redline | hxxps://cdn[.]discordapp[.]com/attachments/1331620455039373445/1332651596001054740/mars_panel_v8[.]zip?ex=67960803&is=6794b683&hm=f90fc92f2ccd8d370ace5af15491187dfbc1e08412b2e99609d0dc2ab4fcbf4f&

Analysis

max time kernel
456s
max time network
456s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
25-01-2025 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1331620455039373445/1332651596001054740/mars_panel_v8.zip?ex=67960803&is=6794b683&hm=f90fc92f2ccd8d370ace5af15491187dfbc1e08412b2e99609d0dc2ab4fcbf4f&

Score

10^/10

redline discovery infostealer

Malware Config

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 5 IoCs

resource	yara_rule
behavioral1/memory/1464-213-0x0000000000D60000-0x0000000000DB6000-memory.dmp	family_redline
behavioral1/memory/2404-224-0x0000000001020000-0x0000000001076000-memory.dmp	family_redline
behavioral1/memory/1764-280-0x0000000000880000-0x00000000008D6000-memory.dmp	family_redline
behavioral1/memory/2572-311-0x0000000000860000-0x00000000008B6000-memory.dmp	family_redline
behavioral1/memory/468-498-0x0000000000C70000-0x0000000000CC6000-memory.dmp	family_redline

Redline family
redline

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133822859595314098"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4172	chrome.exe
4172	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe
480	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe
Token: SeShutdownPrivilege	4172	chrome.exe
Token: SeCreatePagefilePrivilege	4172	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe
3076	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4172 wrote to memory of 4684	4172	chrome.exe	81
PID 4172 wrote to memory of 4684	4172	chrome.exe	81
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 2392	4172	chrome.exe	82
PID 4172 wrote to memory of 4476	4172	chrome.exe	83
PID 4172 wrote to memory of 4476	4172	chrome.exe	83
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84
PID 4172 wrote to memory of 4760	4172	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1331620455039373445/1332651596001054740/mars_panel_v8.zip?ex=67960803&is=6794b683&hm=f90fc92f2ccd8d370ace5af15491187dfbc1e08412b2e99609d0dc2ab4fcbf4f&
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffadae7cc40,0x7ffadae7cc4c,0x7ffadae7cc58
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,1223532254582768512,18203543223921096089,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1312,i,1223532254582768512,18203543223921096089,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,1223532254582768512,18203543223921096089,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,1223532254582768512,18203543223921096089,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,1223532254582768512,18203543223921096089,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4472,i,1223532254582768512,18203543223921096089,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5052,i,1223532254582768512,18203543223921096089,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4436,i,1223532254582768512,18203543223921096089,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3876,i,1223532254582768512,18203543223921096089,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4644,i,1223532254582768512,18203543223921096089,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1224

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3636

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2936

C:\Users\Admin\Downloads\mars_panel_v8\here\builder.exe
"C:\Users\Admin\Downloads\mars_panel_v8\here\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1464

C:\Users\Admin\Downloads\mars_panel_v8\here\builder.exe
"C:\Users\Admin\Downloads\mars_panel_v8\here\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2404

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3076

C:\Users\Admin\Downloads\mars_panel_v8\here\builder.exe
"C:\Users\Admin\Downloads\mars_panel_v8\here\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1764

C:\Users\Admin\Downloads\mars_panel_v8\here\builder.exe
"C:\Users\Admin\Downloads\mars_panel_v8\here\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2572

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:480

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
PID:1148

C:\Users\Admin\Downloads\mars_panel_v8\here\builder.exe
"C:\Users\Admin\Downloads\mars_panel_v8\here\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
31a5ae3df9e8118be269f61a7e5f1f32

SHA1
64852bdcf2469150849c495e4d213f0d0d61d5b1

SHA256
30892349fdcbe17c1ab55381249b06f3f2f46e5bdb79826cae0eb9c2fce5a47a

SHA512
35627977df5a3e1ca2de3fc87504d8f71d991bb109e2d6891ab98783dc7d823e125b1859567e72fb6aa0128f556df434183c7ffbf2ec25a2d76bbd7688c4e27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e6b0cd6749c36b0165446d006fc6ab93

SHA1
7145ff03204cdf097ba06aea0b3f12325dbe3a16

SHA256
9269f2565a55ee10fbd018ac15a55832093ab553d4bb20d89ad6838280a7a222

SHA512
91a5a40c185571c43f47bf43b22f53cd2991077d65e485388729076b8bea7cb04a9e03e27b08aafb860c1f36277b209710ad942212b9b02f9bee1cf3470b9342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f705b69333f3a57df9d19748456bd46f

SHA1
4d810664fb6b913380c01b06d7f6f46e7e412f42

SHA256
a96d9d3c1e656cd391c96571001d088ef0fe2ae6760e30e080785d7319dd92a5

SHA512
79e0d3edb223eed16700584d12c4f9d092f2b5d2b88ccc7f5b799a13cff5a4d40ee3e4788b95b7020a7d6040422c89df7be3a22dc59e33f4d66b3655d80acdf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
27d5fca0426488f7ff26351211c1fb63

SHA1
1086700c3c43571c54b89f150f163ba728a06fa0

SHA256
19cdf7a83d6409301f5ea097ce50e5630cbf0e165a867b9e02d69b95ba38210e

SHA512
3e99a76217788d3be0a77c9df58b2ebcf440cc68ea3eb2ecdd8db3b72f188032b8bbeab56fa197573f81367224957e85b43ac45d65c5e91f5fe3cdb40ef5f556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ff7a7b11cfb70ca67bfd795aeaaab872

SHA1
647ad8417a2b59fc5526a3043efed92e486ca77e

SHA256
cbd348e7d6ae343e0a1d0641a25b470819a847fdfca8d42caf1d7ae4e7074ebe

SHA512
fa59ca4348eb371e32db64a92844bafcd73ce635715528c34df232ed39576001525943214d18bd46a0fcc4668f6a2b4f419aefd0e9c7c1a8007c3cc925097b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7ec33b60ddd0a6dca25175a3a4a8d7d0

SHA1
b39eb33b3b829ed672e2c198d1cab2387d0c116f

SHA256
450894864255df9a384b15934590f593302b877c6d55a463ce67590992cb4c86

SHA512
9609d7893557ce6e69edbd7a9c0b084d63d88a4818e48e5325ae4862b895382db2052306d78bbae7938e922b97d0e6283b8cf8c4f5b144ffe07443e4502c02ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
07f04b8565d7fc6498c725081e87612d

SHA1
3a73bb7c0bf4d08335de52aeb6136ff85c263d63

SHA256
9a49b289c0b828d9a0e6b930363b8a82b96f08e652f9695b1e98b183725e91d2

SHA512
1ed7183db83daeed0bf457f123aee7bb914b72948445d57cead5dcca644c3239219d65360f0e4baf3881000194ff5fdb9c34f658235b753ea4d07605d1c91f41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
65412b25f690e5a480b6391761fccbdf

SHA1
573529ca413c348b2f64dbf48f8414d0b9f37c8f

SHA256
2957058f491f769c92eb76bc2aff04559f797ba9d96d608c756ab3a218d0458a

SHA512
12354a5f4bb9c682ccd7595ae46328198c2c709af93367304b11fb9b1124f1ef92060d573ab9cd140debf68075f1b9f61681bdfe15b244b8335e1c893fed99fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c11a83320f4c6f86def6154f70a715ef

SHA1
c139b6774535925460d31e67f28dab849b072b7f

SHA256
030ab2956935f73a50ac07aa9a1db3bcdbe2d5b8d98411a9dce2b5a34989bd28

SHA512
010d3a6b686c6207cc0c0a2ec4469bbe1ed6a9a9553753c5c4d1a9140f272ec3a3642e5f3154b8900e64f6e7b53b5d40f1b8dbb4396e8a23de00b8a819aa5507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ce50da87069aa3b9ac5825364abcf97b

SHA1
09807322f763e51b30ed5cf3645b55ae90925fba

SHA256
40d56907bca12809f1553b886e88f754510528876133326be988efe8b8aae4c0

SHA512
f22add1a8b84dd4d76547bf4454748277ba13a3445e8e6c29a1b855929605556a4d9e36d44bcda047a4f6213b0170cad61ebed62a4cf27bcc03b1ce487432541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4a67a670420cfff71662a0503a3b7f8a

SHA1
f09f75cfccef156326dc097de47f80af0dcede37

SHA256
4b93f0095592be4556977db08934edc36314e429bcf6b38ffb425720ef1028c5

SHA512
6a0ba9fa2aa138eae0d1797f9125eabff9449ea3c692a0142571c33ae631d83712d9b7d60a16d31d28f3e4b14ceac30641f8848e15d6a0d6d96aee0fa8a91018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93797d80cc4af784d089a26a94f4134e

SHA1
e902eb32ef94161b309b58e7d858857838b7a092

SHA256
9dc2642e1a909f168e2db2452b3a8217850dd2c323624196ffbddd3e776078a3

SHA512
69be77f13b8ec5d81d37824d8e110219faf539474d22f4fa6041a64e5c6fac77739baa22613cda36659b300d89a9c31bf0a498584f8b5051cdc787f1bdde1e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
330cb9c8026df229891682e9c7f5c2f7

SHA1
d08b841efa4ed2baeaa412b2e306926e9f703e0f

SHA256
880df9e278d8f54def19337d13611a3a53ecd3261881cac160f4eb3eca6817c7

SHA512
d09d034328b61122a2838cab1bfc157b54db43741bda5e40a7be0a893fa38bd8982846a0441fceda0c1749ea5b1d3ae32dbdbaa85ea9b306142513709e2c293a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d74c51de00b9d600468725c315a51e0

SHA1
8c72bf091dc5f64c7af398f792c15d56563e6b60

SHA256
e21b69d8c68516a873847e3cd3617d7ca778e7e655157e84349f7c0d084d3f3b

SHA512
d6dd2a103405b33e807374b4094721b41dd36af2615f039f27e24f28f9bd5a6486698cfbd172a835913f8cd20cf4f2090aa0113fb0a19c7d3e371c46cd7349cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74f48c78d0cbc8df7c4cb3d67868de77

SHA1
486cf9adee508e027e02f181adb2ec69c9778397

SHA256
20c2efcb8ec6ce78f004889a35f90ad15434267005d541f742f4921f05f53910

SHA512
a4b1214f897748417bd2595db70dd44c906f9c3945d44437a32474524c35b4ecb7a7ff2262a6d3324da0b282ba54165bd39df7d77eacf26a5f3d2896cb804800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcc130efe18f69cb636cc54f0f94d8a2

SHA1
ffa7f26bfa2d4dec1d3543517bf22a6cd047860c

SHA256
f213701a9776a91f7d1dc84f4b097d2c5eb27506a590d3095801245576ada32c

SHA512
b93492af0cfec635655a0d0edb0768aee0b8aa231191a9d397de2852aef503f0fa4446c76fb829146f12b8650b68f7f790b382e57f31a11359cf64f1aa8b7e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91c09e76e161dc62a1b4e3b861089e5d

SHA1
759f7e7b47f47bddd165cf8a8271f90fddef74ec

SHA256
f4ceec3ccf65f59e98896d4e54eeb282e819970887579c8000fe85fd6dd11dd5

SHA512
91236c1a1e965c25e9ac30e5faba2fbb3b8335131b8683a1d63098c0074b3c58d3dd4ed1007e351084a40a37c66418d90c97d7cab19316b633505fa3053afbe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a69f60131908c900b841f3ba60909917

SHA1
8795ac203227e198011e3e92f069bf15c4768d37

SHA256
591df166453ae0fa04763a20ab726c2d9af6ecdd984e9428e43eb7462ac283b4

SHA512
396cd0fe5e9b061b76222c54cf17bc7663537cf6e5f194b513392e3eee6c64dcc189758721df1da51dfaef7c6a73505a0adb42a32f69effc95aec390cfae3bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9264c015471eebce31d8714c843adb52

SHA1
11f2d756c80a2faab54cae01742ee85541f7dcb1

SHA256
ef77ed26ceab9b2a82359ad5f871d9c74cf0d35dd2d0773c1a22ef59352b32a8

SHA512
27a3cb890364d3e14b0f115de4bb69c628935823e535e5d7339564e793386f25947cff39c3012a793d833ae51990687514e44d85b25a8566b6e93fc8c5dd9d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97286e0530c407042bf0f6ffb559ddde

SHA1
d90ca74b757fb1ae8305260b587a2eb077fd21a5

SHA256
e8848860401f81d989eee7609806bb0ddc55a86c4a0c802710695772524b8221

SHA512
47fbd1ee9cf3a44902fdd464f607d12e3478bb8bf4e65e1a951c5a09210ac343ec4ffc2fb38343017c25a28681c4ba0c84b373e207d1f276835ba9b9901b19e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4d96a1d5780a9fa108f3c2e88d4a932c

SHA1
bf916dab436c93a87c735470a7a362936d41fcee

SHA256
a8bd6ec76ac39422e938a7fec468dca55f83ba35d29fabb0a74e6bd758d51ff8

SHA512
cdbf86f8b309ac62f70932ae9fbed4f411f2973c423444bf1b44c156484c179a54700f6994807a2837f2a9129a1dfa5779746aba2ff8466377e6a59eab67626d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5aef15a4518dfd7090833860e8751825

SHA1
482ad4883313d914ee5b9749f9cb7cd32ae96434

SHA256
c1d71b7a6ac9656d6a852523a7ff7c78a34a4657bec5e782f8ef8b713947e917

SHA512
5fc9ec19151e734f03b01af9718c4933347713a85e5cc5ede5aef4a7ea5636daadecc38b5f450bfccca6e1e3e87b18d44e3aca9c671821052532c08ba07b1078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c4447cf4c0704762b49620ffe15c229

SHA1
79e76e3f4f25a9836ba0915fb9a9824d43fbcc19

SHA256
e8e7d069e6cce7763d21e8555bfe2776494c807fed9b5a7be11b57670f321151

SHA512
6ac306ca19a6b62e0446809e5e89c32ff394bad03d76dc454a3079085e2508611cf08f24301a6bbc27dd7238405fab84ff53aea2703bf3256dc3e5a71e47bd9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b33e8bc2ba0b23d440f36f8a3901b6f1

SHA1
46a93b72f34228d8c3e7730e4a0d6c9a8132a9c9

SHA256
fd6175efb6054d2184ca3a236d7dadf0e4ba735dae5e0e64006e97321f327945

SHA512
8e61fa5271f3111062a1e2c23fe5d764b7feb7c3bb40240dfa53e0ea29838522d7740028e46334aa313abfcb1cd8279cfc56584c0cc3d6183e86c00c21c47c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c07ef6150f5f9c284895d2c79145d298

SHA1
d98641ca54756a23329a230d49042c80c1a70c92

SHA256
4062d7b6512bd047571900ff947ca6b9b4a28f0ed2ea865ee0798b84eacbfeae

SHA512
ed6c345bb1997d20baf3cf06e94b2caaacd735d237d0b41f5d5826094fc928321339d7f6af743448c271f618987f28dfeeeab534793048b7551a697b96825dd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
98ac2e3af541d5184b68ac520d849583

SHA1
ec9aac2125ebaa501df06b829f13b1ebc9ab50e7

SHA256
9d57b637f9b68cd2c0d76ae14f1c310b7c3872013ed133ab2fcde05ec24fbdc3

SHA512
22af445d6b7ce790af86ca86b9057242a02ca5e0b1bd2b246e45385cbb87fa80d85500a85235f12ef9b6d1c5ec27da0d62aa9cbd3bfccf1c5c596509b70f6475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
147ce91a320d3d8b35af81e34438c912

SHA1
f8f02f6322dee36fb349b786ae7c148203d80351

SHA256
bed37eb1d7107ca92db7641db1c7781a885c50dba974abdb6b928183354c5e49

SHA512
7931c95d9a20234d4d75461661b6e276fa6ffb7aab8398f459fca1fb2973c428d33387f286ca07a143dff19497e6efbe6606270091837fe23261c7cbbd9bf66b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d4504b9044ca9c4b997e0a118bd2f9c

SHA1
0b34165867713921bdc6e76440aaad9684b289af

SHA256
e1d4e913abf295ddeaa2f294fa2a520d26fa02dfa19f1c88a5023a008bd9b1b9

SHA512
144679d7874db03471daaa6a4349eb67932dc2f0c87f95539727ab68ff732ca4d67c1b8d3ade74cc4d8d8c1eb6274a8c6d85ba618dba23bdd7e75ef9c11534dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0bae0da7e86b434c7cdace387b2db775

SHA1
68815308857ca917732076328c55b5f6d592ef38

SHA256
567c5e1405b34bbdeace4643b5b39dc30ab5a57bdab40d778ea46ff5477a26bf

SHA512
bb395198d59678ad8942cf0c564546b3e63f2f238a2ad4d136e2eb3a9ecc0f25b8813a387d40cd7528401a8b4a6324c7f74919a2fd4b51580075533166384d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43335e747c12ebcd73feb3d4f3ca47c4

SHA1
2fe3c0260b7fc1e6faf3b377f3c66544f9b11678

SHA256
5d6f5ce8ac561dcfb0cc6fd00727d4899c57584dc38b99f40ec70d700e673932

SHA512
0b8fb2f206967cb9ccbbeed91e7f816187b7431dc1574a4ad7c6f07e2181163e7ab0b80eef31a21883ad3cf318b008a29a6fa13b104870b29be88277a1933648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc4e853048bce448a9fc28088c09eaa0

SHA1
b53b9ffd20627a398c45b8bbe7b10694fb04f6b0

SHA256
5a11179e6c9a42cbcb60290e51449ad61b63ad689a17482df5ba4c5e4c1270b7

SHA512
28e65ee3097bc8e40db30f6c31ec49d23401083e8a78bd7127f4c94cef057cfce372775b668235fc6260f3e4b8e29963d7f8187dc40f14708a2bc590fd64b334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
14a467ab0a670ff41fcaeaa2ad942b6e

SHA1
5b01fa74a04cb6a40669f322410a98178da3f6a1

SHA256
5b2298bd04f5ecb6407961fe291da2e1c28f69152596185b35301d4767513cdd

SHA512
9f38f66adad7dce003a6b9a0633433a06ea606a3d6520854b53a830f0aa2720d0deb8fc514b6e64d14c362e1477a6c8e3f5867a7e4e3e46cba9aa65a90606a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
8d55d9448dec881d708a1e7db04b5457

SHA1
b6ed436d15f61d0caadb8bb9cad7fafff10a30d0

SHA256
b01c1a080dc280430df7760e20821f07451dc1be4cbad290cf52e825348735eb

SHA512
7f226ceb350e1dc32e74a0eda8735276467bfe01828d51326b329f9598052b502889520256bb112b001dae306f57435ed9e2922f28f14e98e658eea31ec1cd3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
9dc5e0622599debb3f63a0438f0ea247

SHA1
0dd172e8d22048d3e3100ddb6ea5ecc37636bd35

SHA256
6408e0abf34487dd09625599928a3a8eeaab151d71ee97421ae880fbe93e93a0

SHA512
43893e0c88db17b8a1291cbe80230e182bfd7b4af4526726d633bcbc70b17eeee079bbcd5ddd265ef1c8aacf0a834160b370048c577cc61f29cd715f311fb9e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
bc4e1333a0624154fd9c3b1a20736e26

SHA1
4371d547a951bd6b7fa506e6868517ba02171eb9

SHA256
c2202be874f3cce4e4e3afca9fa3518a42b716deff0d682acaa2665569284313

SHA512
ca938a6fc3ea452b871165b1a1e4be709c3857d60324405325a0239b215c8271d6da1c56eb15e678c0a4c78a459cc7412030422b1655f40b03634ac43e8e8054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a1933305f8586cea5f3e5db50aa7e06d

SHA1
e619b48afc242c77600e08af3b1800c97d3d3859

SHA256
b862bdd16c1308493a8c20361a635a1f5f7ed29486e8558b5028ad0a71e1229f

SHA512
731234446332d4e8059f012f9cc82eab43422b07de2d305fe3fceb433bd303db138bba6296add8e4028b79d29a8e32fa1cc34f5b1022e0137492ab092ad0e99a

Download Submit
C:\Users\Admin\Downloads\mars_panel_v8.zip.crdownload

Filesize
4.2MB

MD5
0386000e2ec0bf3c10b55643e9a9a5db

SHA1
309e3580996ced74d2411561fe75678b8936e0d1

SHA256
eefa3794113cda64d3700adae2e6b65db163e177d3b75a4426048e50f10e216e

SHA512
c2f1d8efb5f9451a0b2383a2629c99afd4616627cb2da620e504562c500ad84ef6ff25583e11876685dd4ad9cc04e100c987e62c6558eb13a4db1c33f9e3b93c

Download Submit
memory/468-498-0x0000000000C70000-0x0000000000CC6000-memory.dmp

Filesize
344KB

Download
memory/480-333-0x000002C41D010000-0x000002C41D011000-memory.dmp

Filesize
4KB

Download
memory/480-331-0x000002C41D010000-0x000002C41D011000-memory.dmp

Filesize
4KB

Download
memory/480-336-0x000002C41D010000-0x000002C41D011000-memory.dmp

Filesize
4KB

Download
memory/480-324-0x000002C41D010000-0x000002C41D011000-memory.dmp

Filesize
4KB

Download
memory/480-325-0x000002C41D010000-0x000002C41D011000-memory.dmp

Filesize
4KB

Download
memory/480-335-0x000002C41D010000-0x000002C41D011000-memory.dmp

Filesize
4KB

Download
memory/480-326-0x000002C41D010000-0x000002C41D011000-memory.dmp

Filesize
4KB

Download
memory/480-334-0x000002C41D010000-0x000002C41D011000-memory.dmp

Filesize
4KB

Download
memory/480-332-0x000002C41D010000-0x000002C41D011000-memory.dmp

Filesize
4KB

Download
memory/1148-494-0x000001D07B160000-0x000001D07B161000-memory.dmp

Filesize
4KB

Download
memory/1148-488-0x000001D07B160000-0x000001D07B161000-memory.dmp

Filesize
4KB

Download
memory/1148-487-0x000001D07B160000-0x000001D07B161000-memory.dmp

Filesize
4KB

Download
memory/1148-486-0x000001D07B160000-0x000001D07B161000-memory.dmp

Filesize
4KB

Download
memory/1148-496-0x000001D07B160000-0x000001D07B161000-memory.dmp

Filesize
4KB

Download
memory/1148-495-0x000001D07B160000-0x000001D07B161000-memory.dmp

Filesize
4KB

Download
memory/1148-493-0x000001D07B160000-0x000001D07B161000-memory.dmp

Filesize
4KB

Download
memory/1148-492-0x000001D07B160000-0x000001D07B161000-memory.dmp

Filesize
4KB

Download
memory/1148-491-0x000001D07B160000-0x000001D07B161000-memory.dmp

Filesize
4KB

Download
memory/1464-217-0x0000000074C9E000-0x0000000074C9F000-memory.dmp

Filesize
4KB

Download
memory/1464-218-0x0000000074C90000-0x0000000075441000-memory.dmp

Filesize
7.7MB

Download
memory/1464-228-0x0000000074C9E000-0x0000000074C9F000-memory.dmp

Filesize
4KB

Download
memory/1464-213-0x0000000000D60000-0x0000000000DB6000-memory.dmp

Filesize
344KB

Download
memory/1464-340-0x0000000074C90000-0x0000000075441000-memory.dmp

Filesize
7.7MB

Download
memory/1464-229-0x0000000074C90000-0x0000000075441000-memory.dmp

Filesize
7.7MB

Download
memory/1464-223-0x0000000005350000-0x000000000539C000-memory.dmp

Filesize
304KB

Download
memory/1464-222-0x00000000052F0000-0x000000000532C000-memory.dmp

Filesize
240KB

Download
memory/1464-221-0x00000000053C0000-0x00000000054CA000-memory.dmp

Filesize
1.0MB

Download
memory/1464-220-0x0000000005280000-0x0000000005292000-memory.dmp

Filesize
72KB

Download
memory/1464-219-0x00000000058D0000-0x0000000005EE8000-memory.dmp

Filesize
6.1MB

Download
memory/1764-280-0x0000000000880000-0x00000000008D6000-memory.dmp

Filesize
344KB

Download
memory/2404-224-0x0000000001020000-0x0000000001076000-memory.dmp

Filesize
344KB

Download
memory/2572-311-0x0000000000860000-0x00000000008B6000-memory.dmp

Filesize
344KB

Download
memory/3076-245-0x0000021DEF2F0000-0x0000021DEF2F1000-memory.dmp

Filesize
4KB

Download
memory/3076-239-0x0000021DEF2F0000-0x0000021DEF2F1000-memory.dmp

Filesize
4KB

Download
memory/3076-251-0x0000021DEF2F0000-0x0000021DEF2F1000-memory.dmp

Filesize
4KB

Download
memory/3076-250-0x0000021DEF2F0000-0x0000021DEF2F1000-memory.dmp

Filesize
4KB

Download
memory/3076-249-0x0000021DEF2F0000-0x0000021DEF2F1000-memory.dmp

Filesize
4KB

Download
memory/3076-240-0x0000021DEF2F0000-0x0000021DEF2F1000-memory.dmp

Filesize
4KB

Download
memory/3076-248-0x0000021DEF2F0000-0x0000021DEF2F1000-memory.dmp

Filesize
4KB

Download
memory/3076-246-0x0000021DEF2F0000-0x0000021DEF2F1000-memory.dmp

Filesize
4KB

Download
memory/3076-247-0x0000021DEF2F0000-0x0000021DEF2F1000-memory.dmp

Filesize
4KB

Download
memory/3076-241-0x0000021DEF2F0000-0x0000021DEF2F1000-memory.dmp

Filesize
4KB

Download