discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0/releases/tag/2[.]0

Analysis

max time kernel
304s
max time network
298s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14-08-2024 15:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0/releases/tag/2.0

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI3MzMwNjkyNTg5ODkyNDEwNA.GEJfOj.aQ80EeI7dBjjTrHE6IPaOxJ9nL54MutwJ1KTSE
server_id
1273306473224732733

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 3 IoCs

pid	Process
5012	Solara.exe
4776	Solara.exe
4268	Solara.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
168	discord.com
157	discord.com
158	discord.com
164	discord.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681242224578565"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
596	chrome.exe
596	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe
3176	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe
Token: SeShutdownPrivilege	596	chrome.exe
Token: SeCreatePagefilePrivilege	596	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
1068	builder.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe
596	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 596 wrote to memory of 2216	596	chrome.exe	85
PID 596 wrote to memory of 2216	596	chrome.exe	85
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 1172	596	chrome.exe	86
PID 596 wrote to memory of 2952	596	chrome.exe	87
PID 596 wrote to memory of 2952	596	chrome.exe	87
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88
PID 596 wrote to memory of 2136	596	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/tag/2.0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa08dacc40,0x7ffa08dacc4c,0x7ffa08dacc58
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2264 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5028,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=728,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5392,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3852,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4872,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=956 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4868,i,17405561819515505766,9828323556095449079,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3176

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1168

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1644

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3596

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:1068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:2008

C:\Users\Admin\Downloads\release\Solara.exe
"C:\Users\Admin\Downloads\release\Solara.exe"
1⤵
- Executes dropped EXE
PID:5012

C:\Users\Admin\Downloads\release\Solara.exe
"C:\Users\Admin\Downloads\release\Solara.exe"
1⤵
- Executes dropped EXE
PID:4776

C:\Users\Admin\Downloads\release\Solara.exe
"C:\Users\Admin\Downloads\release\Solara.exe"
1⤵
- Executes dropped EXE
PID:4268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6babcf32b0553c07cf8dee88e2fc5edd

SHA1
ba21cc77147092dc0edcc1405f19cfd5c5035d8c

SHA256
268db31ff564a08b72e6f4a5d9d6820345d64cf5e841e7bdb77a445bfb70d47a

SHA512
27a05082eb06d085eb8b5e1aed6fd4cc0129ed56b1589362554fe415b4fc87a34b21da0db4c612d811c8d54188abd2f76c66bee16eafb2e08af8541a17f76663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
41cd040aee7eed3fcda2da976b56c8a6

SHA1
498aac2a63b18079771f5a994c6c6bdd4da70ed7

SHA256
b87457a24def12ce0cad7636646694fa3853f7438e063ffb51022ed455aae8e2

SHA512
422c3d0ea395863604d1726c0b3effeabcdf79fff61bd3685671eef41978dd93061716edd56e476b33389fb035a68dc97c0ac22608fbea7299c0c9248fa804f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c5066bb61a8ad354b3c73924e8036849

SHA1
1f1f49fc5fb472f67e6a9f6eb544ebe1332d7a55

SHA256
41dbe199ec95a60937c727674949e065f1ca322ae71abeb645a52970a4421cc3

SHA512
e69d5d319eb3ca64d839b4e40290c0e81ca16ab3ec81667e8350d1227fddb9bddf913272873d07fdd34d67b98db17dcde880137328eedcc0fc8eb70d5454f2c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ce30b160f92a51f3213175e123038750

SHA1
b145858a991031357228228afcfe1d7b5e4d6d28

SHA256
5aa77fa27f16d7b4b18158cd6845fe76f87c129ed63b2576a2950a5ee574ed97

SHA512
8976c5f79a96804c3f6ac9d784c063e9047b19b9ba1bb48f77572832edb2aa438fd33439e5ad5ccb8212d42748196f689f00f8f77a07c40ca8f86909f25784a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
88051727d41d0ec5bf8a2f7931ded0e9

SHA1
cde09d5a9d8f8611cb95421309fe95b2fa85105c

SHA256
c173c126e50fa06ce6b03de897f3cae3e661582c8b6fb15f5a05c7cdb16a5788

SHA512
f14a5fa73ced653d3e8ebc4c6ee3ec9aa51398dbc4a0d000800e7128bf4ad4c9128bad7a7fbe2a3945861b33fcdd85e3ab36dd6b03cb7d108f8bb7468bbc5e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
74a9acba9d614ec554c8cd80228c0dad

SHA1
53dc450d7b574e3e02da40cce958fd2b990520aa

SHA256
239976e4b22540f5e34f7f0ed99bc43990b11c6d4a71842c2fdd39de03518e81

SHA512
e56ffbfa5dd3bdcedbed692dd0abc6acbd1ba879783c3beda40c3650c7f159deff5d365568053995f415c359266d5731e186822ab90c7f4952d803a6fa1b53ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e89b2a8878c5b9e1cafe8db00bdbaeb6

SHA1
65636f282a9d002b246e0e7765b62aef3085b61d

SHA256
5800fafb7d5b5aa1f9ce304fae26504bdf7a64393b1798f1e606628bf6746b79

SHA512
81433250a465491099c297b3fe7ff8dff337acbef080359f6562b9b973a490ce5d4d2a242153adc2bd22377da0a08492badf200e1dd8352e9f6a735d7801c7a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5202a855a26fe4a9d8e7a0eb3845648e

SHA1
5aadfc30c118d204f70d4ec3603f25e7428dcca8

SHA256
966d366b98eb34af9ffc759bfd2a934a48c88e51ffd4bd696e15ada0292b66f6

SHA512
8b874d7937305d4b556450ba967f0d0bf4580ef590e7d121bf69c082d3057a7559cd64a9176b231bb96c152cb4e0762f88153eb4a426df0541b529a35545b25f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1e9e4caac82890ccbf9fcac5c684af71

SHA1
0aa2af0a3683ba5f7b8c5b09d0e0849ff4f75c5d

SHA256
25c9fda3c303746fd82f3aa68c027663edfb829e33226993812627baeb10390f

SHA512
22a679f1bd3e8fc3be2e9aac35c9f50b6d32b523de06385fae7dedd3298eef3c7315d7c44c4a568eea6aa4c2569a30f2d2e5d9ed11cecd01d60aee1ce7e57143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e310461a81bb9d78d546f625f78c7aeb

SHA1
665034403c41269952d360a52a98909b54376c37

SHA256
1a2c1fc72f8fa173218b2284cbafa54359b76f9ad242ec2dac6e3e344c5f2907

SHA512
cd807875bcd442d78b7cfd098b9694a4c7dc52d68fe059f71891f4dca2ddbce8fffc213dc8abbdd7e5f511c51b51e89c5e83ff1d5bdc1a1ed7cca31a976932f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7d55017a905d17f0a15c089e9964c6c0

SHA1
c8e5f3c86e6bdfc8a93a006bc32cf2cefa1e504b

SHA256
bb990ee508d4258262ccca3f7399424ed18cef8fc7e2238b3a4cfa137a611c18

SHA512
70ea6a847076ec6aa74de67be5be687eeb744d93d1c533e3069831ae66fad8e53bdd86a98ea23090680285a47f7f71ba2c8fc3a498ab62e69c86d052992535ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e046cda980e5e1da8a14dae9277d2745

SHA1
1867002601abeb383d6974f77c3df0d940cd3a0d

SHA256
0cb0e45caf3c18fc91639f0289a2a2ab87875aec3fbbb1a5e6367422ec861db9

SHA512
9c966f3bdf1c7137cc0d8034d83a751e1adb259ff61043fe35bf20be9caf7b94397a8ce0285d07fed46dc7a92e3f0e69b2b301ce98c2c3e601107bac970838ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5891704cacb81b7da3ea6b0ecb87de6b

SHA1
042083f1b82e7c6ffe42760f131e35c5f7f6413d

SHA256
798b82350896cb32c6b23d730d7ef1d58fa6c1a335df642242262fc2039ee667

SHA512
6a379deb475227c1e2409c8f29e061e15d2b8a2ca56d02848a252353f15f04a9d0f989ccc780481230aba7d0a9aadeee10090f79f03f9987a71fa6eb8ceed742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9167218734f8d81480a126aa0db6e28

SHA1
09b63aeb2dd1acdb749d994c307bf283851ebece

SHA256
3f1cfccb9f518aa406e934c06f24f4fa28d4c83797361a2b2fd88b494f0e2d74

SHA512
311bded61258716c4fc7029f94de9491095a8a35b0374b5db5ec05b92531450c923a08208d193a0250e42b3f3a8b7ceb936a4e03a700b110cf8a375e45be8e76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ba845ed0023052fc13b6eb6be193692

SHA1
f6d18cdaf4474632c2ca2359891dea2aa56b14b2

SHA256
8207e17f9ea953bfe0951b7132ea2123bbcd1b90b266d76f511797c871f64cd8

SHA512
8ee316a7759b43e7f76f160237746b6c28605a451c4fc46ed21feecea3a5139b4dd8ddfcdf28ff948abe2d4ae2b421e0431df37d6587d51806b93fc9d5b3a1da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
20c86ecafac7d815faa823342127ceeb

SHA1
af72468fc915f78a91c724096fd38588a5057ad3

SHA256
27b8bd598539b2f4dce2907180afd1eb1fbb47d72f9a0cca934fe24adb78b2d9

SHA512
fb70d07a415171f962768cc0bf22f4c119c28d06c510923ea47475d681d3e555f80612ebe19d1ee1ebf58ee0193b3a36d7191ae59c7347e1faff3ab2b8ce8f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb795b4c513f68a97a50146b63a2df2f

SHA1
01c762ec448203d79e74466b6097dbff99a9c96d

SHA256
b8538f6f71a6380ddf84933bbf8f28f276076382f16d7cecc0f4b4b3c91296ab

SHA512
d75034be9fa741dd0ea39c0007f03b0d93445fe4d135943bb2ffb203233c20e8b2b0c6e1ea385104dfbb46519dedaaa769c27e69c4c57648f9981ed2611a182e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5acbe57707657450b007598dba37821a

SHA1
e143a7853283cce834bbf08b1382e431cd804765

SHA256
10f03d6b57990108a52ed2428958f98687601a646db04c0084392e74014dc5ca

SHA512
4ea25ced500e4330eb71871f05829db76ea829e8c4d8947acf6e5ec9bfc779a1646e75596df88385173815306f7378066f3e29728bdd867f83ef87a5a7d63706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2b7dcd11210e79ca036829be2c86ba94

SHA1
d328a470b6c102ba157b4b82afa761e18fea9368

SHA256
57fea3eba4458249060a3ce1df00283f505d01ce6f9070b865f5e3b2fcb52776

SHA512
443ba7d23ac5264bdbd020c95c8459290722471abbab8bfdfce0b0c400e1bef465e0da3c00f4a35d0663bc41b0c1435736c0854637fc3a1b1c8260a8825bccd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f09651cc046a0ecf94d7b7e219a78631

SHA1
fa730050850fd04505c9017adb8849b707b62d9d

SHA256
d266409996d740db6533186d1a490ec276ae2e7b95388f88d87295fa724a21dd

SHA512
8be41e158644d8820efdb54bbfcc5b14dcfe17c0400df5c1c7f92a0139cee0cddfe63f25e2f49d37c275efce3728f50d31f9b8e57737e189562ff79aff92f71f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
047c189216760159d8bd753b8e2062b2

SHA1
89f8a97f1d761c0fcbf353bceceb32fcaf72712b

SHA256
403a75311a099bac54a7ad7b5d0846fd219fbff0c50826be51b7def6e9dd0a1a

SHA512
1f46b01465b0ee73de0a9fb9169161288483c4dfb29dbe800ca22849051133a8d4b89c60a3abed2a34a16f654bdab73012356b04cfd0208da38bee01aa8d99c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
49fd3692b9b2cc5d4aa15773e389cb83

SHA1
a7ce8c5087e76213e9a506c145cf388573876ec0

SHA256
870f6385a940d4d521cff397bf0426e5f5fd591c3bed05f3b8ed233cba00c15a

SHA512
ad73d12eec1389f689f00975abd124d016ee9ee2ede1f30cc16be803eb3d0ac0aa8811b8f8bc711232d37a34bec96b5871afe86adf291b74898a076b1cb9f58d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e19944f46c8ad4d237c5197c6b1c8569

SHA1
73c4f516bd32b222005b523ea75b2ded2d6ca974

SHA256
eaac5227c5b12d1ec28c68122eb38cae2d3b9408db04ee9af9fc94f82d29b5e5

SHA512
8b8f5378250e48bf254469474b3cc6fc65ff68c2298c7f68ceeaf12ed5492f647124aef1c9fa030b47ab9a30e923eac2344d973ae8b4ecf79647e73edb857c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c41b2b83ea7095a8583957731dfc351b

SHA1
47c36c67c1ebb623512e8a545ee3233e66843cc4

SHA256
18c012ba12fdbceb568392e18d21400b311b18aa46c4e5979a3902f4437eff2d

SHA512
afad25aeaa74992e345903ec60e0e1adafd2f9ebc45d62d6545cc2b411fdf4a99a1d472f61c9f939ee4187e697f7135211f7c8e2b82a977393075a1717afd9e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc39fd0c1e26ac3248bedd834e4c0ed4

SHA1
95920c4ea14db2699edfdc7f283848d38048cffa

SHA256
91a37bfc20725f4012e832647bb9fed16e82537dd44b399a03349ed037438949

SHA512
6709200f4148570a086610314ea11bc99cc4973b818a55ebea88ae4ad06b510607bbca3cf9891689b47caa094cd92375d74fef647da38cbbd2a0ba8bceeeed86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
751ef3411bc8ec89c23bd542e0a2e60f

SHA1
2b615b284987294e97fc4522a8501db5341f4a0f

SHA256
9b1ea08841ea4d9fdfb6fd066f0b176c09554936611a79ad32009656b5cf7592

SHA512
b60d86c19bb3392e278cf8ed88421ce9f9645814bdb88941db2aac97c7fbb3f401cc876986f1f09a253f1eff01a0fe1ce0da6df8e088123d54504b860a61112a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
36fb97f57fbdce2ac81690f51abfc250

SHA1
3f1962d92143ceb075f29d396800678226b82577

SHA256
03f55ba8f2572943fb58022556135c611d2c2f4332aded044414349f7015b63c

SHA512
09dc14e0ca6d129c2f91e091f8baf0b217a07905eb3f64743e1609256f5f39d1c84766a3305177b8220bef56d01288c93ceff7cc8d6c125684d8c6fffee1ccb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
268d45afee5d5b49f97bfd6ccddd6254

SHA1
8dd61b93b273d10ca49a551e561e14081f6db3b7

SHA256
179fa9a466838bcbeeaec94ef68ffc19370906051c8019c84114cd45b73b66d1

SHA512
ac5cad13406ea2684e3f6f4ac59d906ea6be83baad1ad8073b87c4ff26cbd35131bc5a1714ae904766bff479d4ba366282d0cb0038d31830596d8ada08218291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
bfcfb2ad605c369dbf3b37f9f17c2f4b

SHA1
e0213a58da258787e86b7b24c63f396048c065d0

SHA256
1b8ac02066b7fa5976a350fc00cdfafaa0cb0eebd2f0c51cb4f53125776a2af9

SHA512
d7572b262c087936eb572232ec1dbe67aad1cf757f750fefeca5e6f6831c693aaa5420487d2c105ed242f78a27185cda58d039fa5bc8ba94cfb22ba2478ec801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
3465888bc4aabedf541189bfb47c2f20

SHA1
9e4dbe83bb97d2ad62427d520e1abc48bf2d89ba

SHA256
43360b0a8d7ee283648273940686afbd1e6a969e0989275b15f098212d732012

SHA512
4acf0f36aef200b4b23f84e1c7d58698b4a0586fce384ab4db3cf9af3516d22a9ac3e9ccf82f3677d8d231ea64310aac22320a4a8859f5dca4354e4283c01e57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
8b7fd027c3109f2fa1bc4fd429eb4949

SHA1
ca91e0395820d36fece6b5fdb4eedfc5ee695a78

SHA256
e966497b00c3a9e3f92bf870dd3f4cfcae6391bf0b38f5b32d9af10bef9042b9

SHA512
fc9d7da129485ea18de0a6397ebd578784a75283037a91aa53845c579f3c99686e1f87c1680d18288e3bbf2cfb8648db03b657cc2aa5793161801328622a3a6b

Download Submit
C:\Users\Admin\Downloads\release.zip.crdownload

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
C:\Users\Admin\Downloads\release\Solara.exe

Filesize
78KB

MD5
4e28dad270eacac651188fe0ac215a62

SHA1
c8e510cf652ccf8bb9b2002447122c6480e0b0fd

SHA256
6478245cadefd5fd9b207bd4524a693331a2c96a5c7ce92e29ff6d27f06919f1

SHA512
678b231c7c8570e2266e25ae89d3192c1aed44239a8cb2c4bddf6589530efe4bfaf720fc9e91f449a48e7d6bdc652fe5d9b8735a73b801a50cdf77591a7d096d

Download Submit
memory/1068-210-0x0000000074790000-0x0000000074F40000-memory.dmp

Filesize
7.7MB

Download
memory/1068-353-0x0000000008700000-0x0000000008822000-memory.dmp

Filesize
1.1MB

Download
memory/1068-171-0x000000007479E000-0x000000007479F000-memory.dmp

Filesize
4KB

Download
memory/1068-173-0x00000000058C0000-0x0000000005E64000-memory.dmp

Filesize
5.6MB

Download
memory/1068-191-0x000000007479E000-0x000000007479F000-memory.dmp

Filesize
4KB

Download
memory/1068-172-0x0000000000A50000-0x0000000000A58000-memory.dmp

Filesize
32KB

Download
memory/1068-176-0x0000000074790000-0x0000000074F40000-memory.dmp

Filesize
7.7MB

Download
memory/1068-175-0x0000000005330000-0x000000000533A000-memory.dmp

Filesize
40KB

Download
memory/1068-174-0x00000000053B0000-0x0000000005442000-memory.dmp

Filesize
584KB

Download
memory/5012-385-0x000001EA39CE0000-0x000001EA39CF8000-memory.dmp

Filesize
96KB

Download
memory/5012-386-0x000001EA54310000-0x000001EA544D2000-memory.dmp

Filesize
1.8MB

Download
memory/5012-387-0x000001EA54B10000-0x000001EA55038000-memory.dmp

Filesize
5.2MB

Download