbc8af1e604601b536744a117e3fc34473ae0233ad9

SHA512
72c194998e7c14a3b073e26d58fd9e8329df2d377c11c7b903dfbf3923c634c8cc3a013c38abd5f0f9d05774b7ab307b0b4582a55fb85b9dd19c66e495b93f35

Download Submit
\??\pipe\crashpad_3116_UZDNNQTDEOCHFKIK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit