Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
solara-executor.exe

Overview

General Information

Sample name:solara-executor.exe
Analysis ID:1577819
MD5:6107673fe6de87ac938d8d45ceee771b
SHA1:0ebf97d44da9ce419102f2407e4b92ccc75677dd
SHA256:1d820e33b6818f08161dbd3766b37e971b7531ee018dee1eb21822edb1eaa545
Tags:exeuser-aachum
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Contain functionality to detect virtual machines
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
PE file contains section with special chars
Tries to harvest and steal browser information (history, passwords, etc)
Abnormal high CPU Usage
Contains capabilities to detect virtual machines
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Detected potential crypto function
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • solara-executor.exe (PID: 788 cmdline: "C:\Users\user\Desktop\solara-executor.exe" MD5: 6107673FE6DE87AC938D8D45CEEE771B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    Process Memory Space: solara-executor.exe PID: 788JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.solara-executor.exe.23d0fc481d0.0.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-12-18T19:28:06.291894+010028032742Potentially Bad Traffic192.168.2.749699172.67.75.163443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: solara-executor.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: solara-executor.exeReversingLabs: Detection: 18%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: solara-executor.exeJoe Sandbox ML: detected
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_0000023D0FBC7740 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,CryptUnprotectData,0_2_0000023D0FBC7740
        Source: unknownHTTPS traffic detected: 172.67.75.163:443 -> 192.168.2.7:49699 version: TLS 1.2
        Source: solara-executor.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: solara-executor.exe, solara-executor.exe, 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp
        Source: Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb/''GCTL source: solara-executor.exe, 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_0000023D0FB2F46A Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileA,type_info::_name_internal_method,type_info::_name_internal_method,type_info::_name_internal_method,0_2_0000023D0FB2F46A
        Source: Joe Sandbox ViewIP Address: 172.67.75.163 172.67.75.163
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.7:49699 -> 172.67.75.163:443
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com
        Source: global trafficDNS traffic detected: DNS query: api.myip.com
        Source: solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: http://https://https/:://websocketpp.processorGeneric
        Source: solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
        Source: solara-executor.exe, solara-executor.exe, 00000000.00000003.1323546214.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1305911836.0000023D0FAB0000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1418031452.0000023D0FABC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1343267729.0000023D0FAB0000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1287929797.0000023D0FF61000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1379681332.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1334362044.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297087475.0000023D0FF61000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3717359481.0000023D0FABD000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1310052156.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300870498.0000023D0FF61000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1310110338.0000023D0FABC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1398956164.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1294991572.0000023D0FAA4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297666822.0000023D0FAA5000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1383401441.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1349448809.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1400491675.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300192041.0000023D0FF61000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.myip.com/
        Source: solara-executor.exe, 00000000.00000003.1323546214.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1305911836.0000023D0FAB0000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1418031452.0000023D0FABC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1343267729.0000023D0FAB0000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1379681332.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1334362044.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3717359481.0000023D0FABD000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1310052156.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1310110338.0000023D0FABC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1398956164.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1294991572.0000023D0FAA4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297666822.0000023D0FAA5000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1383401441.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1349448809.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1400491675.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1413085319.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300301777.0000023D0FAB5000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1389965174.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.myip.com/LL_Only:?
        Source: solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.myip.com/Russia
        Source: solara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.adm
        Source: solara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
        Source: solara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
        Source: solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1349509117.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1328622619.0000023D102B6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1316487085.0000023D102B6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102B6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D102BB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297178313.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3719962029.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1334497632.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1365067301.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: solara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mo
        Source: solara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
        Source: solara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
        Source: solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
        Source: solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: solara-executor.exe, solara-executor.exe, 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage
        Source: solara-executor.exe, 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold
        Source: solara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qq
        Source: solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
        Source: solara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c/
        Source: solara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
        Source: solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
        Source: solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
        Source: solara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarke
        Source: solara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
        Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
        Source: unknownHTTPS traffic detected: 172.67.75.163:443 -> 192.168.2.7:49699 version: TLS 1.2
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18A1C20 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,0_2_00007FF7C18A1C20
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DE200 DestroyWindow,SetClipboardData,GetClipboardData,EmptyClipboard,0_2_00007FF7C18DE200
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18A1D70 OpenClipboard,MultiByteToWideChar,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard,0_2_00007FF7C18A1D70
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DE200 DestroyWindow,SetClipboardData,GetClipboardData,EmptyClipboard,0_2_00007FF7C18DE200
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18D0330 GetClientRect,QueryPerformanceCounter,GetForegroundWindow,ClientToScreen,SetCursorPos,GetCursorPos,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_00007FF7C18D0330
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18D0D02 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_00007FF7C18D0D02

        System Summary

        barindex
        PE file contains section with special chars
        Source: solara-executor.exeStatic PE information: section name: "/hR
        Source: C:\Users\user\Desktop\solara-executor.exeProcess Stats: CPU usage > 49%
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18D3F90 PostQuitMessage,GetWindowRect,SetWindowPos,NtdllDefWindowProc_A,0_2_00007FF7C18D3F90
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DE278 NtdllDefWindowProc_A,0_2_00007FF7C18DE278
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18CF2F00_2_00007FF7C18CF2F0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18CEA600_2_00007FF7C18CEA60
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18CFCE00_2_00007FF7C18CFCE0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18D03300_2_00007FF7C18D0330
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18D47200_2_00007FF7C18D4720
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18CC3100_2_00007FF7C18CC310
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C1895A300_2_00007FF7C1895A30
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C189C2500_2_00007FF7C189C250
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C189F2500_2_00007FF7C189F250
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18AC2700_2_00007FF7C18AC270
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18CBA800_2_00007FF7C18CBA80
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C189E1C00_2_00007FF7C189E1C0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18BF9E00_2_00007FF7C18BF9E0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18B59E00_2_00007FF7C18B59E0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18AB1E00_2_00007FF7C18AB1E0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C189FA000_2_00007FF7C189FA00
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18C2A000_2_00007FF7C18C2A00
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C1886CB00_2_00007FF7C1886CB0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18A54F00_2_00007FF7C18A54F0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18B7CE00_2_00007FF7C18B7CE0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18ABD100_2_00007FF7C18ABD10
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18D0D020_2_00007FF7C18D0D02
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18A6C900_2_00007FF7C18A6C90
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C188FBB00_2_00007FF7C188FBB0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18B6BC00_2_00007FF7C18B6BC0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18ADB500_2_00007FF7C18ADB50
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18CCB400_2_00007FF7C18CCB40
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18CA3700_2_00007FF7C18CA370
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18873900_2_00007FF7C1887390
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18A96B00_2_00007FF7C18A96B0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C1896EC00_2_00007FF7C1896EC0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18A7EF00_2_00007FF7C18A7EF0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18946F00_2_00007FF7C18946F0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C189D6200_2_00007FF7C189D620
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18946200_2_00007FF7C1894620
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18CE5B00_2_00007FF7C18CE5B0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18BCDD00_2_00007FF7C18BCDD0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18B25F00_2_00007FF7C18B25F0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18C0DE00_2_00007FF7C18C0DE0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C1889E100_2_00007FF7C1889E10
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18BD5300_2_00007FF7C18BD530
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18AAD400_2_00007FF7C18AAD40
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C1885D900_2_00007FF7C1885D90
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18C60900_2_00007FF7C18C6090
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C188DFB00_2_00007FF7C188DFB0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18ABFC00_2_00007FF7C18ABFC0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18B97F00_2_00007FF7C18B97F0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18897300_2_00007FF7C1889730
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_0000023D0FBF0FF00_2_0000023D0FBF0FF0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: String function: 00007FF7C18DE460 appears 867 times
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: String function: 00007FF7C18A1F40 appears 40 times
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: String function: 00007FF7C18985B0 appears 36 times
        Source: solara-executor.exeStatic PE information: Section: bbbb ZLIB complexity 0.9988679984861591
        Source: classification engineClassification label: mal88.spyw.evad.winEXE@1/0@1/1
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_0000023D0FC0CB40 CreateToolhelp32Snapshot,Process32NextW,Concurrency::details::WorkQueue::IsStructuredEmpty,Concurrency::details::WorkQueue::IsStructuredEmpty,Process32NextW,0_2_0000023D0FC0CB40
        Source: C:\Users\user\Desktop\solara-executor.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\SVQ08EEO.htmJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: solara-executor.exe, 00000000.00000003.1300301777.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1310052156.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297666822.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1383401441.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1418031452.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1334362044.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1413085319.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1323546214.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1379681332.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1398956164.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE local_addresses (guid VARCHAR PRIMARY KEY, use_count INTEGER NOT NULL DEFAULT 0, use_date INTEGER NOT NULL DEFAULT 0, date_modified INTEGER NOT NULL DEFAULT 0, language_code VARCHAR, label VARCHAR, initial_creator_id INTEGER DEFAULT 0, last_modifier_id INTEGER DEFAULT 0)key));
        Source: solara-executor.exe, 00000000.00000002.3718394702.0000023D1018E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D102A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: solara-executor.exeReversingLabs: Detection: 18%
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: d3d9.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: msvcp140.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: resourcepolicyclient.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: dxcore.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: xinput1_4.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: devobj.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: inputhost.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32Jump to behavior
        Source: solara-executor.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: solara-executor.exeStatic file information: File size 1248295 > 1048576
        Source: solara-executor.exeStatic PE information: Raw size of bbbb is bigger than: 0x100000 < 0x121000
        Source: solara-executor.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: solara-executor.exe, solara-executor.exe, 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp
        Source: Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb/''GCTL source: solara-executor.exe, 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp

        Data Obfuscation

        barindex
        Detected unpacking (changes PE section rights)
        Source: C:\Users\user\Desktop\solara-executor.exeUnpacked PE file: 0.2.solara-executor.exe.7ff7c1880000.1.unpack "/hR:EW;bbbb:EW;Unknown_Section2:W; vs "/hR:ER;bbbb:ER;Unknown_Section2:W;
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18CF7A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,0_2_00007FF7C18CF7A0
        Source: initial sampleStatic PE information: section where entry point is pointing to: bbbb
        Source: solara-executor.exeStatic PE information: section name: "/hR
        Source: solara-executor.exeStatic PE information: section name: bbbb
        Source: solara-executor.exeStatic PE information: section name: bNbF
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DE578 push rax; retf 0_2_00007FF7C18DE579
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_0000023D0FB44970 push es; ret 0_2_0000023D0FB4497F
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_0000023D0FC9C5C7 push esi; iretd 0_2_0000023D0FC9C5F0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_0000023D0FC7C2BA push 52F6EBC2h; retn F6EBh0_2_0000023D0FC7C333
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_0000023D0FC7D632 pushfd ; retf BD37h0_2_0000023D0FC7D7D9
        Source: solara-executor.exeStatic PE information: section name: bbbb entropy: 7.999761627141752
        Source: C:\Users\user\Desktop\solara-executor.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior

        Malware Analysis System Evasion

        barindex
        Contain functionality to detect virtual machines
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: \\.\VBoxMiniRdrDN \\.\VBoxMiniRdrDN \\.\VBoxMiniRdrDN 0_2_00007FF7C18D3C00
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: SOFTWARE\VMware, Inc.\VMware Tools SOFTWARE\VMware, Inc.\VMware Tools SOFTWARE\VMware, Inc.\VMware Tools 0_2_00007FF7C18D3D40
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened / queried: VBoxMiniRdrDNJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeWindow / User API: threadDelayed 5541Jump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeWindow / User API: foregroundWindowGot 1658Jump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_0000023D0FB2F46A Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileA,type_info::_name_internal_method,type_info::_name_internal_method,type_info::_name_internal_method,0_2_0000023D0FB2F46A
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
        Source: solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vboxservice
        Source: solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vboxtrayx64dbgh
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
        Source: solara-executor.exe, 00000000.00000002.3716741170.0000023D0FA36000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@z
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
        Source: solara-executor.exe, solara-executor.exe, 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: \\.\VBoxMiniRdrDN
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
        Source: solara-executor.exe, 00000000.00000003.1300301777.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1310052156.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3716741170.0000023D0FA36000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297666822.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1383401441.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1418031452.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1334362044.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1413085319.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1323546214.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1379681332.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
        Source: solara-executor.exe, solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: qemu-ga
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
        Source: solara-executor.exe, 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware ToolsNOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm0123456789+/LoadLibraryA
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
        Source: solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vmtoolsdvboxserviceu
        Source: solara-executor.exe, 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Kernel32.dllKernel32.dll\\.\VBoxMiniRdrDN
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
        Source: solara-executor.exe, 00000000.00000003.1300301777.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1310052156.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297666822.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1383401441.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1418031452.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1334362044.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1413085319.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1323546214.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1379681332.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1398956164.0000023D0FADA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
        Source: solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vmwareuser
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
        Source: solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vmwaretray
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
        Source: solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: qemu-gaVGAuthServicevmwaretrayv
        Source: solara-executor.exe, solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vboxtray
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
        Source: solara-executor.exe, 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
        Source: solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: wiresharkvmwareuseri
        Source: solara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: vmtoolsd
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
        Source: solara-executor.exe, 00000000.00000003.1271381336.0000023D10144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
        Source: C:\Users\user\Desktop\solara-executor.exeAPI call chain: ExitProcess graph end nodegraph_0-72683
        Source: C:\Users\user\Desktop\solara-executor.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DC628 IsProcessorFeaturePresent,00007FFB1E6719C0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FFB1E6719C0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7C18DC628
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18CF7A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,0_2_00007FF7C18CF7A0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DC628 IsProcessorFeaturePresent,00007FFB1E6719C0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FFB1E6719C0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7C18DC628
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DE0B0 SetUnhandledExceptionFilter,0_2_00007FF7C18DE0B0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DE0D0 SetUnhandledExceptionFilter,0_2_00007FF7C18DE0D0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DE0C0 SetUnhandledExceptionFilter,0_2_00007FF7C18DE0C0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DE050 QueryPerformanceCounter,SetUnhandledExceptionFilter,0_2_00007FF7C18DE050
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DC80C SetUnhandledExceptionFilter,0_2_00007FF7C18DC80C
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,0_2_00007FF7C18CF7A0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: GetLocaleInfoA,0_2_00007FF7C18DE0A0
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: GetKeyboardLayout,GetLocaleInfoA,0_2_00007FF7C18D105B
        Source: C:\Users\user\Desktop\solara-executor.exeCode function: 0_2_00007FF7C18DC8B8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7C18DC8B8

        Stealing of Sensitive Information

        barindex
        Found many strings related to Crypto-Wallets (likely being stolen)
        Source: solara-executor.exeString found in binary or memory: Electrum-LTC
        Source: solara-executor.exeString found in binary or memory: ElectronCash
        Source: solara-executor.exeString found in binary or memory: \com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
        Source: solara-executor.exeString found in binary or memory: \Exodus\exodus.wallet
        Source: solara-executor.exeString found in binary or memory: \Ethereum\keystore
        Source: solara-executor.exeString found in binary or memory: Exodus Web
        Source: solara-executor.exeString found in binary or memory: \Ethereum\keystore
        Source: solara-executor.exeString found in binary or memory: \Coinomi\Coinomi\wallets
        Source: solara-executor.exeString found in binary or memory: \Ethereum\keystore
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\prefs.jsJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\Desktop\solara-executor.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: Yara matchFile source: 0.2.solara-executor.exe.23d0fc481d0.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: solara-executor.exe PID: 788, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        DLL Side-Loading        		1
        Masquerading        		1
        OS Credential Dumping        		1
        System Time Discovery        		Remote Services1
        Input Capture        		21
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts11
        Virtualization/Sandbox Evasion        		1
        Input Capture        		1
        Query Registry        		Remote Desktop Protocol1
        Archive Collected Data        		1
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Deobfuscate/Decode Files or Information        		Security Account Manager121
        Security Software Discovery        		SMB/Windows Admin Shares2
        Data from Local System        		2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
        Obfuscated Files or Information        		NTDS11
        Virtualization/Sandbox Evasion        		Distributed Component Object Model3
        Clipboard Data        		13
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
        Software Packing        		LSA Secrets2
        Process Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        DLL Side-Loading        		Cached Domain Credentials1
        Application Window Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
        File and Directory Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem12
        System Information Discovery        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        solara-executor.exe18%ReversingLabs
        solara-executor.exe100%AviraHEUR/AGEN.1314582
        solara-executor.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://https://https/:://websocketpp.processorGeneric0%Avira URL Cloudsafe
        https://bridge.sfo1.adm0%Avira URL Cloudsafe
        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.0%Avira URL Cloudsafe
        https://contile-images.services.mo0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        api.myip.com
        		172.67.75.163
        		truefalse
          		high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://api.myip.com/false
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://https://https/:://websocketpp.processorGenericsolara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0solara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmpfalse
              		high
              https://duckduckgo.com/chrome_newtabsolara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c/solara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://duckduckgo.com/ac/?q=solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icosolara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://www.invisalign.com/?utm_source=admarkesolara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.solara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1349509117.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1328622619.0000023D102B6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1316487085.0000023D102B6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102B6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D102BB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297178313.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3719962029.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1334497632.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1365067301.0000023D102B8000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://api.myip.com/Russiasolara-executor.exe, 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Holdsolara-executor.exe, 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmpfalse
                                		high
                                https://www.ecosia.org/newtab/solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://ac.ecosia.org/autocomplete?q=solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgsolara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://bridge.sfo1.admsolara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usagesolara-executor.exe, solara-executor.exe, 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmpfalse
                                        		high
                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsolara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqsolara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&usolara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9esolara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgsolara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://api.myip.com/LL_Only:?solara-executor.exe, 00000000.00000003.1323546214.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1305911836.0000023D0FAB0000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1418031452.0000023D0FABC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1343267729.0000023D0FAB0000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1379681332.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1334362044.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3717359481.0000023D0FABD000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1310052156.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1310110338.0000023D0FABC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1398956164.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1294991572.0000023D0FAA4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297666822.0000023D0FAA5000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1383401441.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1349448809.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1400491675.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1413085319.0000023D0FAB4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300301777.0000023D0FAB5000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1389965174.0000023D0FAAB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=solara-executor.exe, 00000000.00000003.1341908096.0000023D10332000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1341411906.0000023D102D3000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1300358467.0000023D102F6000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D10131000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://contile-images.services.mosolara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&ctasolara-executor.exe, 00000000.00000003.1289015388.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1354621604.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2743020121.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2555027884.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1366950028.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1340036141.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1422821644.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1359882286.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1458025330.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1289015388.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1482885168.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1361379443.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.3718394702.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1297736420.0000023D10253000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2578647107.0000023D1020E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.1466092210.0000023D1020E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        172.67.75.163
                                                        		api.myip.comUnited States
                                                        		13335CLOUDFLARENETUSfalse

                                                        General Information

                                                        Joe Sandbox version:41.0.0 Charoite
                                                        Analysis ID:1577819
                                                        Start date and time:2024-12-18 19:27:09 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 8m 30s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:12
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Sample name:solara-executor.exe
                                                        Detection:MAL
                                                        Classification:mal88.spyw.evad.winEXE@1/0@1/1
                                                        EGA Information:
                                                        • Successful, ratio: 100%
                                                        HCA Information:
                                                        • Successful, ratio: 88%
                                                        • Number of executed functions: 31
                                                        • Number of non-executed functions: 129
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe
                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 13.107.246.63, 52.149.20.212
                                                        • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • VT rate limit hit for: solara-executor.exe

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        14:57:51API Interceptor16619569x Sleep call for process: solara-executor.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        172.67.75.163http://keynstrings.com/qdop/shriejeapd-xtre-czoyj-wux-182-n-ql72-dn6/?c=fg228vRhwgeAXmTlARVFPNkYQLEru1SQGolYq6DI2QO81BQyaFaUvmsyEbo4THF&dx6ywq7xi--6pmvnh36bm-q6ly=LedZebpban&f5W%2bAIcMkGZ9Lp3h7Da%2bJcuQl1mIISCF0%2bsnvlLl1C7JZwlOpPadnHGgzJCg9kkRnhKcM0BjIT2Bh9Pj1vF476j%3d%1d&url=htths%2a%0v%0wfr-tr.fazeboak.bon%2fUrbanZoccer%7cGet hashmaliciousGRQ ScamBrowse
                                                        • trk.adtrk18.com/aff_c?offer_id=15108&aff_id=1850&url_id=14904&aff_sub=ee27fca9-b066-4ae9-9cbc-def0df49be21&aff_sub5=cm3l19374

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        api.myip.comWaveExecutor.exeGet hashmaliciousUnknownBrowse
                                                        • 104.26.8.59
                                                        Nexus-Executor.exeGet hashmaliciousUnknownBrowse
                                                        • 104.26.9.59
                                                        WaveExecutor.exeGet hashmaliciousUnknownBrowse
                                                        • 104.26.9.59
                                                        Nexus-Executor.exeGet hashmaliciousUnknownBrowse
                                                        • 104.26.9.59
                                                        Fortexternal.exeGet hashmaliciousUnknownBrowse
                                                        • 104.26.9.59
                                                        Fortexternal.exeGet hashmaliciousUnknownBrowse
                                                        • 104.26.9.59
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                        • 104.26.9.59
                                                        file.exeGet hashmaliciousAmadey, CryptbotBrowse
                                                        • 172.67.75.163
                                                        file.exeGet hashmaliciousAmadey, XWormBrowse
                                                        • 172.67.75.163
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                        • 104.26.8.59

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        CLOUDFLARENETUShttps://usemployee-hrdbenefits.comGet hashmaliciousUnknownBrowse
                                                        • 104.16.123.96
                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                        • 172.67.131.246
                                                        https://em.navan.com/MDM3LUlLWi04NzEAAAGXecU3IyvXka_yOfm1UXs3oOmq7mq-S6uBgGscrsY0kWMgpLalbadmEIYbTEXYqyKQHEXyRQM=Get hashmaliciousUnknownBrowse
                                                        • 104.16.79.73
                                                        A file has been sent to you via DROPBOX.pdfGet hashmaliciousUnknownBrowse
                                                        • 104.17.25.14
                                                        https://usps.com-parcelbvxce.vip/i/Get hashmaliciousUnknownBrowse
                                                        • 104.21.4.80
                                                        http://golden1-alert.net/onlineGet hashmaliciousUnknownBrowse
                                                        • 104.17.25.14
                                                        Setup.msiGet hashmaliciousUnknownBrowse
                                                        • 172.67.218.192
                                                        'Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                        • 172.67.179.225
                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                        • 104.21.88.199

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        37f463bf4616ecd445d4a1937da06e19Setup.msiGet hashmaliciousUnknownBrowse
                                                        • 172.67.75.163
                                                        InstallSetup.exeGet hashmaliciousLummaCBrowse
                                                        • 172.67.75.163
                                                        T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                        • 172.67.75.163
                                                        PAYMENT SWIFT AND SOA TT07180016-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                        • 172.67.75.163
                                                        z68scancopy.vbsGet hashmaliciousFormBookBrowse
                                                        • 172.67.75.163
                                                        oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                                        • 172.67.75.163
                                                        T2dvU8f2xg.exeGet hashmaliciousUnknownBrowse
                                                        • 172.67.75.163
                                                        oiBxz37xUo.dllGet hashmaliciousUnknownBrowse
                                                        • 172.67.75.163
                                                        7nJ9Jo78Vq.dllGet hashmaliciousUnknownBrowse
                                                        • 172.67.75.163

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        No created / dropped files found

                                                        Static File Info

                                                        General

                                                        File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                        Entropy (8bit):7.941670398228598
                                                        TrID:
                                                        • Win64 Executable GUI (202006/5) 93.51%
                                                        • Win64 Executable (generic) (12005/4) 5.56%
                                                        • DOS Executable Generic (2002/1) 0.93%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:solara-executor.exe
                                                        File size:1'248'295 bytes
                                                        MD5:6107673fe6de87ac938d8d45ceee771b
                                                        SHA1:0ebf97d44da9ce419102f2407e4b92ccc75677dd
                                                        SHA256:1d820e33b6818f08161dbd3766b37e971b7531ee018dee1eb21822edb1eaa545
                                                        SHA512:798affa3cabc3537d226ebdffa458309b0fa81a21939990eebdf121971e870d70d96f8b75ff6746b5d397e28015beb81f8af35df51f10adbf91c378d4dce74d2
                                                        SSDEEP:24576:PDnqyaenIySWhuUSC/i/dH9ONOznpY4sEkm30TEhibtyuk5mj5dRvgRnFpt:PGy5LSwUdbznqfEZ3RGN2Fpt
                                                        TLSH:DE45122BB7E46771D934D473CB9BC71AB330A262D0768B5B05C28B1F665A00A774BF18
                                                        File Content Preview:MZ......................@.2.92.UPX!._0x001818c..........................!..L.!This program cannot be run in DOS mode....$.......4=..p\..p\..p\..y$P.`\..`...v\..`...r\..`...y\..`...n\..;$..`\..W...s\..p\...\..;...x\..;.<.q\..;...q\..Richp\.................

                                                        File Icon

                                                        Icon Hash:00928e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x140631280
                                                        Entrypoint Section:bbbb
                                                        Digitally signed:false
                                                        Imagebase:0x140000000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x6761A24F [Tue Dec 17 16:09:51 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:6
                                                        OS Version Minor:0
                                                        File Version Major:6
                                                        File Version Minor:0
                                                        Subsystem Version Major:6
                                                        Subsystem Version Minor:0
                                                        Import Hash:b20f1daac672151d282f9ffd530ca36b

                                                        Entrypoint Preview

                                                        Instruction
                                                        push ebx
                                                        push esi
                                                        push edi
                                                        push ebp
                                                        dec eax
                                                        lea esi, dword ptr [FFEDFD75h]
                                                        dec eax
                                                        lea edi, dword ptr [esi-00510000h]
                                                        push edi
                                                        mov eax, 0062FDCFh
                                                        push eax
                                                        dec eax
                                                        mov ecx, esp
                                                        dec eax
                                                        mov edx, edi
                                                        dec eax
                                                        mov edi, esi
                                                        mov esi, 00120274h
                                                        push ebp
                                                        dec eax
                                                        mov ebp, esp
                                                        inc esp
                                                        mov ecx, dword ptr [ecx]
                                                        dec ecx
                                                        mov eax, edx
                                                        dec eax
                                                        mov edx, esi
                                                        dec eax
                                                        lea esi, dword ptr [edi+02h]
                                                        push esi
                                                        mov al, byte ptr [edi]
                                                        dec edx
                                                        mov cl, al
                                                        and al, 07h
                                                        shr cl, 00000003h
                                                        dec eax
                                                        mov ebx, FFFFFD00h
                                                        dec eax
                                                        shl ebx, cl
                                                        mov cl, al
                                                        dec eax
                                                        lea ebx, dword ptr [esp+ebx*2-00000E78h]
                                                        dec eax
                                                        and ebx, FFFFFFC0h
                                                        push 00000000h
                                                        dec eax
                                                        cmp esp, ebx
                                                        jne 00007F1BF0C2A45Bh
                                                        push ebx
                                                        dec eax
                                                        lea edi, dword ptr [ebx+08h]
                                                        mov cl, byte ptr [esi-01h]
                                                        dec edx
                                                        mov byte ptr [edi+02h], al
                                                        mov al, cl
                                                        shr cl, 00000004h
                                                        mov byte ptr [edi+01h], cl
                                                        and al, 0Fh
                                                        mov byte ptr [edi], al
                                                        dec eax
                                                        lea ecx, dword ptr [edi-04h]
                                                        push eax
                                                        inc ecx
                                                        push edi
                                                        dec eax
                                                        lea eax, dword ptr [edi+04h]
                                                        inc ebp
                                                        xor edi, edi
                                                        inc ecx
                                                        push esi
                                                        inc ecx
                                                        mov esi, 00000001h
                                                        inc ecx
                                                        push ebp
                                                        inc ebp
                                                        xor ebp, ebp
                                                        inc ecx
                                                        push esp
                                                        push ebp
                                                        push ebx
                                                        dec eax
                                                        sub esp, 48h
                                                        dec eax
                                                        mov dword ptr [esp+38h], ecx
                                                        dec eax
                                                        mov dword ptr [esp+20h], eax
                                                        mov eax, 00000001h
                                                        dec eax
                                                        mov dword ptr [esp+40h], esi
                                                        dec esp
                                                        mov dword ptr [esp+30h], eax
                                                        mov ebx, eax
                                                        inc esp
                                                        mov dword ptr [esp+2Ch], ecx
                                                        movzx ecx, byte ptr [edi+02h]
                                                        shl ebx, cl
                                                        mov ecx, ebx

                                                        Rich Headers

                                                        Programming Language:
                                                        • [IMP] VS2008 SP1 build 30729
                                                        • [IMP] VS2005 build 50727

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x6411b00x504bNbF
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x6320000xf1b0bNbF
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3220000x4410"/hR
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x6416b40x20bNbF
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x631e600x28bbbb
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x631e900x140bbbb
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        "/hR0x10000x5100000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        bbbb0x5110000x1210000x121000fb76c604981fcb6c4067a2c5117730c7False0.9988679984861591data7.999761627141752IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        bNbF0x6320000x100000xf8000c5ce6f0a1e32589f6d634730baa9e50False0.2612462197580645data3.9453169926813554IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        None0x640ff40x2edata1.108695652173913
                                                        RT_RCDATA0x3360200x3201empty0
                                                        RT_RCDATA0x3392240x3201empty0
                                                        RT_RCDATA0x33c4280x3201empty0
                                                        RT_RCDATA0x33f62c0x3201empty0
                                                        RT_RCDATA0x3428300x3201empty0
                                                        RT_RCDATA0x345a340x3201empty0
                                                        RT_RCDATA0x348c380x3201empty0
                                                        RT_RCDATA0x34be3c0x3201empty0
                                                        RT_RCDATA0x34f0400x3201empty0
                                                        RT_RCDATA0x3522440x3201empty0
                                                        RT_RCDATA0x3554480x3201empty0
                                                        RT_RCDATA0x35864c0x3201empty0
                                                        RT_RCDATA0x35b8500x3201empty0
                                                        RT_RCDATA0x35ea540x3201empty0
                                                        RT_RCDATA0x361c580x3201empty0
                                                        RT_RCDATA0x364e5c0x3201empty0
                                                        RT_RCDATA0x3680600x3201empty0
                                                        RT_RCDATA0x36b2640x3201empty0
                                                        RT_RCDATA0x36e4680x3201empty0
                                                        RT_RCDATA0x37166c0x3201empty0
                                                        RT_RCDATA0x3748700x3201empty0
                                                        RT_RCDATA0x377a740x3201empty0
                                                        RT_RCDATA0x37ac780x3201empty0
                                                        RT_RCDATA0x37de7c0x3201empty0
                                                        RT_RCDATA0x3810800x3201empty0
                                                        RT_RCDATA0x3842840x3201empty0
                                                        RT_RCDATA0x3874880x3201empty0
                                                        RT_RCDATA0x38a68c0x3201empty0
                                                        RT_RCDATA0x38d8900x76empty0
                                                        RT_RCDATA0x38d9080x22empty0
                                                        RT_RCDATA0x38d92c0x3201empty0
                                                        RT_RCDATA0x390b300x3201empty0
                                                        RT_RCDATA0x393d340x3201empty0
                                                        RT_RCDATA0x396f380x3201empty0
                                                        RT_RCDATA0x39a13c0x3201empty0
                                                        RT_RCDATA0x39d3400x796empty0
                                                        RT_RCDATA0x39dad80xfempty0
                                                        RT_RCDATA0x39dae80x3201empty0
                                                        RT_RCDATA0x3a0cec0x3201empty0
                                                        RT_RCDATA0x3a3ef00xedcf4empty0
                                                        RT_RCDATA0x491be40x3201empty0
                                                        RT_RCDATA0x494de80x9418empty0
                                                        RT_RCDATA0x49e2000x3201empty0
                                                        RT_RCDATA0x4a14040x3201empty0
                                                        RT_RCDATA0x4a46080x55empty0
                                                        RT_RCDATA0x4a46600x3201empty0
                                                        RT_RCDATA0x4a78640x3201empty0
                                                        RT_RCDATA0x4aaa680x3201empty0
                                                        RT_RCDATA0x4adc6c0x3201empty0
                                                        RT_RCDATA0x4b0e700x3201empty0
                                                        RT_RCDATA0x4b40740x3201empty0
                                                        RT_RCDATA0x4b72780x9eempty0
                                                        RT_RCDATA0x4b73180x1f2empty0
                                                        RT_RCDATA0x4b750c0x3201empty0
                                                        RT_RCDATA0x4ba7100x3201empty0
                                                        RT_RCDATA0x4bd9140x3201empty0
                                                        RT_RCDATA0x4c0b180x3201empty0
                                                        RT_RCDATA0x4c3d1c0x7dempty0
                                                        RT_RCDATA0x4c3d9c0x7dempty0
                                                        RT_RCDATA0x4c3e1c0x7dempty0
                                                        RT_RCDATA0x4c3e9c0x7dempty0
                                                        RT_RCDATA0x4c3f1c0x7dempty0
                                                        RT_RCDATA0x4c3f9c0x7dempty0
                                                        RT_RCDATA0x4c401c0x7dempty0
                                                        RT_RCDATA0x4c409c0x7dempty0
                                                        RT_RCDATA0x4c411c0x7dempty0
                                                        RT_RCDATA0x4c419c0x7dempty0
                                                        RT_RCDATA0x4c421c0x7dempty0
                                                        RT_RCDATA0x4c429c0x7dempty0
                                                        RT_RCDATA0x4c431c0x7dempty0
                                                        RT_RCDATA0x4c439c0x7dempty0
                                                        RT_RCDATA0x4c441c0x7dempty0
                                                        RT_RCDATA0x4c449c0x7dempty0
                                                        RT_RCDATA0x4c451c0x7dempty0
                                                        RT_RCDATA0x4c459c0x7dempty0
                                                        RT_RCDATA0x4c461c0x3201empty0
                                                        RT_RCDATA0x4c78200x3201empty0
                                                        RT_RCDATA0x4caa240x3201empty0
                                                        RT_RCDATA0x4cdc280x3201empty0
                                                        RT_RCDATA0x4d0e2c0x3201empty0
                                                        RT_RCDATA0x4d40300x3201empty0
                                                        RT_RCDATA0x4d72340x3201empty0
                                                        RT_RCDATA0x4da4380x3201empty0
                                                        RT_RCDATA0x4dd63c0x3201empty0
                                                        RT_RCDATA0x4e08400x3201empty0
                                                        RT_RCDATA0x4e3a440x3201empty0
                                                        RT_RCDATA0x4e6c480x3201empty0
                                                        RT_RCDATA0x4e9e4c0x3201empty0
                                                        RT_RCDATA0x4ed0500x3201empty0
                                                        RT_RCDATA0x4f02540x3201empty0
                                                        RT_RCDATA0x4f34580x3201empty0
                                                        RT_RCDATA0x4f665c0x3201empty0
                                                        RT_RCDATA0x4f98600x3201empty0
                                                        RT_RCDATA0x4fca640x3201empty0
                                                        RT_RCDATA0x4ffc680x3201empty0
                                                        RT_RCDATA0x502e6c0x3201empty0
                                                        RT_RCDATA0x5060700x3201empty0
                                                        RT_RCDATA0x5092740x3201empty0
                                                        RT_RCDATA0x50c4780x3201empty0
                                                        RT_RCDATA0x50f67c0x3201empty0
                                                        RT_RCDATA0x5128800x3201data1.0008593078665728
                                                        RT_RCDATA0x515a840x3201data1.0008593078665728
                                                        RT_RCDATA0x518c880x3201data1.0008593078665728
                                                        RT_RCDATA0x51be8c0x3201data1.0008593078665728
                                                        RT_RCDATA0x51f0900x3201data1.0008593078665728
                                                        RT_RCDATA0x5222940x3201data1.0008593078665728
                                                        RT_RCDATA0x5254980x3201data1.0008593078665728
                                                        RT_RCDATA0x52869c0x3201data1.0008593078665728
                                                        RT_RCDATA0x52b8a00x3201data1.0008593078665728
                                                        RT_RCDATA0x52eaa40x3201data1.0008593078665728
                                                        RT_RCDATA0x531ca80x3201data1.0008593078665728
                                                        RT_RCDATA0x534eac0x3201data1.0008593078665728
                                                        RT_RCDATA0x5380b00x3201data1.0008593078665728
                                                        RT_RCDATA0x53b2b40x3201data1.0008593078665728
                                                        RT_RCDATA0x53e4b80x3201OpenPGP Public Key1.0008593078665728
                                                        RT_RCDATA0x5416bc0x3201data1.0008593078665728
                                                        RT_RCDATA0x5448c00x3201data1.0008593078665728
                                                        RT_RCDATA0x547ac40x3201data1.0008593078665728
                                                        RT_RCDATA0x54acc80x3201data1.0008593078665728
                                                        RT_RCDATA0x54decc0x3201data1.0008593078665728
                                                        RT_RCDATA0x5510d00x3201data1.0008593078665728
                                                        RT_RCDATA0x5542d40x3201data1.0008593078665728
                                                        RT_RCDATA0x5574d80x3201data1.0008593078665728
                                                        RT_RCDATA0x55a6dc0x3201data1.0008593078665728
                                                        RT_RCDATA0x55d8e00x3201data1.0008593078665728
                                                        RT_RCDATA0x560ae40x3201data1.0008593078665728
                                                        RT_RCDATA0x563ce80x3201data1.0008593078665728
                                                        RT_RCDATA0x566eec0x3201data1.0008593078665728
                                                        RT_RCDATA0x56a0f00x3201SysEx File -1.0008593078665728
                                                        RT_RCDATA0x56d2f40x3201data1.0008593078665728
                                                        RT_RCDATA0x5704f80x3201data1.0008593078665728
                                                        RT_RCDATA0x5736fc0x3201data1.0008593078665728
                                                        RT_RCDATA0x5769000x3201data1.0008593078665728
                                                        RT_RCDATA0x579b040x3201data1.0008593078665728
                                                        RT_RCDATA0x57cd080x3201data1.0008593078665728
                                                        RT_RCDATA0x57ff0c0x3201data1.0008593078665728
                                                        RT_RCDATA0x5831100x3201data1.0008593078665728
                                                        RT_RCDATA0x5863140x3201data1.0008593078665728
                                                        RT_RCDATA0x5895180x3201data1.0008593078665728
                                                        RT_RCDATA0x58c71c0x3201data1.0008593078665728
                                                        RT_RCDATA0x58f9200x3201data1.0008593078665728
                                                        RT_RCDATA0x592b240x3201data1.0008593078665728
                                                        RT_RCDATA0x595d280x3201data1.0008593078665728
                                                        RT_RCDATA0x598f2c0x3201data1.0008593078665728
                                                        RT_RCDATA0x59c1300x3201data1.0008593078665728
                                                        RT_RCDATA0x59f3340x3201data1.0008593078665728
                                                        RT_RCDATA0x5a25380x3201OpenPGP Public Key1.0008593078665728
                                                        RT_RCDATA0x5a573c0x3201data1.0008593078665728
                                                        RT_RCDATA0x5a89400x3201data1.0008593078665728
                                                        RT_RCDATA0x5abb440x3201data1.0008593078665728
                                                        RT_RCDATA0x5aed480x3201data1.0008593078665728
                                                        RT_RCDATA0x5b1f4c0x3201data1.0008593078665728
                                                        RT_RCDATA0x5b51500x3201OpenPGP Public Key1.0008593078665728
                                                        RT_RCDATA0x5b83540x3201data1.0008593078665728
                                                        RT_RCDATA0x5bb5580x3201data1.0008593078665728
                                                        RT_RCDATA0x5be75c0x3201data1.0008593078665728
                                                        RT_RCDATA0x5c19600x3201data1.0008593078665728
                                                        RT_RCDATA0x5c4b640x3201data1.0008593078665728
                                                        RT_RCDATA0x5c7d680x3201data1.0008593078665728
                                                        RT_RCDATA0x5caf6c0x3201data1.0008593078665728
                                                        RT_RCDATA0x5ce1700x3201data1.0008593078665728
                                                        RT_RCDATA0x5d13740x3201data1.0008593078665728
                                                        RT_RCDATA0x5d45780x3201data1.0008593078665728
                                                        RT_RCDATA0x5d777c0x3201data1.0008593078665728
                                                        RT_RCDATA0x5da9800x3201data1.0008593078665728
                                                        RT_RCDATA0x5ddb840x3201data1.0008593078665728
                                                        RT_RCDATA0x5e0d880x3201data1.0008593078665728
                                                        RT_RCDATA0x5e3f8c0x3201data1.0008593078665728
                                                        RT_RCDATA0x5e71900x3201data1.0008593078665728
                                                        RT_RCDATA0x5ea3940x3201data1.0008593078665728
                                                        RT_RCDATA0x5ed5980x3201data1.0008593078665728
                                                        RT_RCDATA0x5f079c0x3201data1.0008593078665728
                                                        RT_RCDATA0x5f39a00x3201data1.0008593078665728
                                                        RT_RCDATA0x5f6ba40x3201data1.0008593078665728
                                                        RT_RCDATA0x5f9da80x3201data1.0008593078665728
                                                        RT_RCDATA0x5fcfac0x3201data1.0008593078665728
                                                        RT_RCDATA0x6001b00x3201data1.0008593078665728
                                                        RT_RCDATA0x6033b40x3201data1.0008593078665728
                                                        RT_RCDATA0x6065b80x3201data1.0008593078665728
                                                        RT_RCDATA0x6097bc0x3201data1.0008593078665728
                                                        RT_RCDATA0x60c9c00x3201data1.0008593078665728
                                                        RT_RCDATA0x60fbc40x3201data1.0008593078665728
                                                        RT_RCDATA0x612dc80x3201data1.0008593078665728
                                                        RT_RCDATA0x615fcc0x3201data1.0008593078665728
                                                        RT_RCDATA0x6191d00x3201data1.0008593078665728
                                                        RT_RCDATA0x61c3d40x3201data1.0008593078665728
                                                        RT_RCDATA0x61f5d80x3201data1.0008593078665728
                                                        RT_RCDATA0x6227dc0x3201data1.0008593078665728
                                                        RT_RCDATA0x6259e00x3201data1.0008593078665728
                                                        RT_MANIFEST0x6410280x2data5.0
                                                        RT_MANIFEST0x6410300x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727
                                                        None0x628d680x102data1.0426356589147288
                                                        None0x628e6c0xdadata1.0504587155963303
                                                        None0x628f480xbadata1.0591397849462365
                                                        None0x6290040x12adata1.0369127516778522
                                                        None0x6291300x16edata1.030054644808743
                                                        None0x6292a00x16cdata1.0302197802197801
                                                        None0x62940c0xfadata1.044
                                                        None0x6295080x11adata1.0390070921985815
                                                        None0x6296240x178data1.0292553191489362
                                                        None0x62979c0xe0data1.0491071428571428
                                                        None0x62987c0xbcdata1.0585106382978724
                                                        None0x6299380x124data1.0376712328767124
                                                        None0x629a5c0xb0data1.0625
                                                        None0x629b0c0xa6data1.0662650602409638
                                                        None0x629bb40x7edata1.0873015873015872
                                                        None0x629c340xd6data1.0514018691588785
                                                        None0x629d0c0xe6data1.0478260869565217
                                                        None0x629df40xeadata1.047008547008547
                                                        None0x629ee00xcadata1.0544554455445545
                                                        None0x629fac0xdedata1.0495495495495495
                                                        None0x62a08c0x98data1.0723684210526316
                                                        None0x62a1240xe4data1.0482456140350878
                                                        None0x62a2080xc2data1.056701030927835
                                                        None0x62a2cc0xbedata1.0578947368421052
                                                        None0x62a38c0x11adata1.0390070921985815
                                                        None0x62a4a80xa8data1.0654761904761905
                                                        None0x62a5500xdadata1.0504587155963303
                                                        None0x62a62c0xa2data1.0679012345679013
                                                        None0x62a6d00xeadata1.047008547008547
                                                        None0x62a7bc0x88data1.0808823529411764
                                                        None0x62a8440xd8data1.0509259259259258
                                                        None0x62a91c0x152data1.032544378698225
                                                        None0x62aa700x134data1.0357142857142858
                                                        None0x62aba40xecdata1.0466101694915255
                                                        None0x62ac900x120data1.0381944444444444
                                                        None0x62adb00x116data1.039568345323741
                                                        None0x62aec80x7edata1.0873015873015872
                                                        None0x62af480xf2data1.0454545454545454
                                                        None0x62b03c0x106data1.0419847328244274
                                                        None0x62b1440xdcdata1.05
                                                        None0x62b2200xdeOpenPGP Secret Key1.0495495495495495
                                                        None0x62b3000x152data1.032544378698225
                                                        None0x62b4540x154data1.0323529411764707
                                                        None0x62b5a80xe4data1.0482456140350878
                                                        None0x62b68c0xc0OpenPGP Secret Key1.0572916666666667
                                                        None0x62b74c0xacdata1.063953488372093
                                                        None0x62b7f80xf2data1.0454545454545454
                                                        None0x62b8ec0xdcdata1.05
                                                        None0x62b9c80x126data1.0374149659863945
                                                        None0x62baf00x9cdata1.0705128205128205
                                                        None0x62bb8c0x8adata1.0797101449275361
                                                        None0x62bc180x15adata1.0317919075144508
                                                        None0x62bd740xf8data1.0443548387096775
                                                        None0x62be6c0xe2data1.0486725663716814
                                                        None0x62bf500x5adata1.1222222222222222
                                                        None0x62bfac0x106data1.0419847328244274
                                                        None0x62c0b40xc8data1.055
                                                        None0x62c17c0xccdata1.053921568627451
                                                        None0x62c2480xd6data1.0514018691588785
                                                        None0x62c3200x144data1.0339506172839505
                                                        None0x62c4640x138data1.0352564102564104
                                                        None0x62c59c0xf8data1.0443548387096775
                                                        None0x62c6940xe2data1.0486725663716814
                                                        None0x62c7780xd6data1.0514018691588785
                                                        None0x62c8500x140data1.034375
                                                        None0x62c9900x88data1.0808823529411764
                                                        None0x62ca180x10cdata1.041044776119403
                                                        None0x62cb240x9adata1.0714285714285714
                                                        None0x62cbc00x88data1.0808823529411764
                                                        None0x62cc480xc4data1.0561224489795917
                                                        None0x62cd0c0xbcdata1.0585106382978724
                                                        None0x62cdc80xa2data1.0679012345679013
                                                        None0x62ce6c0x100OpenPGP Secret Key1.04296875
                                                        None0x62cf6c0x100data1.04296875
                                                        None0x62d06c0x126data1.0374149659863945
                                                        None0x62d1940x100data1.04296875
                                                        None0x62d2940x80data1.0859375
                                                        None0x62d3140xeedata1.046218487394958
                                                        None0x62d4040x9edata1.0696202531645569
                                                        None0x62d4a40x94data1.0743243243243243
                                                        None0x62d5380xf8OpenPGP Public Key1.0443548387096775
                                                        None0x62d6300xe0data1.0491071428571428
                                                        None0x62d7100x100data1.04296875
                                                        None0x62d8100x8adata1.0797101449275361
                                                        None0x62d89c0x5adata1.1222222222222222
                                                        None0x62d8f80x100data1.04296875
                                                        None0x62d9f80xacdata1.063953488372093
                                                        None0x62daa40x144data1.0339506172839505
                                                        None0x62dbe80x14edata1.032934131736527
                                                        None0x62dd380xa4data1.0670731707317074
                                                        None0x62dddc0xd0data1.0528846153846154
                                                        None0x62deac0xf8data1.0443548387096775
                                                        None0x62dfa40x15adata1.0317919075144508
                                                        None0x62e1000xb2data1.0617977528089888
                                                        None0x62e1b40xf2data1.0454545454545454
                                                        None0x62e2a80xbcdata1.0585106382978724
                                                        None0x62e3640xc2data1.056701030927835
                                                        None0x62e4280xe8data1.0474137931034482
                                                        None0x62e5100x164data1.0308988764044944
                                                        None0x62e6740x98data1.0723684210526316
                                                        None0x62e70c0xf4OpenPGP Public Key1.0450819672131149
                                                        None0x62e8000x158data1.0319767441860466
                                                        None0x62e9580xe0data1.0491071428571428
                                                        None0x62ea380x82data1.0846153846153845
                                                        None0x62eabc0x126data1.0374149659863945

                                                        Imports

                                                        DLLImport
                                                        ADVAPI32.dllRegOpenKeyExA
                                                        api-ms-win-crt-heap-l1-1-0.dllfree
                                                        api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale
                                                        api-ms-win-crt-math-l1-1-0.dllcosf
                                                        api-ms-win-crt-runtime-l1-1-0.dllexit
                                                        api-ms-win-crt-stdio-l1-1-0.dllfseek
                                                        api-ms-win-crt-string-l1-1-0.dllstrcmp
                                                        api-ms-win-crt-utility-l1-1-0.dllqsort
                                                        d3d9.dllDirect3DCreate9
                                                        IMM32.dllImmGetContext
                                                        kErneL32.DlLLoadLibraryA, DeleteAtom, GetProcAddress, VirtualProtect
                                                        MSVCP140.dll_Query_perf_counter
                                                        olE32.dllCoTaskMemFree
                                                        SHELL32.dllShellExecuteA
                                                        USER32.dllSetCursor
                                                        VCRUNTIME140.dllmemset
                                                        VCRUNTIME140_1.dll__CxxFrameHandler4

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2024-12-18T19:28:06.291894+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.749699172.67.75.163443TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 18, 2024 19:28:04.527626038 CET49699443192.168.2.7172.67.75.163
                                                        Dec 18, 2024 19:28:04.527688980 CET44349699172.67.75.163192.168.2.7
                                                        Dec 18, 2024 19:28:04.527781963 CET49699443192.168.2.7172.67.75.163
                                                        Dec 18, 2024 19:28:04.546013117 CET49699443192.168.2.7172.67.75.163
                                                        Dec 18, 2024 19:28:04.546034098 CET44349699172.67.75.163192.168.2.7
                                                        Dec 18, 2024 19:28:05.773899078 CET44349699172.67.75.163192.168.2.7
                                                        Dec 18, 2024 19:28:05.773998022 CET49699443192.168.2.7172.67.75.163
                                                        Dec 18, 2024 19:28:05.892168045 CET49699443192.168.2.7172.67.75.163
                                                        Dec 18, 2024 19:28:05.892199993 CET44349699172.67.75.163192.168.2.7
                                                        Dec 18, 2024 19:28:05.892591953 CET44349699172.67.75.163192.168.2.7
                                                        Dec 18, 2024 19:28:05.892657995 CET49699443192.168.2.7172.67.75.163
                                                        Dec 18, 2024 19:28:05.895287037 CET49699443192.168.2.7172.67.75.163
                                                        Dec 18, 2024 19:28:05.935369015 CET44349699172.67.75.163192.168.2.7
                                                        Dec 18, 2024 19:28:06.291966915 CET44349699172.67.75.163192.168.2.7
                                                        Dec 18, 2024 19:28:06.292062998 CET44349699172.67.75.163192.168.2.7
                                                        Dec 18, 2024 19:28:06.292063951 CET49699443192.168.2.7172.67.75.163
                                                        Dec 18, 2024 19:28:06.292134047 CET49699443192.168.2.7172.67.75.163
                                                        Dec 18, 2024 19:28:06.293407917 CET49699443192.168.2.7172.67.75.163
                                                        Dec 18, 2024 19:28:06.293442011 CET44349699172.67.75.163192.168.2.7

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Dec 18, 2024 19:28:04.382294893 CET5118453192.168.2.71.1.1.1
                                                        Dec 18, 2024 19:28:04.521354914 CET53511841.1.1.1192.168.2.7

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Dec 18, 2024 19:28:04.382294893 CET192.168.2.71.1.1.10x5903Standard query (0)api.myip.comA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Dec 18, 2024 19:28:04.521354914 CET1.1.1.1192.168.2.70x5903No error (0)api.myip.com172.67.75.163A (IP address)IN (0x0001)false
                                                        Dec 18, 2024 19:28:04.521354914 CET1.1.1.1192.168.2.70x5903No error (0)api.myip.com104.26.9.59A (IP address)IN (0x0001)false
                                                        Dec 18, 2024 19:28:04.521354914 CET1.1.1.1192.168.2.70x5903No error (0)api.myip.com104.26.8.59A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • api.myip.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.749699172.67.75.163443788C:\Users\user\Desktop\solara-executor.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-12-18 18:28:05 UTC182OUTGET / HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43
                                                        Host: api.myip.com
                                                        2024-12-18 18:28:06 UTC780INHTTP/1.1 200 OK
                                                        Date: Wed, 18 Dec 2024 18:28:06 GMT
                                                        Content-Type: text/html; charset=UTF-8
                                                        Transfer-Encoding: chunked
                                                        Connection: close
                                                        vary: Accept-Encoding
                                                        cf-cache-status: DYNAMIC
                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xcLhpMoTtX8ez3EMU8%2Bzce77s58rGn2Gfbj%2BZiEzSf72JwiM1uUT5qPPS1GajNmxS2j6yYuNOaVpXYVxaKNLG43YV%2BqqXKWChXYXQzxqX72leHNa46H3nDQaFq%2F1AQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                        Server: cloudflare
                                                        CF-RAY: 8f4135f1daaa424a-EWR
                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1590&min_rtt=1587&rtt_var=601&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2818&recv_bytes=820&delivery_rate=1810291&cwnd=252&unsent_bytes=0&cid=41e387b3aba6f1ba&ts=535&x=0"
                                                        2024-12-18 18:28:06 UTC63INData Raw: 33 39 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a
                                                        Data Ascii: 39{"ip":"8.46.123.189","country":"United States","cc":"US"}
                                                        2024-12-18 18:28:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                        Data Ascii: 0


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:13:28:02
                                                        Start date:18/12/2024
                                                        Path:C:\Users\user\Desktop\solara-executor.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Users\user\Desktop\solara-executor.exe"
                                                        Imagebase:0x7ff7c1880000
                                                        File size:1'248'295 bytes
                                                        MD5 hash:6107673FE6DE87AC938D8D45CEEE771B
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:false

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:3.6%
                                                          Dynamic/Decrypted Code Coverage:19.7%
                                                          Signature Coverage:24.2%
                                                          Total number of Nodes:773
                                                          Total number of Limit Nodes:35
                                                          execution_graph 72419 23d0fbf0ebc 72420 23d0fbf0ec1 72419->72420 72421 23d0fcea5c6 VirtualAlloc 72420->72421 72422 23d0fcea584 72420->72422 72423 23d0fcea5e7 72421->72423 72423->72422 72425 23d0fcea382 72423->72425 72426 23d0fcea395 72425->72426 72427 23d0fcea428 VirtualProtect 72426->72427 72428 23d0fcea3e9 72426->72428 72427->72428 72428->72422 72429 23d0fc133c0 72430 23d0fc133ee Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock std::_Fac_node::_Fac_node 72429->72430 72441 23d0fc15ba0 72430->72441 72432 23d0fc13482 72445 23d0fbe8720 72432->72445 72434 23d0fc13503 72437 23d0fc13510 72434->72437 72449 23d0fbe8ca0 72434->72449 72436 23d0fc13573 72436->72437 72439 23d0fc1362a Concurrency::task_continuation_context::task_continuation_context 72436->72439 72453 23d0fb05130 allocator 72436->72453 72454 23d0fc142e0 std::bad_alloc::bad_alloc 72439->72454 72442 23d0fc15bd1 std::error_category::equivalent Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock Concurrency::details::FreeThreadProxyFactory::Retire 72441->72442 72455 23d0fb6c600 72442->72455 72444 23d0fc15c19 72444->72432 72446 23d0fbe8742 Concurrency::details::WorkQueue::IsStructuredEmpty type_info::_name_internal_method 72445->72446 72447 23d0fbe882b CreateFileA 72446->72447 72448 23d0fbe8863 72447->72448 72448->72434 72460 23d0fb0c520 72449->72460 72451 23d0fbe8ccc CreateFileA ReadFile 72452 23d0fbe8d2f 72451->72452 72452->72436 72453->72436 72454->72437 72456 23d0fb6c622 Concurrency::details::WorkQueue::IsStructuredEmpty 72455->72456 72457 23d0fb6c669 Concurrency::task_continuation_context::task_continuation_context 72456->72457 72459 23d0fb4fd40 allocator 72456->72459 72457->72444 72459->72457 72461 23d0fb0c536 Concurrency::details::WorkQueue::IsStructuredEmpty 72460->72461 72461->72451 73312 23d0fb06fe0 73313 23d0fb07001 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock std::_Fac_node::_Fac_node 73312->73313 73314 23d0fb075bc CreateToolhelp32Snapshot 73313->73314 73315 23d0fb07633 Process32FirstW 73314->73315 73316 23d0fb075d7 73314->73316 73315->73316 73318 23d0fb07659 73315->73318 73317 23d0fb0779d Process32NextW 73317->73316 73317->73318 73318->73316 73318->73317 72462 7ff7c18dc1b0 72463 7ff7c18dc1c4 72462->72463 72464 7ff7c18dc2fc 72463->72464 72465 7ff7c18dc1cc 72463->72465 72512 7ff7c18dc628 9 API calls 72464->72512 72467 7ff7c18dc306 72465->72467 72473 7ff7c18dc1ea _RTC_Initialize __scrt_release_startup_lock 72465->72473 72513 7ff7c18dc628 9 API calls 72467->72513 72469 7ff7c18dc20f 72470 7ff7c18dc311 72514 7ff7c18dc8b8 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 72470->72514 72472 7ff7c18dc32d __scrt_common_main_seh 72473->72469 72481 7ff7c18dc770 00007FFB1E6719C0 GetStartupInfoW 72473->72481 72475 7ff7c18dc29a 72482 7ff7c18d6c10 72475->72482 72479 7ff7c18dc2bd 72479->72470 72480 7ff7c18dc2c1 72479->72480 72480->72469 72481->72475 72485 7ff7c18d6c3f 72482->72485 72484 7ff7c18d6d55 72519 7ff7c18d41e0 7 API calls 72484->72519 72515 7ff7c18d81c0 72485->72515 72487 7ff7c18d6d82 72488 7ff7c18d81c0 00007FFB2AD9F020 72487->72488 72489 7ff7c18d6d8f 72488->72489 72490 7ff7c18d81c0 00007FFB2AD9F020 72489->72490 72491 7ff7c18d6d9d 72490->72491 72520 7ff7c18d4370 00007FFB0CB45F50 72491->72520 72495 7ff7c18d6da8 72527 7ff7c18d5ce0 GetModuleFileNameA 72495->72527 72497 7ff7c18d6ec4 72727 7ff7c18d4520 90 API calls 72497->72727 72500 7ff7c18d6ec9 72728 7ff7c18d4340 DestroyWindow UnregisterClassA 72500->72728 72504 7ff7c18d6ed3 72511 7ff7c18dc7b8 GetModuleHandleW 72504->72511 72507 7ff7c18d81c0 00007FFB2AD9F020 72510 7ff7c18d6dad 72507->72510 72508 7ff7c18d6e58 MessageBoxA 72509 7ff7c18d81c0 00007FFB2AD9F020 72508->72509 72509->72510 72510->72497 72510->72507 72510->72508 72611 7ff7c18d4540 72510->72611 72620 7ff7c18d4720 72510->72620 72711 7ff7c18d45d0 72510->72711 72718 7ff7c18d89b0 72510->72718 72722 7ff7c18d8d40 72510->72722 72511->72479 72512->72467 72513->72470 72514->72472 72517 7ff7c18d81e0 Concurrency::details::ResourceManager::CreateNodeTopology 72515->72517 72516 7ff7c18d8291 72516->72484 72517->72516 72729 7ff7c18dbd38 72517->72729 72519->72487 72521 7ff7c18d4392 72520->72521 72522 7ff7c18d44a0 72521->72522 72732 7ff7c1897c60 00007FFB2ADB5630 72522->72732 72524 7ff7c18d44dc 72735 7ff7c1885be0 72524->72735 72526 7ff7c18d44e3 72526->72495 72529 7ff7c18d5d31 72527->72529 72528 7ff7c18d81c0 00007FFB2AD9F020 72545 7ff7c18d5e4a 72528->72545 72529->72528 72530 7ff7c18d60a8 72532 7ff7c18d60c6 72530->72532 72533 7ff7c18d81c0 00007FFB2AD9F020 72530->72533 72531 7ff7c18d81c0 00007FFB2AD9F020 72531->72530 72534 7ff7c18d60e4 72532->72534 72535 7ff7c18d81c0 00007FFB2AD9F020 72532->72535 72533->72532 72536 7ff7c18d6102 72534->72536 72537 7ff7c18d81c0 00007FFB2AD9F020 72534->72537 72535->72534 72538 7ff7c18d65d6 72536->72538 72550 7ff7c18d6110 72536->72550 72537->72536 72539 7ff7c18d6821 72538->72539 72540 7ff7c18d661a 72538->72540 72544 7ff7c18d7cd0 00007FFB2AD9F020 72539->72544 72761 7ff7c18d7b80 00007FFB2AD9F020 72540->72761 72542 7ff7c18d662e 72762 7ff7c18d7b80 00007FFB2AD9F020 72542->72762 72543 7ff7c18d81c0 00007FFB2AD9F020 72547 7ff7c18d5fff 72543->72547 72548 7ff7c18d68a4 72544->72548 72545->72543 72545->72547 72547->72530 72547->72531 72549 7ff7c18d81c0 00007FFB2AD9F020 72548->72549 72553 7ff7c18d68b1 72549->72553 72551 7ff7c18d81c0 00007FFB2AD9F020 72550->72551 72554 7ff7c18d6254 72551->72554 72552 7ff7c18d6964 72764 7ff7c18d7b80 00007FFB2AD9F020 72552->72764 72553->72552 72560 7ff7c18d7cd0 00007FFB2AD9F020 72553->72560 72757 7ff7c18d7cd0 72554->72757 72557 7ff7c18d6289 72561 7ff7c18d81c0 00007FFB2AD9F020 72557->72561 72558 7ff7c18d6979 72765 7ff7c18d7b80 00007FFB2AD9F020 72558->72765 72562 7ff7c18d6957 72560->72562 72563 7ff7c18d6296 72561->72563 72565 7ff7c18d81c0 00007FFB2AD9F020 72562->72565 72564 7ff7c18d81c0 00007FFB2AD9F020 72563->72564 72584 7ff7c18d62a4 72564->72584 72565->72552 72566 7ff7c18d81c0 00007FFB2AD9F020 72568 7ff7c18d6788 72566->72568 72567 7ff7c18d6642 72567->72566 72763 7ff7c18d9020 00007FFB2AD9F020 72568->72763 72570 7ff7c18d67d6 72571 7ff7c18d7cd0 00007FFB2AD9F020 72570->72571 72572 7ff7c18d67f2 72571->72572 72573 7ff7c18d81c0 00007FFB2AD9F020 72572->72573 72574 7ff7c18d67ff 72573->72574 72575 7ff7c18d81c0 00007FFB2AD9F020 72574->72575 72577 7ff7c18d680d 72575->72577 72576 7ff7c18d81c0 00007FFB2AD9F020 72579 7ff7c18d6ad3 72576->72579 72580 7ff7c18d81c0 00007FFB2AD9F020 72577->72580 72578 7ff7c18d698d 72578->72576 72766 7ff7c18d9020 00007FFB2AD9F020 72579->72766 72583 7ff7c18d681b 72580->72583 72581 7ff7c18d81c0 00007FFB2AD9F020 72585 7ff7c18d63ea 72581->72585 72587 7ff7c18d81c0 00007FFB2AD9F020 72583->72587 72584->72581 72588 7ff7c18d7cd0 00007FFB2AD9F020 72585->72588 72586 7ff7c18d6b21 72589 7ff7c18d7cd0 00007FFB2AD9F020 72586->72589 72590 7ff7c18d65d0 GetCurrentDirectoryA 72587->72590 72591 7ff7c18d641f 72588->72591 72592 7ff7c18d6b3d 72589->72592 72602 7ff7c18d6b98 72590->72602 72594 7ff7c18d81c0 00007FFB2AD9F020 72591->72594 72595 7ff7c18d81c0 00007FFB2AD9F020 72592->72595 72597 7ff7c18d642c 72594->72597 72596 7ff7c18d6b4a 72595->72596 72598 7ff7c18d81c0 00007FFB2AD9F020 72596->72598 72599 7ff7c18d81c0 00007FFB2AD9F020 72597->72599 72600 7ff7c18d6b58 72598->72600 72604 7ff7c18d643a 72599->72604 72601 7ff7c18d81c0 00007FFB2AD9F020 72600->72601 72601->72583 72602->72510 72602->72602 72603 7ff7c18d81c0 00007FFB2AD9F020 72605 7ff7c18d6580 72603->72605 72604->72603 72606 7ff7c18d7cd0 00007FFB2AD9F020 72605->72606 72607 7ff7c18d65b5 72606->72607 72608 7ff7c18d81c0 00007FFB2AD9F020 72607->72608 72609 7ff7c18d65c2 72608->72609 72610 7ff7c18d81c0 00007FFB2AD9F020 72609->72610 72610->72590 72612 7ff7c18d4544 PeekMessageA 72611->72612 72613 7ff7c18d4563 TranslateMessage DispatchMessageA 72612->72613 72615 7ff7c18d45ad 72612->72615 72614 7ff7c18d45ab 72613->72614 72619 7ff7c18d4581 72613->72619 72614->72612 72767 7ff7c18d0330 72615->72767 72619->72510 72621 7ff7c18d4758 72620->72621 72624 7ff7c18d4a24 72621->72624 72882 7ff7c18d3ad0 72621->72882 72626 7ff7c18d5387 72624->72626 72629 7ff7c18d4a64 72624->72629 72627 7ff7c18d89b0 00007FFB2AD9F020 72626->72627 72628 7ff7c18d53d9 72627->72628 72630 7ff7c18d81c0 00007FFB2AD9F020 72628->72630 72631 7ff7c18d4acb SHBrowseForFolder 72629->72631 72634 7ff7c18d4c18 72629->72634 72639 7ff7c18d53e7 72630->72639 72632 7ff7c18d4b2d SHGetPathFromIDList 72631->72632 72631->72634 72633 7ff7c18d4c09 CoTaskMemFree 72632->72633 72638 7ff7c18d4b4b 72632->72638 72633->72634 72635 7ff7c18d89b0 00007FFB2AD9F020 72634->72635 72636 7ff7c18d4c6a 72635->72636 72637 7ff7c18d81c0 00007FFB2AD9F020 72636->72637 72641 7ff7c18d4c78 72637->72641 72638->72633 73002 7ff7c18b02a0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 72639->73002 72970 7ff7c18b02a0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 72641->72970 72643 7ff7c18d550c 73003 7ff7c18b02a0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 72643->73003 72645 7ff7c18d4dc3 72971 7ff7c18b02a0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 72645->72971 72647 7ff7c18d55de 73004 7ff7c18b02a0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 72647->73004 72649 7ff7c18d4ea8 72972 7ff7c18b02a0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 72649->72972 72651 7ff7c18d56b0 73005 7ff7c18b02a0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 72651->73005 72653 7ff7c18d4f7a 72973 7ff7c18b02a0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 72653->72973 72655 7ff7c18d5782 73006 7ff7c18b02a0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 72655->73006 72657 7ff7c18d5859 73007 7ff7c18bf580 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 __swprintf_l 72657->73007 72659 7ff7c18d5891 73008 7ff7c18992e0 00007FFB2AD9F020 72659->73008 72660 7ff7c18d504c 72974 7ff7c18b02a0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 72660->72974 72663 7ff7c18d58ab 73009 7ff7c18c1520 9 API calls 72663->73009 72664 7ff7c18d5123 72975 7ff7c18992e0 00007FFB2AD9F020 72664->72975 72667 7ff7c18d58d7 73010 7ff7c1899390 25 API calls 72667->73010 72668 7ff7c18d515c 72976 7ff7c18bf580 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 __swprintf_l 72668->72976 72671 7ff7c18d5168 72977 7ff7c1899390 25 API calls 72671->72977 72673 7ff7c18d58dd 72680 7ff7c18d59be 72673->72680 73011 7ff7c18839b0 00007FFB2AD9F020 72673->73011 72675 7ff7c18d516d 72978 7ff7c18992e0 00007FFB2AD9F020 72675->72978 72677 7ff7c18d51a6 72979 7ff7c18c32d0 27 API calls 72677->72979 72679 7ff7c18d5936 73012 7ff7c18839b0 00007FFB2AD9F020 72679->73012 72681 7ff7c18d5a3c 72680->72681 72683 7ff7c18d5a33 ExitProcess 72680->72683 72684 7ff7c18d5a6b 72681->72684 73014 7ff7c1883a20 25 API calls 72681->73014 72682 7ff7c18d51d7 72980 7ff7c1899390 25 API calls 72682->72980 72683->72681 72685 7ff7c18d81c0 00007FFB2AD9F020 72684->72685 72689 7ff7c18d5381 72685->72689 72987 7ff7c1892ba0 72689->72987 72690 7ff7c18d5a57 73015 7ff7c1883a20 25 API calls 72690->73015 72693 7ff7c18d5a61 73016 7ff7c1883a20 25 API calls 72693->73016 72695 7ff7c18d5a7f 72695->72510 72696 7ff7c18d51dc 72981 7ff7c18992e0 00007FFB2AD9F020 72696->72981 72697 7ff7c18d597a 73013 7ff7c18839b0 00007FFB2AD9F020 72697->73013 72700 7ff7c18d5215 72982 7ff7c1899390 25 API calls 72700->72982 72702 7ff7c18d521a 72703 7ff7c18d5325 72702->72703 72704 7ff7c18d5282 RemoveDirectoryA CreateDirectoryA 72702->72704 72705 7ff7c18d81c0 00007FFB2AD9F020 72703->72705 72706 7ff7c18d52a3 MessageBoxA 72704->72706 72707 7ff7c18d52ca 72704->72707 72705->72689 72706->72703 72983 7ff7c18dc064 72707->72983 73103 7ff7c188bc50 72711->73103 72715 7ff7c18d4697 72716 7ff7c18d4712 72715->72716 73155 7ff7c18d3f20 72715->73155 72716->72510 72719 7ff7c18d89e1 72718->72719 72719->72719 73204 7ff7c18da530 72719->73204 72721 7ff7c18d8a24 72721->72510 73209 7ff7c18d8d70 72722->73209 72724 7ff7c18d8d58 73212 7ff7c18da800 72724->73212 72727->72500 72728->72504 72730 7ff7c18dc338 00007FFB2AD9F020 72729->72730 72733 7ff7c1897c98 00007FFB2ADB5630 72732->72733 72734 7ff7c1897cad 72732->72734 72733->72734 72734->72524 72736 7ff7c1885bfd 72735->72736 72737 7ff7c1885c91 72736->72737 72751 7ff7c1885d90 6 API calls 72736->72751 72741 7ff7c1886cb0 72737->72741 72740 7ff7c1885ca0 72740->72526 72742 7ff7c1886cda 72741->72742 72752 7ff7c18a26b0 72742->72752 72744 7ff7c1886e3e 72745 7ff7c18a26b0 00007FFB2AD9F020 72744->72745 72750 7ff7c1886f6c 72745->72750 72746 7ff7c188722d 72747 7ff7c188728a 72746->72747 72756 7ff7c18a3900 00007FFB2AD9F020 72746->72756 72747->72740 72749 7ff7c1887224 00007FFB2AD9F020 72749->72746 72750->72746 72750->72749 72751->72737 72753 7ff7c18a27ac 72752->72753 72755 7ff7c18a26d2 72752->72755 72753->72744 72754 7ff7c18a27a3 00007FFB2AD9F020 72754->72753 72755->72753 72755->72754 72756->72747 72758 7ff7c18d7cfb 72757->72758 72760 7ff7c18d7cf4 72757->72760 72759 7ff7c18d81c0 00007FFB2AD9F020 72758->72759 72759->72760 72760->72557 72761->72542 72762->72567 72763->72570 72764->72558 72765->72578 72766->72586 72773 7ff7c18d0344 72767->72773 72768 7ff7c18d039b GetClientRect QueryPerformanceCounter 72769 7ff7c18d0445 GetForegroundWindow 72768->72769 72770 7ff7c18d042b 72768->72770 72771 7ff7c18d04df 72769->72771 72772 7ff7c18d0457 72769->72772 72770->72769 72776 7ff7c18d0526 72771->72776 72779 7ff7c18d04f8 GetKeyState 72771->72779 72774 7ff7c18d0460 ClientToScreen 72772->72774 72775 7ff7c18d0495 72772->72775 72773->72768 72774->72775 72777 7ff7c18d0487 SetCursorPos 72774->72777 72775->72771 72778 7ff7c18d04a4 GetCursorPos 72775->72778 72780 7ff7c18d053f GetKeyState 72776->72780 72781 7ff7c18d056d 72776->72781 72777->72775 72778->72771 72782 7ff7c18d04b3 ScreenToClient 72778->72782 72779->72776 72784 7ff7c18d050a 72779->72784 72780->72781 72785 7ff7c18d0551 72780->72785 72783 7ff7c18d05b4 72781->72783 72786 7ff7c18d0586 GetKeyState 72781->72786 72782->72771 72787 7ff7c18d04c5 72782->72787 72788 7ff7c18d05cd GetKeyState 72783->72788 72795 7ff7c18d05fb 72783->72795 72784->72776 72853 7ff7c1881f90 00007FFB2AD9F020 72784->72853 72785->72781 72854 7ff7c1881f90 00007FFB2AD9F020 72785->72854 72786->72783 72790 7ff7c18d0598 72786->72790 72852 7ff7c1882260 00007FFB2AD9F020 72787->72852 72792 7ff7c18d05df 72788->72792 72788->72795 72790->72783 72855 7ff7c1881f90 00007FFB2AD9F020 72790->72855 72792->72795 72856 7ff7c1881f90 00007FFB2AD9F020 72792->72856 72794 7ff7c18d0625 72802 7ff7c18cfce0 72794->72802 72795->72794 72857 7ff7c18cfb70 LoadCursorA SetCursor SetCursor 72795->72857 72801 7ff7c1889e10 47 API calls 72801->72619 72803 7ff7c18cfd07 72802->72803 72805 7ff7c18cfdd3 72803->72805 72851 7ff7c18d0301 72803->72851 72858 7ff7c1881f90 00007FFB2AD9F020 72803->72858 72807 7ff7c18cfe0a 72805->72807 72859 7ff7c1881f90 00007FFB2AD9F020 72805->72859 72808 7ff7c18cfe41 72807->72808 72860 7ff7c1881f90 00007FFB2AD9F020 72807->72860 72809 7ff7c18cfe79 72808->72809 72861 7ff7c1881f90 00007FFB2AD9F020 72808->72861 72811 7ff7c18cfeae 72809->72811 72862 7ff7c1881f90 00007FFB2AD9F020 72809->72862 72816 7ff7c18cfee6 72811->72816 72863 7ff7c1881f90 00007FFB2AD9F020 72811->72863 72814 7ff7c18cff1c 72819 7ff7c18cff53 72814->72819 72865 7ff7c1881f90 00007FFB2AD9F020 72814->72865 72816->72814 72864 7ff7c1881f90 00007FFB2AD9F020 72816->72864 72822 7ff7c18cff86 72819->72822 72866 7ff7c1881f90 00007FFB2AD9F020 72819->72866 72821 7ff7c18d0025 72870 7ff7c1881f90 00007FFB2AD9F020 72821->72870 72824 7ff7c18cffbc 72822->72824 72867 7ff7c1881f90 00007FFB2AD9F020 72822->72867 72826 7ff7c18cfff8 72824->72826 72868 7ff7c1881f90 00007FFB2AD9F020 72824->72868 72826->72821 72869 7ff7c1881f90 00007FFB2AD9F020 72826->72869 72829 7ff7c18d0070 72871 7ff7c1881f90 00007FFB2AD9F020 72829->72871 72831 7ff7c18d010d 72874 7ff7c1881f90 00007FFB2AD9F020 72831->72874 72832 7ff7c18d00a9 72833 7ff7c18d00dd 72832->72833 72872 7ff7c1881f90 00007FFB2AD9F020 72832->72872 72833->72831 72873 7ff7c1881f90 00007FFB2AD9F020 72833->72873 72837 7ff7c18d0151 72875 7ff7c1881f90 00007FFB2AD9F020 72837->72875 72839 7ff7c18d0195 72876 7ff7c1881f90 00007FFB2AD9F020 72839->72876 72841 7ff7c18d01d0 72877 7ff7c1881f90 00007FFB2AD9F020 72841->72877 72843 7ff7c18d020b 72878 7ff7c1881f90 00007FFB2AD9F020 72843->72878 72845 7ff7c18d0246 72879 7ff7c1881f90 00007FFB2AD9F020 72845->72879 72847 7ff7c18d0281 72880 7ff7c1881f90 00007FFB2AD9F020 72847->72880 72849 7ff7c18d02c2 72881 7ff7c1881f90 00007FFB2AD9F020 72849->72881 72851->72801 72852->72771 72853->72776 72854->72781 72855->72783 72856->72795 72857->72794 72858->72805 72859->72807 72860->72808 72861->72809 72862->72811 72863->72816 72864->72814 72865->72819 72866->72822 72867->72824 72868->72826 72869->72821 72870->72829 72871->72832 72872->72833 72873->72831 72874->72837 72875->72839 72876->72841 72877->72843 72878->72845 72879->72847 72880->72849 72881->72851 73017 7ff7c18d3c00 72882->73017 72884 7ff7c18d3af7 72885 7ff7c18d3aff CreateFileA 72884->72885 72886 7ff7c18d3b63 72885->72886 72887 7ff7c18d3b3c CloseHandle 72885->72887 73021 7ff7c18d3d40 72886->73021 72888 7ff7c18d3b52 72887->72888 72892 7ff7c18d3bd7 72888->72892 72890 7ff7c18d3ba8 72891 7ff7c18d3bb0 RegOpenKeyExA 72890->72891 72891->72892 72892->72624 72893 7ff7c18d26c0 72892->72893 72894 7ff7c18d26de 72893->72894 72895 7ff7c18d26e5 72893->72895 72894->72624 73027 7ff7c18d32e0 72895->73027 72897 7ff7c18d27a4 73031 7ff7c18d31c0 72897->73031 72899 7ff7c18d27db 72900 7ff7c18d2805 GetModuleHandleA 72899->72900 72901 7ff7c18d2865 72900->72901 72902 7ff7c18d2831 72900->72902 72905 7ff7c18d2872 GetProcAddress 72901->72905 72903 7ff7c18d81c0 00007FFB2AD9F020 72902->72903 72904 7ff7c18d2847 72903->72904 72906 7ff7c18d81c0 00007FFB2AD9F020 72904->72906 72907 7ff7c18d81c0 00007FFB2AD9F020 72905->72907 72911 7ff7c18d2852 72906->72911 72908 7ff7c18d28b5 72907->72908 72909 7ff7c18d81c0 00007FFB2AD9F020 72908->72909 72910 7ff7c18d28c0 72909->72910 72910->72911 73035 7ff7c18d2150 72911->73035 72914 7ff7c18d81c0 00007FFB2AD9F020 72915 7ff7c18d298a VirtualAlloc 72914->72915 72917 7ff7c18d2b4c 72915->72917 72918 7ff7c18d2b69 72915->72918 72919 7ff7c18d8090 Concurrency::details::ResourceManager::CreateNodeTopology 00007FFB2AD9F020 72917->72919 73049 7ff7c18d3520 72918->73049 72919->72894 72921 7ff7c18d2bc9 73053 7ff7c18d3400 72921->73053 72923 7ff7c18d2c03 72924 7ff7c18d2c33 GetModuleHandleA 72923->72924 72925 7ff7c18d2c5f 72924->72925 72926 7ff7c18d2c99 72924->72926 72927 7ff7c18d81c0 00007FFB2AD9F020 72925->72927 72929 7ff7c18d2ca9 GetProcAddress 72926->72929 72928 7ff7c18d2c78 72927->72928 72930 7ff7c18d81c0 00007FFB2AD9F020 72928->72930 72931 7ff7c18d81c0 00007FFB2AD9F020 72929->72931 72932 7ff7c18d2c86 72930->72932 72933 7ff7c18d2cef 72931->72933 73057 7ff7c18d3760 72932->73057 72934 7ff7c18d81c0 00007FFB2AD9F020 72933->72934 72936 7ff7c18d2cfd 72934->72936 72936->72932 72937 7ff7c18d2d6a 73061 7ff7c18d3640 72937->73061 72939 7ff7c18d2da4 72940 7ff7c18d2dd4 GetModuleHandleA 72939->72940 72941 7ff7c18d2e00 72940->72941 72942 7ff7c18d2e3a 72940->72942 72943 7ff7c18d81c0 00007FFB2AD9F020 72941->72943 72945 7ff7c18d2e4a GetProcAddress 72942->72945 72944 7ff7c18d2e19 72943->72944 72946 7ff7c18d81c0 00007FFB2AD9F020 72944->72946 72947 7ff7c18d81c0 00007FFB2AD9F020 72945->72947 72951 7ff7c18d2e27 72946->72951 72948 7ff7c18d2e90 72947->72948 72949 7ff7c18d81c0 00007FFB2AD9F020 72948->72949 72950 7ff7c18d2e9e 72949->72950 72950->72951 73065 7ff7c18d39b0 72951->73065 72953 7ff7c18d3014 73069 7ff7c18d3890 72953->73069 72955 7ff7c18d304e 72956 7ff7c18d307e GetModuleHandleA 72955->72956 72957 7ff7c18d30e4 72956->72957 72958 7ff7c18d30aa 72956->72958 72961 7ff7c18d30f4 GetProcAddress 72957->72961 72959 7ff7c18d81c0 00007FFB2AD9F020 72958->72959 72960 7ff7c18d30c3 72959->72960 72962 7ff7c18d81c0 00007FFB2AD9F020 72960->72962 72963 7ff7c18d81c0 00007FFB2AD9F020 72961->72963 72964 7ff7c18d30d1 72962->72964 72965 7ff7c18d313a 72963->72965 72966 7ff7c18d3159 CreateThread 72964->72966 72967 7ff7c18d81c0 00007FFB2AD9F020 72965->72967 73073 7ff7c18d8090 72966->73073 72968 7ff7c18d3148 72967->72968 72968->72966 72970->72645 72971->72649 72972->72653 72973->72660 72974->72664 72975->72668 72976->72671 72977->72675 72978->72677 72979->72682 72980->72696 72981->72700 72982->72702 72984 7ff7c18dc06f Concurrency::cancel_current_task 72983->72984 72985 7ff7c18d52db 72984->72985 72986 7ff7c18dbd38 Concurrency::details::ResourceManager::CreateNodeTopology 00007FFB2AD9F020 72984->72986 72985->72703 73001 7ff7c18da630 00007FFB2AD9F020 72985->73001 72986->72985 72988 7ff7c1892bc3 72987->72988 72991 7ff7c1892bd8 72987->72991 72988->72991 73097 7ff7c18985b0 25 API calls 72988->73097 72990 7ff7c1892c6a 72992 7ff7c1892ca0 72990->72992 73099 7ff7c18be910 25 API calls 72990->73099 72991->72990 73000 7ff7c1892e24 72991->73000 73098 7ff7c18985b0 25 API calls 72991->73098 73100 7ff7c1894290 25 API calls 72992->73100 72996 7ff7c1892cb3 72999 7ff7c1892d12 72996->72999 73101 7ff7c18a0d50 00007FFB2AD9F020 72996->73101 72999->73000 73102 7ff7c18980d0 25 API calls 72999->73102 73000->72695 73001->72703 73002->72643 73003->72647 73004->72651 73005->72655 73006->72657 73007->72659 73008->72663 73009->72667 73010->72673 73011->72679 73012->72697 73013->72680 73014->72690 73015->72693 73016->72684 73018 7ff7c18d3c98 73017->73018 73020 7ff7c18d3ca4 73017->73020 73025 7ff7c18dbdac RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73018->73025 73020->72884 73022 7ff7c18d3e2d 73021->73022 73024 7ff7c18d3e39 73021->73024 73026 7ff7c18dbdac RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73022->73026 73024->72890 73028 7ff7c18d335f 73027->73028 73030 7ff7c18d336b 73027->73030 73077 7ff7c18dbdac RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73028->73077 73030->72897 73032 7ff7c18d323f 73031->73032 73034 7ff7c18d324b 73031->73034 73078 7ff7c18dbdac RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73032->73078 73034->72899 73039 7ff7c18d21bb Concurrency::details::ResourceManager::CreateNodeTopology 73035->73039 73036 7ff7c18d81c0 00007FFB2AD9F020 73037 7ff7c18d22d7 73036->73037 73038 7ff7c18d7cd0 00007FFB2AD9F020 73037->73038 73040 7ff7c18d230c 73038->73040 73039->73036 73041 7ff7c18d81c0 00007FFB2AD9F020 73040->73041 73047 7ff7c18d2319 73041->73047 73042 7ff7c18d2674 73043 7ff7c18d8090 Concurrency::details::ResourceManager::CreateNodeTopology 00007FFB2AD9F020 73042->73043 73045 7ff7c18d26a1 73043->73045 73044 7ff7c18d252c 73044->73042 73046 7ff7c18d91b0 00007FFB2AD9F020 73044->73046 73045->72914 73046->73044 73047->73044 73079 7ff7c18d91b0 73047->73079 73050 7ff7c18d359f 73049->73050 73052 7ff7c18d35ab 73049->73052 73091 7ff7c18dbdac RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73050->73091 73052->72921 73054 7ff7c18d347f 73053->73054 73056 7ff7c18d348b 73053->73056 73092 7ff7c18dbdac RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73054->73092 73056->72923 73058 7ff7c18d37e9 73057->73058 73060 7ff7c18d37f5 73057->73060 73093 7ff7c18dbdac RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73058->73093 73060->72937 73062 7ff7c18d36bf 73061->73062 73064 7ff7c18d36cb 73061->73064 73094 7ff7c18dbdac RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73062->73094 73064->72939 73066 7ff7c18d3a2f 73065->73066 73068 7ff7c18d3a3b 73065->73068 73095 7ff7c18dbdac RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73066->73095 73068->72953 73070 7ff7c18d390f 73069->73070 73072 7ff7c18d391b 73069->73072 73096 7ff7c18dbdac RtlAcquireSRWLockExclusive SleepConditionVariableSRW RtlReleaseSRWLockExclusive 73070->73096 73072->72955 73075 7ff7c18d80fa Concurrency::details::ResourceManager::CreateNodeTopology 73073->73075 73074 7ff7c18d818a 73074->72894 73075->73074 73076 7ff7c18dbd38 Concurrency::details::ResourceManager::CreateNodeTopology 00007FFB2AD9F020 73075->73076 73076->73074 73080 7ff7c18d9207 73079->73080 73082 7ff7c18d91e9 73079->73082 73083 7ff7c18da9e0 73080->73083 73082->73047 73084 7ff7c18daaeb 73083->73084 73087 7ff7c18db0d0 73084->73087 73090 7ff7c18db149 Concurrency::details::ResourceManager::CreateNodeTopology 73087->73090 73088 7ff7c18dace3 73088->73082 73089 7ff7c18dbd38 Concurrency::details::ResourceManager::CreateNodeTopology 00007FFB2AD9F020 73089->73088 73090->73088 73090->73089 73097->72991 73098->72990 73099->72992 73100->72996 73101->72999 73102->73000 73104 7ff7c188bc62 73103->73104 73105 7ff7c188bdb5 73104->73105 73107 7ff7c18985b0 25 API calls 73104->73107 73109 7ff7c1892ba0 25 API calls 73104->73109 73110 7ff7c188bdc8 73104->73110 73130 7ff7c188c1ec 73104->73130 73159 7ff7c188cd70 25 API calls 73104->73159 73105->73110 73160 7ff7c18980d0 25 API calls 73105->73160 73107->73104 73109->73104 73161 7ff7c18987d0 28 API calls 73110->73161 73112 7ff7c188becf 73115 7ff7c188bf2e 73112->73115 73162 7ff7c18a1f40 00007FFB2AD9F020 00007FFB2AD9F020 printf 73112->73162 73113 7ff7c1892ba0 25 API calls 73116 7ff7c188bf96 73113->73116 73115->73113 73121 7ff7c188bfae 73116->73121 73163 7ff7c18a0500 25 API calls 73116->73163 73118 7ff7c188c076 73166 7ff7c18894d0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 73118->73166 73120 7ff7c188c095 73122 7ff7c188c0bc 73120->73122 73167 7ff7c18a3400 00007FFB2AD9F020 73120->73167 73121->73118 73127 7ff7c188c041 73121->73127 73164 7ff7c18a08d0 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 73121->73164 73168 7ff7c18a3400 00007FFB2AD9F020 73122->73168 73126 7ff7c188c11a 73126->73130 73170 7ff7c18a39e0 00007FFB2AD9F020 73126->73170 73127->73118 73165 7ff7c189a780 25 API calls 73127->73165 73128 7ff7c188c0d5 73128->73126 73169 7ff7c188b200 00007FFB2ADA49A0 00007FFB2AD9F020 73128->73169 73130->72715 73133 7ff7c188c240 73130->73133 73134 7ff7c188c254 73133->73134 73135 7ff7c188bc50 30 API calls 73134->73135 73141 7ff7c188c283 73134->73141 73135->73141 73136 7ff7c188c6ba 73136->72715 73137 7ff7c188c414 73173 7ff7c188b850 6 API calls 73137->73173 73139 7ff7c18a3400 00007FFB2AD9F020 73139->73141 73141->73136 73141->73137 73141->73139 73171 7ff7c1889280 7 API calls 73141->73171 73172 7ff7c18b0e30 00007FFB2AD9F020 73141->73172 73142 7ff7c188c4fc 73154 7ff7c188c524 73142->73154 73177 7ff7c18857a0 7 API calls 73142->73177 73143 7ff7c188c419 73145 7ff7c188c4ac 73143->73145 73174 7ff7c188b310 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 73143->73174 73147 7ff7c188c4d4 73145->73147 73175 7ff7c188b310 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 73145->73175 73147->73142 73176 7ff7c188b310 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 73147->73176 73152 7ff7c18a3400 00007FFB2AD9F020 73152->73154 73154->73136 73154->73152 73178 7ff7c1889280 7 API calls 73154->73178 73179 7ff7c18b0e30 00007FFB2AD9F020 73154->73179 73156 7ff7c18d3f29 73155->73156 73180 7ff7c18cf630 73156->73180 73159->73104 73160->73110 73161->73112 73162->73115 73163->73121 73164->73127 73165->73118 73166->73120 73167->73122 73168->73128 73169->73128 73170->73130 73171->73141 73172->73141 73173->73143 73174->73143 73175->73147 73176->73142 73177->73154 73178->73154 73179->73154 73181 7ff7c18cf640 73180->73181 73182 7ff7c18cf657 73180->73182 73181->73182 73184 7ff7c18cf2f0 73181->73184 73182->72716 73185 7ff7c18cf313 73184->73185 73190 7ff7c18b1770 73185->73190 73187 7ff7c18cf583 73187->73182 73188 7ff7c18cf36a 73188->73187 73189 7ff7c18cf57a 00007FFB2AD9F020 73188->73189 73189->73187 73191 7ff7c18b17a6 73190->73191 73192 7ff7c18b190a 73190->73192 73191->73192 73194 7ff7c18b21b0 73191->73194 73192->73188 73195 7ff7c18b21e2 73194->73195 73199 7ff7c18b1ec0 73195->73199 73202 7ff7c18b1f23 73199->73202 73201 7ff7c18b2191 00007FFB2AD9F020 73201->73192 73203 7ff7c18b1d00 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 00007FFB2AD9F020 73202->73203 73203->73201 73205 7ff7c18da5e8 73204->73205 73206 7ff7c18da56a 73204->73206 73208 7ff7c18dad00 00007FFB2AD9F020 Concurrency::details::ResourceManager::CreateNodeTopology 73205->73208 73206->72721 73208->73206 73216 7ff7c18d1ab0 73209->73216 73211 7ff7c18d8d94 73211->72724 73214 7ff7c18da80c 73212->73214 73213 7ff7c18d1ab0 00007FFB1BA736D0 73213->73214 73214->73213 73215 7ff7c18d8d60 73214->73215 73215->72510 73220 7ff7c18de188 73216->73220 73218 7ff7c18d1ac3 00007FFB1BA736D0 73219 7ff7c18d1ad8 _Subatomic 73218->73219 73219->73211 73221 7ff7c18de18f 73220->73221 73222 7ff7c18d3f90 73223 7ff7c18d3fcd 73222->73223 73224 7ff7c18d3ff2 73223->73224 73225 7ff7c18d409a PostQuitMessage 73223->73225 73234 7ff7c18d3fd2 73223->73234 73226 7ff7c18d3ff9 73224->73226 73229 7ff7c18d4024 73224->73229 73225->73234 73227 7ff7c18d4011 73226->73227 73228 7ff7c18d40be 73226->73228 73230 7ff7c18d41b1 NtdllDefWindowProc_A 73227->73230 73227->73234 73231 7ff7c18d40cd GetWindowRect 73228->73231 73228->73234 73232 7ff7c18d3f20 6 API calls 73229->73232 73229->73234 73230->73234 73233 7ff7c18d4151 73231->73233 73231->73234 73232->73234 73233->73234 73235 7ff7c18d4176 SetWindowPos 73233->73235 73235->73234 73236 7ff7c18d1b90 73239 7ff7c18d1c2c 73236->73239 73237 7ff7c18d1eef 73238 7ff7c18d1dbb LoadLibraryA 73238->73239 73239->73237 73239->73238 73319 7ff7c18cf7a0 73320 7ff7c18cf7b6 73319->73320 73321 7ff7c18cf7fb QueryPerformanceFrequency 73320->73321 73322 7ff7c18cf811 QueryPerformanceCounter 73321->73322 73323 7ff7c18cfa2e 73321->73323 73322->73323 73324 7ff7c18cf827 73322->73324 73325 7ff7c18cf8cc GetKeyboardLayout GetLocaleInfoA 73324->73325 73327 7ff7c18cf936 73325->73327 73326 7ff7c18cf9c0 LoadLibraryA 73326->73327 73328 7ff7c18cf9ef GetProcAddress GetProcAddress 73326->73328 73327->73326 73329 7ff7c18cf9dc 73327->73329 73240 7ff7c18dc0cc 73241 7ff7c18dc0dc 73240->73241 73249 7ff7c18dbe9c 73241->73249 73243 7ff7c18dc15a 73248 7ff7c18dc171 73243->73248 73254 7ff7c18dc628 9 API calls 73243->73254 73245 7ff7c18dc181 73246 7ff7c18dc100 Concurrency::details::ResourceManager::CreateNodeTopology _RTC_Initialize 73246->73243 73247 7ff7c18dc14e 00007FFB2ADB1B20 73246->73247 73247->73243 73250 7ff7c18dbead 73249->73250 73253 7ff7c18dbeb2 __scrt_release_startup_lock 73249->73253 73250->73253 73255 7ff7c18dc628 9 API calls 73250->73255 73252 7ff7c18dbf26 73253->73246 73254->73245 73255->73252 73330 23d0fbe8bc0 73331 23d0fb0c520 Concurrency::details::WorkQueue::IsStructuredEmpty 73330->73331 73332 23d0fbe8be5 CreateFileA 73331->73332 73333 23d0fbe8c25 73332->73333 73334 23d0fbe8720 CreateFileA 73333->73334 73335 23d0fbe8c59 73334->73335 73336 23d0fc29d5c 73339 23d0fc29d67 73336->73339 73337 23d0fc29d80 73338 23d0fc29d91 73344 23d0fc2a830 std::bad_alloc::bad_alloc stdext::threads::lock_error::lock_error 73338->73344 73339->73337 73339->73338 73343 23d0fc2a810 std::exception::exception std::bad_alloc::bad_alloc 73339->73343 73342 23d0fc29d97 std::_Facet_Register 73344->73342 73345 23d0fb2f46a 73346 23d0fb0c520 Concurrency::details::WorkQueue::IsStructuredEmpty 73345->73346 73347 23d0fb2f480 FindFirstFileA 73346->73347 73348 23d0fb2f4e9 73347->73348 73359 23d0fb2f4a4 73347->73359 73350 23d0fb2f559 73348->73350 73386 23d0fb2fe00 std::bad_alloc::bad_alloc std::exception::exception CreateToolhelp32Snapshot Process32NextW Process32NextW 73348->73386 73351 23d0fb2f6c1 73350->73351 73352 23d0fb2f5fb 73350->73352 73351->73359 73365 23d0fbca1e0 73351->73365 73352->73359 73387 23d0fb2fe00 std::bad_alloc::bad_alloc std::exception::exception CreateToolhelp32Snapshot Process32NextW Process32NextW 73352->73387 73355 23d0fb2f773 73388 23d0fb0c9c0 _aligned_msize type_info::_name_internal_method 73355->73388 73357 23d0fb2f7a5 73357->73359 73389 23d0fb0c9c0 _aligned_msize type_info::_name_internal_method 73357->73389 73360 23d0fb2f85e 73360->73359 73361 23d0fb2f8e9 type_info::_name_internal_method 73360->73361 73362 23d0fb2f925 73361->73362 73363 23d0fb2f905 73361->73363 73390 23d0fb2e2c0 12 API calls Concurrency::details::WorkQueue::IsStructuredEmpty 73362->73390 73366 23d0fbca202 73365->73366 73368 23d0fbca26c 73366->73368 73407 23d0fb05130 allocator 73366->73407 73385 23d0fbca27c Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock allocator 73368->73385 73391 23d0fbcc440 _aligned_msize 73368->73391 73370 23d0fbca33b 73379 23d0fbca3cb 73370->73379 73392 23d0fbcc440 _aligned_msize 73370->73392 73372 23d0fbca3c0 73373 23d0fbca7af 73372->73373 73372->73379 73399 23d0fb62030 allocator Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getReferenceType 73373->73399 73375 23d0fbca7e2 73400 23d0fb62030 allocator Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getReferenceType 73375->73400 73377 23d0fbca80c 73401 23d0fbc7740 73377->73401 73393 23d0fb62030 allocator Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getReferenceType 73379->73393 73381 23d0fbca534 73394 23d0fb62030 allocator Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getReferenceType 73381->73394 73383 23d0fbca55e 73395 23d0fbc9f40 73383->73395 73385->73355 73386->73350 73387->73359 73388->73357 73389->73360 73390->73359 73391->73370 73392->73372 73393->73381 73394->73383 73396 23d0fbc9f9f Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 73395->73396 73408 23d0fb03d40 73396->73408 73398 23d0fbca15c 73398->73385 73399->73375 73400->73377 73402 23d0fbc7794 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 73401->73402 73403 23d0fbc787c CryptUnprotectData 73402->73403 73404 23d0fbc78bd 73403->73404 73406 23d0fbc791d Concurrency::task_continuation_context::task_continuation_context 73404->73406 73419 23d0fb05130 allocator 73404->73419 73406->73385 73407->73366 73409 23d0fb03d69 73408->73409 73416 23d0fb04850 allocator Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 73409->73416 73411 23d0fb03eb1 73417 23d0fb04590 allocator Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 73411->73417 73413 23d0fb0405f 73418 23d0fb05100 allocator 73413->73418 73415 23d0fb04111 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 73415->73398 73416->73411 73417->73413 73418->73415 73419->73404 73256 23d0fbc83b0 73257 23d0fbc83cf type_info::_name_internal_method 73256->73257 73258 23d0fbe8720 CreateFileA 73257->73258 73259 23d0fbc855f 73258->73259 73286 23d0fbc856c 73259->73286 73287 23d0fb79970 type_info::_name_internal_method 73259->73287 73261 23d0fbc85f0 73262 23d0fbc860e 73261->73262 73264 23d0fbc85f7 73261->73264 73302 23d0fb62030 allocator Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getReferenceType 73262->73302 73288 23d0fbe8d40 73264->73288 73266 23d0fbc8692 Concurrency::details::WorkQueue::IsStructuredEmpty Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 73266->73286 73292 23d0fb05100 allocator 73266->73292 73269 23d0fbc8ee4 73270 23d0fbc8efb 73269->73270 73272 23d0fbc8fab 73269->73272 73304 23d0fb62030 allocator Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getReferenceType 73270->73304 73273 23d0fbc8fef 73272->73273 73277 23d0fbc909f Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 73272->73277 73305 23d0fb62030 allocator Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getReferenceType 73273->73305 73275 23d0fbc89bb 73276 23d0fbc8e01 73275->73276 73279 23d0fbc8acf 73275->73279 73303 23d0fb62030 allocator Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getReferenceType 73276->73303 73280 23d0fbc91d7 73277->73280 73282 23d0fbc9287 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock 73277->73282 73293 23d0fc0cb40 73279->73293 73306 23d0fb62030 allocator Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getReferenceType 73280->73306 73307 23d0fbc8270 HandleT Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock Concurrency::task_continuation_context::task_continuation_context 73282->73307 73284 23d0fbc92fa 73308 23d0fb62030 allocator Concurrency::details::WorkQueue::IsStructuredEmpty UnDecorator::getReferenceType 73284->73308 73287->73261 73289 23d0fbe8d60 Concurrency::details::WorkQueue::IsStructuredEmpty 73288->73289 73290 23d0fbe8d8b CreateFileA ReadFile 73289->73290 73291 23d0fbe8df5 Concurrency::task_continuation_context::task_continuation_context 73290->73291 73291->73266 73292->73275 73309 23d0fb052b0 73293->73309 73295 23d0fc0cb66 CreateToolhelp32Snapshot 73296 23d0fc0cb82 73295->73296 73297 23d0fc0cbd7 Process32NextW 73296->73297 73298 23d0fc0cb89 73296->73298 73297->73298 73299 23d0fc0cbfd Concurrency::details::WorkQueue::IsStructuredEmpty 73297->73299 73298->73269 73300 23d0fc0cd30 Process32NextW 73299->73300 73311 23d0fc0cd90 std::bad_alloc::bad_alloc 73299->73311 73300->73298 73300->73299 73302->73286 73303->73286 73304->73286 73305->73286 73306->73286 73307->73284 73308->73286 73310 23d0fb052d2 Concurrency::details::_TaskCreationCallstack::_TaskCreationCallstack 73309->73310 73310->73295 73311->73299

                                                          Executed Functions

                                                          Function 00007FF7C18D4720 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 892windowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 7ff7c18d4720-7ff7c18d49ff call 7ff7c18d1840 call 7ff7c18a4a60 call 7ff7c1883880 call 7ff7c18d1840 call 7ff7c18a4a60 call 7ff7c1883880 call 7ff7c18d1840 call 7ff7c18a4a60 call 7ff7c1883880 call 7ff7c18d1840 call 7ff7c18a4a60 call 7ff7c1883880 call 7ff7c18d1840 call 7ff7c18a4a60 call 7ff7c1883880 call 7ff7c18d1840 call 7ff7c18a4a60 call 7ff7c1883880 call 7ff7c1881080 * 2 call 7ff7c18940a0 call 7ff7c1881080 call 7ff7c1894130 47 7ff7c18d4a25-7ff7c18d4a5e call 7ff7c18d8780 call 7ff7c1890340 0->47 48 7ff7c18d4a01-7ff7c18d4a11 call 7ff7c18d3ad0 0->48 57 7ff7c18d4a64-7ff7c18d4ac5 call 7ff7c1881080 call 7ff7c1899240 call 7ff7c1881080 call 7ff7c18c04f0 47->57 58 7ff7c18d5387-7ff7c18d58ed call 7ff7c18941b0 call 7ff7c18d7ee0 call 7ff7c18d89b0 call 7ff7c18d81c0 call 7ff7c18d79b0 call 7ff7c188c720 call 7ff7c18d79b0 call 7ff7c18a4a30 call 7ff7c18a4a50 call 7ff7c1881080 call 7ff7c18941e0 call 7ff7c18b02a0 call 7ff7c18d79b0 call 7ff7c18a4a30 call 7ff7c18a4a50 call 7ff7c1881080 call 7ff7c18941e0 call 7ff7c18b02a0 call 7ff7c18d79b0 call 7ff7c18a4a30 call 7ff7c18a4a50 call 7ff7c1881080 call 7ff7c18941e0 call 7ff7c18b02a0 call 7ff7c18d79b0 call 7ff7c18a4a30 call 7ff7c18a4a50 call 7ff7c1881080 call 7ff7c18941e0 call 7ff7c18b02a0 call 7ff7c18d79b0 call 7ff7c18a4a30 call 7ff7c18a4a50 call 7ff7c1881080 call 7ff7c18941e0 call 7ff7c18b02a0 call 7ff7c1881080 call 7ff7c1899240 call 7ff7c18bf580 call 7ff7c18992a0 call 7ff7c18992e0 call 7ff7c1881080 call 7ff7c18c1520 call 7ff7c1899390 47->58 48->47 54 7ff7c18d4a13-7ff7c18d4a1f call 7ff7c18d26c0 48->54 59 7ff7c18d4a24 54->59 77 7ff7c18d4acb-7ff7c18d4b27 SHBrowseForFolder 57->77 78 7ff7c18d4c18-7ff7c18d527c call 7ff7c18941b0 call 7ff7c18d7ee0 call 7ff7c18d89b0 call 7ff7c18d81c0 call 7ff7c18d8780 call 7ff7c188c720 call 7ff7c18d8780 call 7ff7c18a4a30 call 7ff7c18a4a50 call 7ff7c1881080 call 7ff7c18941e0 call 7ff7c18b02a0 call 7ff7c18d8780 call 7ff7c18a4a30 call 7ff7c18a4a50 call 7ff7c1881080 call 7ff7c18941e0 call 7ff7c18b02a0 call 7ff7c18d79b0 call 7ff7c18a4a30 call 7ff7c18a4a50 call 7ff7c1881080 call 7ff7c18941e0 call 7ff7c18b02a0 call 7ff7c18d79b0 call 7ff7c18a4a30 call 7ff7c18a4a50 call 7ff7c1881080 call 7ff7c18941e0 call 7ff7c18b02a0 call 7ff7c18d79b0 call 7ff7c18a4a30 call 7ff7c18a4a50 call 7ff7c1881080 call 7ff7c18941e0 call 7ff7c18b02a0 call 7ff7c1881080 call 7ff7c1899240 call 7ff7c18992e0 call 7ff7c18bf580 call 7ff7c1899390 call 7ff7c1881080 call 7ff7c1899240 call 7ff7c18992e0 call 7ff7c18c32d0 call 7ff7c1899390 call 7ff7c1881080 call 7ff7c1899240 call 7ff7c18992e0 call 7ff7c1899390 call 7ff7c1881080 call 7ff7c1899240 call 7ff7c1881080 call 7ff7c18c04f0 57->78 248 7ff7c18d58f3-7ff7c18d59be call 7ff7c18d1840 call 7ff7c18a4a60 call 7ff7c18839b0 call 7ff7c18d1840 call 7ff7c18a4a60 call 7ff7c18839b0 call 7ff7c18d1840 call 7ff7c18a4a60 call 7ff7c18839b0 58->248 249 7ff7c18d59bf-7ff7c18d5a20 call 7ff7c1881080 call 7ff7c1899240 call 7ff7c1881080 call 7ff7c18c04f0 58->249 59->47 77->78 81 7ff7c18d4b2d-7ff7c18d4b45 SHGetPathFromIDList 77->81 320 7ff7c18d5374-7ff7c18d5382 call 7ff7c18d81c0 78->320 321 7ff7c18d5282-7ff7c18d52a1 RemoveDirectoryA CreateDirectoryA 78->321 82 7ff7c18d4b4b-7ff7c18d4b86 81->82 83 7ff7c18d4c09-7ff7c18d4c17 CoTaskMemFree 81->83 86 7ff7c18d4b8b-7ff7c18d4b98 82->86 83->78 86->86 90 7ff7c18d4b9a-7ff7c18d4bde call 7ff7c18d8780 86->90 100 7ff7c18d4be3-7ff7c18d4bf0 90->100 100->100 103 7ff7c18d4bf2-7ff7c18d4bf7 100->103 106 7ff7c18d4bf9-7ff7c18d4c07 103->106 106->83 106->106 248->249 276 7ff7c18d5a22-7ff7c18d5a31 249->276 277 7ff7c18d5a3c-7ff7c18d5a4b 249->277 276->277 280 7ff7c18d5a33-7ff7c18d5a3b ExitProcess 276->280 281 7ff7c18d5a6c-7ff7c18d5a79 call 7ff7c18d81c0 277->281 282 7ff7c18d5a4d-7ff7c18d5a6b call 7ff7c1883a20 * 3 277->282 280->277 291 7ff7c18d5a7a-7ff7c18d5a89 call 7ff7c1892ba0 281->291 282->281 320->291 323 7ff7c18d52a3-7ff7c18d52c5 MessageBoxA 321->323 324 7ff7c18d52ca-7ff7c18d52d6 call 7ff7c18dc064 321->324 323->320 327 7ff7c18d52db-7ff7c18d52ec 324->327 328 7ff7c18d52ee-7ff7c18d5346 call 7ff7c18da630 327->328 329 7ff7c18d5348 327->329 331 7ff7c18d5354-7ff7c18d536c 328->331 329->331 331->320
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: CreateDirectory$BrowseCloseExitFileFolderFreeFromHandleListMessagePathProcessRemoveTask
                                                          • String ID: Loader$...$C:\Users\user\Desktop\solara-executor$Fail$Failed to create setup directory$Install$P$Solara$choose install folder$continue$destinatinal folder$f$installation...$solara-executor
                                                          • API String ID: 380753353-2284742252
                                                          • Opcode ID: 8d7d44eaddbc20831c6762e85175d0632f03872633d4611175878a45b0127301
                                                          • Instruction ID: 193e9e83be9a3614c16247647ba1c2785cc4db45cfe516540635d86583949b3c
                                                          • Opcode Fuzzy Hash: 8d7d44eaddbc20831c6762e85175d0632f03872633d4611175878a45b0127301
                                                          • Instruction Fuzzy Hash: 2AA2333590D68695E761FF22E8903AAF3A0FFC9360F808235D98D576A5DFBCE1548B10
                                                          Function 00007FF7C18CF7A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150libraryloaderCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: AddressPerformanceProcQuery$CounterFrequencyInfoKeyboardLayoutLibraryLoadLocale
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$XInputGetCapabilities$XInputGetState$i >= 0 && i < Size$imgui_impl_win32$io.BackendPlatformUserData == nullptr && "Already initialized a platform backend!"$xinput1_1.dll$xinput1_2.dll$xinput1_3.dll$xinput1_4.dll$xinput9_1_0.dll
                                                          • API String ID: 2839060773-805143068
                                                          • Opcode ID: b7794f76b813ba0ffa93ba3e4a0341deb698b7340ee9810f303d84f49f8841cb
                                                          • Instruction ID: a5804cac20946d6b6138ae3c980e7b3c2942c466fe9eaaa9e978a682c563bd94
                                                          • Opcode Fuzzy Hash: b7794f76b813ba0ffa93ba3e4a0341deb698b7340ee9810f303d84f49f8841cb
                                                          • Instruction Fuzzy Hash: 40718436A0CF8686EB50AF15E8502A9B3F5FB44764F845136CA8D43760EF7CE469C710
                                                          Function 00007FF7C18D0330 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182keyboardCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 362 7ff7c18d0330-7ff7c18d0342 363 7ff7c18d0344-7ff7c18d034e 362->363 364 7ff7c18d0352 362->364 365 7ff7c18d0375-7ff7c18d0378 363->365 366 7ff7c18d0350 363->366 367 7ff7c18d0354-7ff7c18d036e call 7ff7c18de460 364->367 369 7ff7c18d039b-7ff7c18d0429 GetClientRect QueryPerformanceCounter 365->369 370 7ff7c18d037a-7ff7c18d0394 call 7ff7c18de460 365->370 366->367 367->365 371 7ff7c18d0445-7ff7c18d0451 GetForegroundWindow 369->371 372 7ff7c18d042b-7ff7c18d043f call 7ff7c18de460 369->372 370->369 376 7ff7c18d04df-7ff7c18d04ed 371->376 377 7ff7c18d0457-7ff7c18d045e 371->377 372->371 381 7ff7c18d0526-7ff7c18d0534 376->381 382 7ff7c18d04ef-7ff7c18d04f6 376->382 379 7ff7c18d0460-7ff7c18d0485 ClientToScreen 377->379 380 7ff7c18d049e-7ff7c18d04a2 377->380 385 7ff7c18d0495-7ff7c18d049c 379->385 386 7ff7c18d0487-7ff7c18d048f SetCursorPos 379->386 380->376 387 7ff7c18d04a4-7ff7c18d04b1 GetCursorPos 380->387 383 7ff7c18d0536-7ff7c18d053d 381->383 384 7ff7c18d056d-7ff7c18d057b 381->384 382->381 388 7ff7c18d04f8-7ff7c18d0508 GetKeyState 382->388 383->384 390 7ff7c18d053f-7ff7c18d054f GetKeyState 383->390 391 7ff7c18d05b4-7ff7c18d05c2 384->391 392 7ff7c18d057d-7ff7c18d0584 384->392 385->376 385->380 386->385 387->376 393 7ff7c18d04b3-7ff7c18d04c3 ScreenToClient 387->393 388->381 389 7ff7c18d050a-7ff7c18d0511 388->389 389->381 396 7ff7c18d0513-7ff7c18d0521 call 7ff7c1881f90 389->396 390->384 397 7ff7c18d0551-7ff7c18d0558 390->397 394 7ff7c18d05c4-7ff7c18d05cb 391->394 395 7ff7c18d05fb-7ff7c18d05ff 391->395 392->391 398 7ff7c18d0586-7ff7c18d0596 GetKeyState 392->398 393->376 399 7ff7c18d04c5-7ff7c18d04da call 7ff7c1882260 393->399 394->395 400 7ff7c18d05cd-7ff7c18d05dd GetKeyState 394->400 402 7ff7c18d0601-7ff7c18d0606 395->402 403 7ff7c18d0608-7ff7c18d060f 395->403 396->381 397->384 404 7ff7c18d055a-7ff7c18d0568 call 7ff7c1881f90 397->404 398->391 405 7ff7c18d0598-7ff7c18d059f 398->405 399->376 400->395 407 7ff7c18d05df-7ff7c18d05e6 400->407 408 7ff7c18d0615-7ff7c18d0618 402->408 403->408 404->384 405->391 410 7ff7c18d05a1-7ff7c18d05af call 7ff7c1881f90 405->410 407->395 411 7ff7c18d05e8-7ff7c18d05f6 call 7ff7c1881f90 407->411 412 7ff7c18d0625-7ff7c18d0628 call 7ff7c18cfce0 408->412 413 7ff7c18d061a-7ff7c18d0620 call 7ff7c18cfb70 408->413 410->391 411->395 418 7ff7c18d062d-7ff7c18d0634 412->418 413->412
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: State$Client$CursorScreen$CounterForegroundPerformanceQueryRectWindow
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "Context or backend not initialized? Did you call ImGui_ImplWin32_Init()?"$bd->hWnd != 0
                                                          • API String ID: 1576454153-990843061
                                                          • Opcode ID: b9b1333f0241c167bb0d36fc47031ea75db285839677a006f3658dc029a391cc
                                                          • Instruction ID: 335fef02d5965233dd456f6e646a520799ea823407c18ff230f6f303644f8907
                                                          • Opcode Fuzzy Hash: b9b1333f0241c167bb0d36fc47031ea75db285839677a006f3658dc029a391cc
                                                          • Instruction Fuzzy Hash: 2091B121E0C78786FB11BF25D444379A7E1EF917B8F884235E94D16591DFACE8A4CB20
                                                          Function 00007FF7C18D3F90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: NtdllProc_Window
                                                          • String ID: E
                                                          • API String ID: 4255912815-3568589458
                                                          • Opcode ID: 60b10af7e7726b57b2a11d93ff49d429ce7ba957dc1b0bd3a5e91d316a4ed560
                                                          • Instruction ID: 250f04cf598b81c0fd7a985c0e47f2317aa77314e3c4478a827a0b037bcbcda5
                                                          • Opcode Fuzzy Hash: 60b10af7e7726b57b2a11d93ff49d429ce7ba957dc1b0bd3a5e91d316a4ed560
                                                          • Instruction Fuzzy Hash: 2E51437160C7868AE760EF24E44437AF3E0EB867B5F900135EA8D82A94DFBDD854CB10
                                                          Function 0000023D0FB2F46A Relevance: 8.0, APIs: 5, Instructions: 519fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 669 23d0fb2f46a-23d0fb2f4a2 call 23d0fb0c520 FindFirstFileA 672 23d0fb2f4a4-23d0fb2f4df call 23d0fb05180 call 23d0fb0a060 call 23d0fb11e90 call 23d0fb0a060 669->672 673 23d0fb2f4e9-23d0fb2f520 669->673 696 23d0fb2fbf5-23d0fb2fbfd 672->696 674 23d0fb2f55d-23d0fb2f5f5 call 23d0fb2fcb0 call 23d0fb31a30 call 23d0fb0a110 call 23d0fb0a170 call 23d0fc175a0 673->674 675 23d0fb2f522-23d0fb2f559 call 23d0fb0a170 call 23d0fb2fe00 673->675 699 23d0fb2f6c1-23d0fb2f6e3 call 23d0fc13860 674->699 700 23d0fb2f5fb-23d0fb2f642 call 23d0fb2fd60 call 23d0fb319a0 call 23d0fb11f30 674->700 675->674 708 23d0fb2fb69-23d0fb2fba4 call 23d0fb05180 call 23d0fb0a060 call 23d0fb11e90 call 23d0fb0a060 699->708 709 23d0fb2f6e9-23d0fb2f76e call 23d0fb2d260 call 23d0fc136d0 call 23d0fb0a170 call 23d0fbca1e0 699->709 718 23d0fb2f644-23d0fb2f67d call 23d0fb0a170 call 23d0fb2fe00 700->718 719 23d0fb2f681-23d0fb2f6bc call 23d0fb05180 call 23d0fb0a060 call 23d0fb11e90 call 23d0fb0a060 700->719 708->696 735 23d0fb2f773-23d0fb2f7aa call 23d0fb0c590 call 23d0fb0a060 call 23d0fb0c9c0 709->735 718->719 719->696 749 23d0fb2f7b0-23d0fb2f863 call 23d0fc136d0 call 23d0fb0a170 call 23d0fbcacc0 call 23d0fb0c590 call 23d0fb0a060 call 23d0fb0c9c0 735->749 750 23d0fb2fa0f-23d0fb2fb63 call 23d0fc136d0 call 23d0fb0c590 call 23d0fb0a060 call 23d0fc136d0 call 23d0fb0c590 call 23d0fb0a060 call 23d0fc136d0 call 23d0fb0c590 call 23d0fb0a060 call 23d0fc136d0 call 23d0fb0c590 call 23d0fb0a060 call 23d0fc136d0 call 23d0fb0c590 call 23d0fb0a060 call 23d0fb328c0 call 23d0fb0d2a0 735->750 749->750 775 23d0fb2f869-23d0fb2f86e 749->775 750->708 778 23d0fb2f874-23d0fb2f903 call 23d0fb0a170 call 23d0fbcfff0 * 3 type_info::_name_internal_method 775->778 779 23d0fb2f9fc-23d0fb2fa09 call 23d0fb0d2a0 775->779 798 23d0fb2f925-23d0fb2f9f7 call 23d0fb0a170 call 23d0fb2e2c0 call 23d0fb11e50 call 23d0fb05180 call 23d0fb11e90 call 23d0fb0a060 call 23d0fb0d2a0 call 23d0fb0a060 call 23d0fb11e90 call 23d0fb0a060 778->798 799 23d0fb2f905-23d0fb2f920 call 23d0fb0a060 call 23d0fb0d2a0 778->799 779->750 798->696
                                                          APIs
                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB2F47B
                                                          • FindFirstFileA.KERNEL32 ref: 0000023D0FB2F48B
                                                            • Part of subcall function 0000023D0FB05180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB05217
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$FileFindFirst
                                                          • String ID:
                                                          • API String ID: 2113789597-0
                                                          • Opcode ID: 06887e1307c0165ed681ee8080f10d51a9ecc12a7ddf961e6366d459280c14db
                                                          • Instruction ID: 3e32a1794db5d272c714fdf105045d80e37867489e050956883cde43133e7e3d
                                                          • Opcode Fuzzy Hash: 06887e1307c0165ed681ee8080f10d51a9ecc12a7ddf961e6366d459280c14db
                                                          • Instruction Fuzzy Hash: 5812E4311187488FD7AAEB14D499BEFB3E9FBD9700F504A5EA08EC3191DE349645CB42
                                                          Function 0000023D0FC0CB40 Relevance: 7.7, APIs: 5, Instructions: 166processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::EmptyNextProcess32Queue::StructuredWork$CreateSnapshotToolhelp32
                                                          • String ID:
                                                          • API String ID: 2993956496-0
                                                          • Opcode ID: ccef948bbded8c3c363223a2ce267501defc5825a781fad79f845297002980c6
                                                          • Instruction ID: 051cf0fc8bf55936297471bb4f842fd673e1e746de5990d79b275be4abbb4daf
                                                          • Opcode Fuzzy Hash: ccef948bbded8c3c363223a2ce267501defc5825a781fad79f845297002980c6
                                                          • Instruction Fuzzy Hash: D151E131118B488FE369EB24D499BDEB7E5FBD4700F504A1DA08AD3191DF389A45CB46
                                                          Function 00007FF7C18CF2F0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 215COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 892 7ff7c18cf2f0-7ff7c18cf311 893 7ff7c18cf313-7ff7c18cf337 call 7ff7c18de460 892->893 894 7ff7c18cf339-7ff7c18cf340 892->894 893->894 900 7ff7c18cf342 893->900 895 7ff7c18cf344-7ff7c18cf365 call 7ff7c18b1770 894->895 899 7ff7c18cf36a-7ff7c18cf388 895->899 902 7ff7c18cf594-7ff7c18cf597 899->902 903 7ff7c18cf38e-7ff7c18cf3ae 899->903 900->895 904 7ff7c18cf59b-7ff7c18cf5a3 902->904 909 7ff7c18cf3b4-7ff7c18cf3c5 903->909 910 7ff7c18cf58a-7ff7c18cf58e 903->910 906 7ff7c18cf416 904->906 907 7ff7c18cf5a9-7ff7c18cf5ce call 7ff7c1889150 904->907 908 7ff7c18cf41a-7ff7c18cf46c 906->908 907->908 913 7ff7c18cf5d4-7ff7c18cf5db 907->913 917 7ff7c18cf472-7ff7c18cf48e 908->917 918 7ff7c18cf60d 908->918 909->910 919 7ff7c18cf3cb-7ff7c18cf410 909->919 910->902 916 7ff7c18cf5e0-7ff7c18cf606 913->916 916->916 920 7ff7c18cf608 916->920 917->918 924 7ff7c18cf494-7ff7c18cf497 917->924 921 7ff7c18cf60f-7ff7c18cf628 918->921 919->904 919->906 920->908 926 7ff7c18cf4d8-7ff7c18cf4f6 924->926 927 7ff7c18cf499-7ff7c18cf4a8 924->927 931 7ff7c18cf583-7ff7c18cf585 926->931 932 7ff7c18cf4fc-7ff7c18cf504 926->932 928 7ff7c18cf4b0-7ff7c18cf4d1 call 7ff7c18dcafd 927->928 935 7ff7c18cf4d3 928->935 931->921 932->931 934 7ff7c18cf506-7ff7c18cf509 932->934 936 7ff7c18cf50b-7ff7c18cf515 934->936 937 7ff7c18cf57a-7ff7c18cf57d 00007FFB2AD9F020 934->937 935->926 936->937 938 7ff7c18cf517-7ff7c18cf534 936->938 937->931 939 7ff7c18cf536-7ff7c18cf568 938->939 940 7ff7c18cf56f-7ff7c18cf573 938->940 939->940 940->937
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: $C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"
                                                          • API String ID: 2739980228-1764846569
                                                          • Opcode ID: 5db2f53e23f677ae7509081ccb2224cb15c8adaa29a8ea850ebc6fde4c863757
                                                          • Instruction ID: 69db1880e28a0c175341917b095904d87ddc69c4455150170208d9e31dfc9eb2
                                                          • Opcode Fuzzy Hash: 5db2f53e23f677ae7509081ccb2224cb15c8adaa29a8ea850ebc6fde4c863757
                                                          • Instruction Fuzzy Hash: B2916B32708B8186EB10DF26D4903ADBBA5FB99B98F848136DE0E43B64DF78D419C710
                                                          Function 0000023D0FBC7740 Relevance: 4.7, APIs: 3, Instructions: 164encryptionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FBC77D6
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FBC7854
                                                          • CryptUnprotectData.CRYPT32 ref: 0000023D0FBC78AD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$CryptDataUnprotect
                                                          • String ID:
                                                          • API String ID: 3418212865-0
                                                          • Opcode ID: 4a58d185219048462ed20adef7d46b637afd1ce34fa3cdcfcaa02483a53deee4
                                                          • Instruction ID: 8fad0c142a1e1f3c97d1ceb1f5246398c40efe6d16e0cbad527ce7055c301063
                                                          • Opcode Fuzzy Hash: 4a58d185219048462ed20adef7d46b637afd1ce34fa3cdcfcaa02483a53deee4
                                                          • Instruction Fuzzy Hash: 5051DB70518B888FE7B5EB28D4597AEB7E5FB98301F60492DA08DC3261DF749984CF42
                                                          Function 00007FF7C18CEA60 Relevance: 2.9, Strings: 2, Instructions: 374COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
                                                          • API String ID: 0-1817040388
                                                          • Opcode ID: 56d521ff8339707aadcb59bad46e377d0a037c71524e825469e81c85201c9fb9
                                                          • Instruction ID: 7562f798294476b94df591d1eec5b126f0328ad9a31413dba7dbfbc9f3e8eaa1
                                                          • Opcode Fuzzy Hash: 56d521ff8339707aadcb59bad46e377d0a037c71524e825469e81c85201c9fb9
                                                          • Instruction Fuzzy Hash: 1D028936608B85C6DB20DF26D4946AE7BA5FB88BA8F528136DF4D43764CF38D454CB10
                                                          Function 00007FF7C18CFCE0 Relevance: .4, Instructions: 439COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f85459a4f5f85dc817c154eb3d07b0bf51aad233fa7be8da4c6d5771264566b4
                                                          • Instruction ID: 91b4719166ba119cfd0ced09ea092e7a4f92c6bd87bf9478c8c86c6913d8bc36
                                                          • Opcode Fuzzy Hash: f85459a4f5f85dc817c154eb3d07b0bf51aad233fa7be8da4c6d5771264566b4
                                                          • Instruction Fuzzy Hash: D2020702E2C7AB85F752BE3544412F9A3C18F6B364F588732ED58369D5DF6CA4A2C360
                                                          Function 00007FF7C18D26C0 Relevance: 15.5, APIs: 10, Instructions: 516COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 419 7ff7c18d26c0-7ff7c18d26dc 420 7ff7c18d26e5-7ff7c18d2717 419->420 421 7ff7c18d26de-7ff7c18d26e0 419->421 423 7ff7c18d2723-7ff7c18d2730 420->423 422 7ff7c18d31ad-7ff7c18d31b6 421->422 424 7ff7c18d2732-7ff7c18d2756 423->424 425 7ff7c18d2758-7ff7c18d282f call 7ff7c18d32e0 call 7ff7c18d7240 call 7ff7c18d7e20 call 7ff7c18d31c0 call 7ff7c18d7240 call 7ff7c18d7e20 call 7ff7c18d8780 GetModuleHandleA 423->425 424->423 441 7ff7c18d2865-7ff7c18d28c9 call 7ff7c18d8780 GetProcAddress call 7ff7c18d81c0 * 2 425->441 442 7ff7c18d2831-7ff7c18d2863 call 7ff7c18d81c0 * 2 425->442 452 7ff7c18d28d1-7ff7c18d2993 call 7ff7c18d1a40 call 7ff7c18d9610 call 7ff7c18d9670 call 7ff7c18d2150 call 7ff7c18d81c0 441->452 442->452 464 7ff7c18d299f-7ff7c18d29e1 452->464 465 7ff7c18d29e3-7ff7c18d2a39 464->465 466 7ff7c18d2a3e-7ff7c18d2b4a VirtualAlloc 464->466 465->464 468 7ff7c18d2b4c-7ff7c18d2b64 call 7ff7c18d8090 466->468 469 7ff7c18d2b69-7ff7c18d2c5d call 7ff7c18d3520 call 7ff7c18d71b0 call 7ff7c18d7e20 call 7ff7c18d3400 call 7ff7c18d71b0 call 7ff7c18d7e20 call 7ff7c18d8780 GetModuleHandleA 466->469 468->422 486 7ff7c18d2c5f-7ff7c18d2c97 call 7ff7c18d81c0 * 2 469->486 487 7ff7c18d2c99-7ff7c18d2d06 call 7ff7c18d8780 GetProcAddress call 7ff7c18d81c0 * 2 469->487 496 7ff7c18d2d0e-7ff7c18d2dfe call 7ff7c18d3760 call 7ff7c18d7090 call 7ff7c18d7e20 call 7ff7c18d3640 call 7ff7c18d7120 call 7ff7c18d7e20 call 7ff7c18d8780 GetModuleHandleA 486->496 487->496 513 7ff7c18d2e00-7ff7c18d2e38 call 7ff7c18d81c0 * 2 496->513 514 7ff7c18d2e3a-7ff7c18d2ea7 call 7ff7c18d8780 GetProcAddress call 7ff7c18d81c0 * 2 496->514 523 7ff7c18d2eaf-7ff7c18d2f0b 513->523 514->523 526 7ff7c18d2f25-7ff7c18d2f35 523->526 527 7ff7c18d2f7f-7ff7c18d30a8 call 7ff7c18d72d0 call 7ff7c18d39b0 call 7ff7c18d7000 call 7ff7c18d7e20 call 7ff7c18d3890 call 7ff7c18d7000 call 7ff7c18d7e20 call 7ff7c18d8780 GetModuleHandleA 526->527 528 7ff7c18d2f37-7ff7c18d2f40 526->528 548 7ff7c18d30e4-7ff7c18d3151 call 7ff7c18d8780 GetProcAddress call 7ff7c18d81c0 * 2 527->548 549 7ff7c18d30aa-7ff7c18d30e2 call 7ff7c18d81c0 * 2 527->549 530 7ff7c18d2f42-7ff7c18d2f7b 528->530 531 7ff7c18d2f7d 528->531 530->531 531->526 558 7ff7c18d3159-7ff7c18d31a2 CreateThread call 7ff7c18d8090 548->558 549->558 562 7ff7c18d31a7-7ff7c18d31a8 558->562 562->422
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: HandleModule
                                                          • String ID:
                                                          • API String ID: 4139908857-0
                                                          • Opcode ID: ce6c98c5b26b5447e9699c6d82b08a0c665aec57600c35ced484b5b0925df019
                                                          • Instruction ID: 621389a7c2d6a01f2399863a4831be8da1b89de650179228747736a14dacad59
                                                          • Opcode Fuzzy Hash: ce6c98c5b26b5447e9699c6d82b08a0c665aec57600c35ced484b5b0925df019
                                                          • Instruction Fuzzy Hash: 6542C43660DBC685DBB0EB15E4943AAB3A5FBC97A0F804535DA8D43B69DF7CC0648B10
                                                          Function 00007FF7C18D41E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: Window$MetricsSystem$ClassCreateHandleModuleRegisterShowUpdate
                                                          • String ID: class001
                                                          • API String ID: 3666473625-3656631403
                                                          • Opcode ID: 53389c19fc29f04132dcce79cdbd498e5441cdc0ef18e48b201337a412e8095a
                                                          • Instruction ID: e22685fe55cb3d2fd1a46f0ab55d27438f841ec8e5574dcf213277b47d21882d
                                                          • Opcode Fuzzy Hash: 53389c19fc29f04132dcce79cdbd498e5441cdc0ef18e48b201337a412e8095a
                                                          • Instruction Fuzzy Hash: E6310B7490CB429AE781AF20F89436AB7E0FB46765F901139D58D86A64CFFDE058CB60
                                                          Function 00007FF7C18D6C10 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151windowCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: Message
                                                          • String ID: v2.1.1 Setup$ v2.1.1 Setup!Before starting the installation, select the folder where the files will be installed$A$FrghcZrah$Solara$Welcome to
                                                          • API String ID: 2030045667-4036644300
                                                          • Opcode ID: 818e4b6d2888c4cba2b6a02a4dad209fdc6011418aa973f574071f8947bbbd02
                                                          • Instruction ID: 6098c3e2c173f22bef698086961cc494142c1bf698978b2b4ac698a76f8f3b97
                                                          • Opcode Fuzzy Hash: 818e4b6d2888c4cba2b6a02a4dad209fdc6011418aa973f574071f8947bbbd02
                                                          • Instruction Fuzzy Hash: 93715221A0DB8381DB60FF65F4412AAE7E0EB85774FD04135E68D43B6ADEACD165CB20
                                                          Function 0000023D0FB06FE0 Relevance: 6.7, APIs: 4, Instructions: 693processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 941 23d0fb06fe0-23d0fb075d5 call 23d0fb05740 call 23d0fb077f0 call 23d0fb09d80 call 23d0fb0a110 call 23d0fb078a0 call 23d0fb09cf0 call 23d0fb0a110 call 23d0fb07960 call 23d0fb09c60 call 23d0fb0a110 call 23d0fb07a10 call 23d0fb09c60 call 23d0fb0a110 call 23d0fb07ac0 call 23d0fb09c60 call 23d0fb0a110 call 23d0fb07b70 call 23d0fb09bd0 call 23d0fb0a110 call 23d0fb07c20 call 23d0fb09b40 call 23d0fb0a110 call 23d0fb07ce0 call 23d0fb09a00 call 23d0fb0a110 call 23d0fb07dc0 call 23d0fb098c0 call 23d0fb0a110 call 23d0fb07e90 call 23d0fb09830 call 23d0fb0a110 call 23d0fb07f60 call 23d0fb097a0 call 23d0fb0a110 call 23d0fb08010 call 23d0fb09bd0 call 23d0fb0a110 call 23d0fb080c0 call 23d0fb09710 call 23d0fb0a110 call 23d0fb08170 call 23d0fb095d0 call 23d0fb0a110 call 23d0fb08230 call 23d0fb09710 call 23d0fb0a110 call 23d0fb082e0 call 23d0fb09540 call 23d0fb0a110 call 23d0fb08390 call 23d0fb094b0 call 23d0fb0a110 call 23d0fb08450 call 23d0fb09370 call 23d0fb0a110 call 23d0fb08500 call 23d0fb09370 call 23d0fb0a110 call 23d0fb085b0 call 23d0fb09230 call 23d0fb0a110 call 23d0fb08670 call 23d0fb09230 call 23d0fb0a110 call 23d0fb08730 call 23d0fb091a0 call 23d0fb0a110 call 23d0fb08800 call 23d0fb09370 call 23d0fb0a110 call 23d0fb088b0 call 23d0fb09060 call 23d0fb0a110 call 23d0fb08960 call 23d0fb08f20 call 23d0fb0a110 call 23d0fb08a20 call 23d0fb08de0 call 23d0fb0a110 call 23d0fb08db0 call 23d0fb09e90 call 23d0fb08ba0 CreateToolhelp32Snapshot 1106 23d0fb07633-23d0fb07653 Process32FirstW 941->1106 1107 23d0fb075d7-23d0fb075df 941->1107 1108 23d0fb077b9-23d0fb077d8 call 23d0fb0a110 call 23d0fb09e70 1106->1108 1109 23d0fb07659-23d0fb076ab call 23d0fb05360 call 23d0fc20640 call 23d0fc20900 1106->1109 1110 23d0fb075e1-23d0fb075e6 1107->1110 1111 23d0fb075e8-23d0fb0762e call 23d0fb08af0 call 23d0fb08c70 call 23d0fb0a110 call 23d0fb09e70 1107->1111 1126 23d0fb077df-23d0fb077e8 1108->1126 1130 23d0fb076b7-23d0fb076d3 call 23d0fb09e40 1109->1130 1110->1111 1111->1126 1134 23d0fb07790-23d0fb077b3 call 23d0fb0a060 Process32NextW 1130->1134 1135 23d0fb076d9-23d0fb07702 call 23d0fb09e10 call 23d0fb09fe0 1130->1135 1134->1108 1134->1109 1142 23d0fb07708-23d0fb07710 1135->1142 1143 23d0fb0778b 1135->1143 1144 23d0fb07712-23d0fb07719 1142->1144 1145 23d0fb0771b-23d0fb07723 1142->1145 1143->1130 1147 23d0fb0773a-23d0fb07789 call 23d0fb0a170 call 23d0fb06f30 call 23d0fb0a060 call 23d0fb09e70 1144->1147 1145->1147 1148 23d0fb07725-23d0fb0772a 1145->1148 1147->1126 1148->1147 1149 23d0fb0772c-23d0fb07738 1148->1149 1149->1148
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Process32$CreateFac_nodeFac_node::_FirstNextSnapshotToolhelp32char_traitsstd::_
                                                          • String ID:
                                                          • API String ID: 4114415025-0
                                                          • Opcode ID: b447e1fdda4dec36b7a34e48ad19bb37ccf871ec3052bdc89735a2700575b0cd
                                                          • Instruction ID: 5dd9e00c1b614864da4405dac2da4c62d05c8fcfd1073c82f18260aaf2454f6d
                                                          • Opcode Fuzzy Hash: b447e1fdda4dec36b7a34e48ad19bb37ccf871ec3052bdc89735a2700575b0cd
                                                          • Instruction Fuzzy Hash: 5D322331214B484FE75AFB34D4697EFB2D5FB98700FA0497A604AC32A2ED39DA45CB41
                                                          Function 0000023D0FCEA382 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 143memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1159 23d0fcea382-23d0fcea3d3 1163 23d0fcea3e9-23d0fcea3eb 1159->1163 1164 23d0fcea3d9-23d0fcea3e3 1159->1164 1166 23d0fcea533-23d0fcea53c 1163->1166 1164->1163 1167 23d0fcea3f0-23d0fcea43e VirtualProtect 1164->1167 1171 23d0fcea444-23d0fcea44b 1167->1171 1172 23d0fcea450-23d0fcea531 1167->1172 1171->1166 1172->1166
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID: %$d
                                                          • API String ID: 544645111-2062555646
                                                          • Opcode ID: 54094574cc393b862cd2771380fe1ec476da5795c3c02fbf705b5334c7136e22
                                                          • Instruction ID: 31baa3a7719e2f4c6dcb4ca10798af1ef818c9aa5e2c650f1b3a91c4ea1e22a1
                                                          • Opcode Fuzzy Hash: 54094574cc393b862cd2771380fe1ec476da5795c3c02fbf705b5334c7136e22
                                                          • Instruction Fuzzy Hash: 9141B03061CB588FE31CCA59E4DD36AB2D5F7A8715F60061DF087C32D0C66CC6898B5A
                                                          Function 0000023D0FBE8720 Relevance: 4.7, APIs: 3, Instructions: 233fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          APIs
                                                          • type_info::_name_internal_method.LIBCMTD ref: 0000023D0FBE87C0
                                                            • Part of subcall function 0000023D0FB36A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB36AAB
                                                            • Part of subcall function 0000023D0FB36A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB36ABA
                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FBE8826
                                                          • CreateFileA.KERNEL32 ref: 0000023D0FBE8852
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFiletype_info::_name_internal_method
                                                          • String ID:
                                                          • API String ID: 645652700-0
                                                          • Opcode ID: 819d9873fe87e5e0672c7b493bbbe385e55e3c781ecdd4f5973528374cac9e4f
                                                          • Instruction ID: 2533aa9417087490b12a00a80064dc4fb4ffea291eb3aa12cb0ce560c0a3d892
                                                          • Opcode Fuzzy Hash: 819d9873fe87e5e0672c7b493bbbe385e55e3c781ecdd4f5973528374cac9e4f
                                                          • Instruction Fuzzy Hash: 45817230219B488FE799EB28D858B9EB7E1FB99710F504A6DE04DC32D1DE39D941CB02
                                                          Function 0000023D0FBF0EBC Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 207memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID: %$d
                                                          • API String ID: 4275171209-2062555646
                                                          • Opcode ID: 0397274e70c8a7f3d789460244b764dcb58fce8343aaa3aac63c8b35ee727e9f
                                                          • Instruction ID: ec9c44e40ae3d6643be0220d2efcb9cf463cc7c6d4bed3b5d281ee088f988f1b
                                                          • Opcode Fuzzy Hash: 0397274e70c8a7f3d789460244b764dcb58fce8343aaa3aac63c8b35ee727e9f
                                                          • Instruction Fuzzy Hash: 7151FF30618B488FD31CDA28D4AD7AE77D5F79D755F600A2DB08BC32D1C66CC6868B06
                                                          Function 0000023D0FB04740 Relevance: 4.6, APIs: 3, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB0476C
                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB0477E
                                                            • Part of subcall function 0000023D0FB053C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB053DD
                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB047BB
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork
                                                          • String ID:
                                                          • API String ID: 1865873047-0
                                                          • Opcode ID: 56f0e97885bd8304239a8f2878fdd14305f6cae0faeb2e433c02dacfefb3af0e
                                                          • Instruction ID: c67ce48ea23faa033a03a45a1bacc1d318425f456cfc404b3c80f6fb46f25832
                                                          • Opcode Fuzzy Hash: 56f0e97885bd8304239a8f2878fdd14305f6cae0faeb2e433c02dacfefb3af0e
                                                          • Instruction Fuzzy Hash: 0B310C30128B888FD3A8EF28D459B9EB7E1FB94700F90092DB08AC36A1DF749545CF42
                                                          Function 0000023D0FBE8D40 Relevance: 4.6, APIs: 3, Instructions: 80fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
                                                          • String ID:
                                                          • API String ID: 586831839-0
                                                          • Opcode ID: ebd15ed829b08a1b500daa4d553f069842ecabd0a130300aab089dd93fe54596
                                                          • Instruction ID: 96f4b76e3b779886f88c17fc046054e2d474e711a3d8d001ec34a98068816924
                                                          • Opcode Fuzzy Hash: ebd15ed829b08a1b500daa4d553f069842ecabd0a130300aab089dd93fe54596
                                                          • Instruction Fuzzy Hash: 5421D474658B488FDB94EF1CC499B5ABBE0FB99301F50491DF489C3260DB79D944CB42
                                                          Function 00007FF7C18D3AD0 Relevance: 4.6, APIs: 3, Instructions: 68registryfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateFileHandleOpen
                                                          • String ID:
                                                          • API String ID: 420164193-0
                                                          • Opcode ID: 400d762f45c222ad54dc4951f779c31423d5e1f4fd11ce37fb757c510c9c0084
                                                          • Instruction ID: a40d78b4924e93a1063ceaa2be23d1f8e4f693b6d682cd332b1b4e1823800c6d
                                                          • Opcode Fuzzy Hash: 400d762f45c222ad54dc4951f779c31423d5e1f4fd11ce37fb757c510c9c0084
                                                          • Instruction Fuzzy Hash: 79217C3160C78282E750AF54E4183AAA6E0E7847B4F904235EA9D47BD8DFBEC4558B10
                                                          Function 0000023D0FBE8CA0 Relevance: 4.5, APIs: 3, Instructions: 48fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
                                                          • String ID:
                                                          • API String ID: 586831839-0
                                                          • Opcode ID: 00f0e8137a90342245313ce85138990c6ed6b9c8d6714f93bfdec8d0e61b2606
                                                          • Instruction ID: 6843469450ce5b412686234d7315c3f9fc025ecd5dccd17cf2b388a379745048
                                                          • Opcode Fuzzy Hash: 00f0e8137a90342245313ce85138990c6ed6b9c8d6714f93bfdec8d0e61b2606
                                                          • Instruction Fuzzy Hash: 9001C274618B488FD744EF28C45971ABBE1FB9A345F50491DF08AC32A0DB79D9458B42
                                                          Function 00007FF7C18D4540 Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: Message$DispatchPeekTranslate
                                                          • String ID:
                                                          • API String ID: 4217535847-0
                                                          • Opcode ID: fb7ffd9013c6280f3680469662e411462aaa5576de6003425bd1f7d40c52d67d
                                                          • Instruction ID: 58d145801615d168644e8cfdb7ad77da0eb8e6e678405d3cc7b6f36890124a0b
                                                          • Opcode Fuzzy Hash: fb7ffd9013c6280f3680469662e411462aaa5576de6003425bd1f7d40c52d67d
                                                          • Instruction Fuzzy Hash: AC011A2192C29386F750BF20A85567AAAE0AF91335FE01035F18F42D95CFACE1298B30
                                                          Function 00007FF7C18B21B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: gfff
                                                          • API String ID: 2739980228-1553575800
                                                          • Opcode ID: 7d68b32931d35f0c8cfeb6dd836044b0c014b9c7283b959deb82a84e693a6c20
                                                          • Instruction ID: a024782e7594d2868aab7c4ac3c2907e93ce4b7c18bd9a47b9c2d1af93af4ef7
                                                          • Opcode Fuzzy Hash: 7d68b32931d35f0c8cfeb6dd836044b0c014b9c7283b959deb82a84e693a6c20
                                                          • Instruction Fuzzy Hash: E9515663708A8586D705DF2899112ADFBB2FB8CB90F898236DA4897799CB3CE555C700
                                                          Function 00007FF7C18D4370 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007
                                                          • String ID: @
                                                          • API String ID: 3568877910-2766056989
                                                          • Opcode ID: c9bde2acb797ea5a268e1411900f8b57382d5fe92209a827650add27bf516a59
                                                          • Instruction ID: b30d5682ceb27db4f4362de1541014ce4f78f5647dc4e4c1be96998cc2e7d23f
                                                          • Opcode Fuzzy Hash: c9bde2acb797ea5a268e1411900f8b57382d5fe92209a827650add27bf516a59
                                                          • Instruction Fuzzy Hash: 4311C6B494C70696E791AF01E884365A6E0BB467A4FC06135D90D47BA0DFFEA1548B20
                                                          Function 0000023D0FBE8BC0 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FBE8BE0
                                                          • CreateFileA.KERNEL32 ref: 0000023D0FBE8C0F
                                                            • Part of subcall function 0000023D0FB0A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB0A18D
                                                            • Part of subcall function 0000023D0FBE8720: type_info::_name_internal_method.LIBCMTD ref: 0000023D0FBE87C0
                                                            • Part of subcall function 0000023D0FBE8720: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FBE8826
                                                            • Part of subcall function 0000023D0FBE8720: CreateFileA.KERNEL32 ref: 0000023D0FBE8852
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFile$type_info::_name_internal_method
                                                          • String ID:
                                                          • API String ID: 2627539804-0
                                                          • Opcode ID: cc7fafd89d896ea43074705b9a37fd9b433cefd388bc7ac13a0765c05240d101
                                                          • Instruction ID: 226f1f4a8d46d4aebb12c227fc0d020f06945e8179876233e6c2bef9841bf687
                                                          • Opcode Fuzzy Hash: cc7fafd89d896ea43074705b9a37fd9b433cefd388bc7ac13a0765c05240d101
                                                          • Instruction Fuzzy Hash: A3111B70618B888FE794EF28D45975EBBE1FBD9341F50492DA08DC32A1DB79D8458B02
                                                          Function 00007FF7C18DC0CC Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007Initialize
                                                          • String ID:
                                                          • API String ID: 3598312978-0
                                                          • Opcode ID: 5b54a8b9123677f748fd2ee654e194cb8d97a930d90aeec746cf412f2530cc20
                                                          • Instruction ID: adbbc978b044b77ce66edf995685f3043e93d4b9b14d7879b56cd13904312b1c
                                                          • Opcode Fuzzy Hash: 5b54a8b9123677f748fd2ee654e194cb8d97a930d90aeec746cf412f2530cc20
                                                          • Instruction Fuzzy Hash: A7115544E0C74351FB54BFB149562B992C14F95370FC40439E50D862C3AFACA8624732
                                                          Function 00007FF7C18DC064 Relevance: 3.0, APIs: 2, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                          • String ID:
                                                          • API String ID: 1173176844-0
                                                          • Opcode ID: 8e01c2beb72ffa579fafe4c983bce2458ba15fa5ed39c72685a4d74e7f09d0a2
                                                          • Instruction ID: 0a0a887db4f58371e967226cfbe30eef5e8cd2d762127df0308d3844e8cb4a04
                                                          • Opcode Fuzzy Hash: 8e01c2beb72ffa579fafe4c983bce2458ba15fa5ed39c72685a4d74e7f09d0a2
                                                          • Instruction Fuzzy Hash: 05F01750E5D30741FB697AA664121B891C04F0AB70FDC0634D97C053C2EE9DA8B68331
                                                          Function 0000023D0FC133C0 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::_Fac_node::_Fac_node.LIBCPMTD ref: 0000023D0FC1343A
                                                            • Part of subcall function 0000023D0FB0A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB0A18D
                                                            • Part of subcall function 0000023D0FBE8720: type_info::_name_internal_method.LIBCMTD ref: 0000023D0FBE87C0
                                                            • Part of subcall function 0000023D0FBE8720: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FBE8826
                                                            • Part of subcall function 0000023D0FBE8720: CreateFileA.KERNEL32 ref: 0000023D0FBE8852
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFac_nodeFac_node::_Filestd::_type_info::_name_internal_method
                                                          • String ID:
                                                          • API String ID: 3000750846-0
                                                          • Opcode ID: 3f2ef6f74bf225def2dab778cd6fcba1428f71d8aef22a335888cc59ac8b6020
                                                          • Instruction ID: 262fde686e9820d36d27ac502ecac86166086902c632bb8e5b1a11170a632098
                                                          • Opcode Fuzzy Hash: 3f2ef6f74bf225def2dab778cd6fcba1428f71d8aef22a335888cc59ac8b6020
                                                          • Instruction Fuzzy Hash: BE915F3025CB888FE769EB28C455BDFB7E5FB99704F50095DE089C3291DA39DA40CB06
                                                          Function 00007FF7C18D1B90 Relevance: 1.7, APIs: 1, Instructions: 199libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: LibraryLoad
                                                          • String ID:
                                                          • API String ID: 1029625771-0
                                                          • Opcode ID: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
                                                          • Instruction ID: 1a995ba456efb52689821a3ce70dbf1137cfe20c0fc1fdad63e6c6c0aace3cce
                                                          • Opcode Fuzzy Hash: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
                                                          • Instruction Fuzzy Hash: 7FA1A936619B8586DB60DF0AE49032AB7A0F7C9BA4F504125EBCE83B68DF7CD450CB00
                                                          Function 0000023D0FC29D5C Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                          Download Yara Rule
                                                          APIs
                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 0000023D0FC29D8C
                                                            • Part of subcall function 0000023D0FC2A810: std::bad_alloc::bad_alloc.LIBCMTD ref: 0000023D0FC2A819
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
                                                          • String ID:
                                                          • API String ID: 680105476-0
                                                          • Opcode ID: 64a47e28c3614743c32ebf0df84499a9aef0dcbac1c74a8302aad57f47b4e453
                                                          • Instruction ID: 9ce183666a2998d0b5caba318e0fd0ed97b37d09c73b3c069f4f1125ead761e0
                                                          • Opcode Fuzzy Hash: 64a47e28c3614743c32ebf0df84499a9aef0dcbac1c74a8302aad57f47b4e453
                                                          • Instruction Fuzzy Hash: 8901A414221B0A0AFAEC737978DF3B811DCEB45B40F7C0414F416C29C2ED2D8A45B25D
                                                          Function 00007FF7C18DBCB0 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: Concurrency::cancel_current_task
                                                          • String ID:
                                                          • API String ID: 118556049-0
                                                          • Opcode ID: b1371d319780f7c63a2b5d838895a119c58dee36737aa1d21d8aaa4a908d7d1e
                                                          • Instruction ID: e647ceb30cb5f4d155815b5422db53a4cef5539b175c310d153816732c709b4f
                                                          • Opcode Fuzzy Hash: b1371d319780f7c63a2b5d838895a119c58dee36737aa1d21d8aaa4a908d7d1e
                                                          • Instruction Fuzzy Hash: DC010061A1DF4681D760BF19E44031AE3E4FB897B8F841231E99D46798DF6CD5608714

                                                          Non-executed Functions

                                                          Function 00007FF7C18B25F0 Relevance: 54.1, APIs: 16, Strings: 14, Instructions: 1603COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007$E6719$F020
                                                          • String ID: 0 && "stbtt_InitFont(): failed to parse FontData. It is correct and complete? Check FontDataSize."$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$atlas->ConfigData.Size > 0$cfg.DstFont && (!cfg.DstFont->IsLoaded() || cfg.DstFont->ContainerAtlas == atlas)$font->ConfigData == font_config$font_offset >= 0 && "FontData is incorrect, or FontNo cannot be found."$glyph_index_in_font != 0$i >= 0 && i < Size$n < (Storage.Size << 5)$src_range[0] <= src_range[1] && "Invalid range: is your glyph range array persistent? it is zero-terminated?"$src_tmp.DstIndex != -1$src_tmp.GlyphsList.Size == src_tmp.GlyphsCount
                                                          • API String ID: 3379756305-2192739418
                                                          • Opcode ID: 96ea50517a9594f90f97f70fabda856bc0af3c5d5e1c59cf1a40ae8a93fede3e
                                                          • Instruction ID: 43f1b83be25d6c9f77b346156e0cc80ecb8424d89683b5b3805826f81980e3fd
                                                          • Opcode Fuzzy Hash: 96ea50517a9594f90f97f70fabda856bc0af3c5d5e1c59cf1a40ae8a93fede3e
                                                          • Instruction Fuzzy Hash: AEF22432B08A8686E715EF29D8842BDB7E1FB497A4F948236CF0D53660DF78E465C710
                                                          Function 00007FF7C1889E10 Relevance: 48.3, APIs: 2, Strings: 25, Instructions: 1049COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007$F020
                                                          • String ID: (Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames)$333?$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Click %s Button to break in debugger! (remap w/ Ctrl+Shift)$Debug##Default$GImGui != 0$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$GetCurrentWindowRead()->Flags & ImGuiWindowFlags_Tooltip$HoveredId: 0x%08X$Left$Middle$NewFrame(): ClearActiveID() because it isn't marked alive anymore!$Press ESC to abort picking.$Remap w/ Ctrl+Shift: click anywhere to select new mouse button.$Right$Size > 0$g.CurrentWindow->IsFallbackWindow == true$g.Font->IsLoaded()$g.MovingWindow && g.MovingWindow->RootWindow$g.Viewports.Size == 1$g.WindowsFocusOrder.Size <= g.Windows.Size$gfff$i >= 0 && i < Size$it >= Data && it < Data + Size
                                                          • API String ID: 4100318414-8291574
                                                          • Opcode ID: d3b2595934c51ed1d8cb045eddf48157a67c1cc9c59cca699bf918a1817e944d
                                                          • Instruction ID: f4b9d5f9d04466e33021ab8ea7bf4755233ec1ec1aa9557d6419ce38a37872f2
                                                          • Opcode Fuzzy Hash: d3b2595934c51ed1d8cb045eddf48157a67c1cc9c59cca699bf918a1817e944d
                                                          • Instruction Fuzzy Hash: 47C2B232A087C289EB21EF35C8441E8B7E1FF54768F888235DA0D5BA95DFBCA555C720
                                                          Function 00007FF7C18C6090 Relevance: 36.4, Strings: 26, Instructions: 3919COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: __swprintf_l
                                                          • String ID: !((flags & ImGuiInputTextFlags_CallbackCompletion) && (flags & ImGuiInputTextFlags_AllowTabInput))$!((flags & ImGuiInputTextFlags_CallbackHistory) && (flags & ImGuiInputTextFlags_Multiline))$#SCROLLY$%*s%.*s$@$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$apply_new_text_length <= buf_size$apply_new_text_length >= 0$buf != 0 && buf_size >= 0$buf[0] != 0$callback != 0$callback_data.Buf == callback_buf$callback_data.BufSize == state->BufCapacity$callback_data.BufTextLen == (int)strlen(callback_data.Buf)$callback_data.Flags == flags$font->ContainerAtlas->TexID == _CmdHeader.TextureId$g.DragDropActive || g.ActiveId == id || g.ActiveId == 0 || g.ActiveIdPreviousFrame == id || (g.CurrentMultiSelect != 0 && g.BoxSel$i >= 0 && i < Size$idx <= obj->TextLen$password_font->Glyphs.empty() && password_font->IndexAdvanceX.empty() && password_font->IndexLookup.empty()$state != 0$state && state->ID == id
                                                          • API String ID: 1488884202-4266151527
                                                          • Opcode ID: e788e00ba91244ff4c9861e61677eaf4e20344cbc13bffa4944e22b1783e51dc
                                                          • Instruction ID: 6f9da12db1f0911d1adf6514bc3584c4e0c8d76d89761bb0d2abc7c8e8026512
                                                          • Opcode Fuzzy Hash: e788e00ba91244ff4c9861e61677eaf4e20344cbc13bffa4944e22b1783e51dc
                                                          • Instruction Fuzzy Hash: 0B930332A0C7868AEB10EF25D0906B9B7E1FF45778F948235DA4907695CFBCE465CB20
                                                          Function 00007FF7C1887390 Relevance: 26.8, APIs: 10, Strings: 5, Instructions: 530COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: (g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?"$(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Forgot to shutdown Platform backend?$Forgot to shutdown Renderer backend?
                                                          • API String ID: 2739980228-2716422499
                                                          • Opcode ID: 26288e8c175f015e1836f85dd7fd1a69da7496cc3a127bc8ca54b656109c5204
                                                          • Instruction ID: 77fae9d868b76095add60040cfe92820f0659480b56d764b1d5bf43c7ff81366
                                                          • Opcode Fuzzy Hash: 26288e8c175f015e1836f85dd7fd1a69da7496cc3a127bc8ca54b656109c5204
                                                          • Instruction Fuzzy Hash: EE428032608A8292EB09EF24C6941FCB3B5FB54BA8F984136DB0D47654DF78E576C360
                                                          Function 00007FF7C18B97F0 Relevance: 24.4, Strings: 19, Instructions: 617COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!"$(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!"$(table->Flags & ImGuiTableFlags_ScrollX) == 0$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$Calling PopStyleColor() too many times!$Mismatching PushID/PopID!$Size > 0$Too many PopItemWidth!$g.CurrentWindow == outer_window && g.CurrentTable == table$g.TablesTempDataStacked > 0$i >= 0 && i < Size$inner_window == g.CurrentWindow$outer_window == inner_window || outer_window == inner_window->ParentWindow$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table != 0 && "Only call EndTable() if BeginTable() returns true!"$table->RowPosY2 == inner_window->DC.CursorPos.y
                                                          • API String ID: 0-2342475368
                                                          • Opcode ID: fb8c50e147d00a123830afff88922648a2ae1b96f566e52dfccd9055c5c3bd33
                                                          • Instruction ID: fb409918b3b9d31e2b9e8148496fa37b1bdb1f784ebd69d1062d1d2dcd46c30b
                                                          • Opcode Fuzzy Hash: fb8c50e147d00a123830afff88922648a2ae1b96f566e52dfccd9055c5c3bd33
                                                          • Instruction Fuzzy Hash: B372B332A0CA8696E755EF36C8843F9B3A0FF15764F848631DA0D161A1DFBCB5A4C720
                                                          Function 00007FF7C18B7CE0 Relevance: 24.0, APIs: 3, Strings: 10, Instructions: 1289COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007E6719
                                                          • String ID: !is_visible$#ContextMenu$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->IndexWithinEnabledSet <= column->DisplayOrder$i >= 0 && i < Size$p >= Data && p < DataEnd$table->IsLayoutLocked == false$table->LeftMostEnabledColumn >= 0 && table->RightMostEnabledColumn >= 0
                                                          • API String ID: 1823926093-1387518580
                                                          • Opcode ID: ec0702dd844992c5246f3174f8b9bbc99badffcfda43b03853648fa86f9c6ef8
                                                          • Instruction ID: 995548c08dd952c8fed84697fcacefbedf3fa3ffe5c8707e23bd801d967a627e
                                                          • Opcode Fuzzy Hash: ec0702dd844992c5246f3174f8b9bbc99badffcfda43b03853648fa86f9c6ef8
                                                          • Instruction Fuzzy Hash: 4FE2C132A0C68696E755EF36C5413A8B7A0FF5A764F888735DB08235A1DBB8F4B4C710
                                                          Function 00007FF7C18D0D02 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 232keyboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: State
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$ImGui::IsNamedKey(key)
                                                          • API String ID: 1649606143-1336968070
                                                          • Opcode ID: 000c7aad7ae504db2632ddcdd900167e4b492e161e73d0c01b1bbe1108e36a38
                                                          • Instruction ID: 2167139b56b55cb4567ec079695b3cc29f6a79efd504b7fbba6cec66eba1287e
                                                          • Opcode Fuzzy Hash: 000c7aad7ae504db2632ddcdd900167e4b492e161e73d0c01b1bbe1108e36a38
                                                          • Instruction Fuzzy Hash: 5791EF10E8C75705FBA1BE3464013FAA2C18F62378FD90635EC5A065D6CFACA8A28370
                                                          Function 00007FF7C18CCB40 Relevance: 20.3, APIs: 2, Strings: 9, Instructions: 1043COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007$F020
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$Calling PopStyleColor() too many times!$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$N/A$i >= 0 && i < Size$tab->LastFrameVisible >= tab_bar->PrevFrameVisible$tab->NameOffset < tab_bar->TabsNames.Buf.Size
                                                          • API String ID: 4100318414-961183113
                                                          • Opcode ID: c6d1a4655b269b2cbdfe3e597586c49ea58f02e291c79375d4aad5c9a3d81ca7
                                                          • Instruction ID: b2d0ccd1bb661a3d4d9f37783984b9218d06a9b1c11061030506b827419021a2
                                                          • Opcode Fuzzy Hash: c6d1a4655b269b2cbdfe3e597586c49ea58f02e291c79375d4aad5c9a3d81ca7
                                                          • Instruction Fuzzy Hash: B7B2F232A087868AE751EF3AC0501B9B7E1FF597A8F448736DA0D632A4DB78F461C750
                                                          Function 00007FF7C18D3D40 Relevance: 17.6, Strings: 14, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: AcquireExclusiveLock
                                                          • String ID: $ $#$#$'$)$*$*$-$-$.$2$2$SOFTWARE\VMware, Inc.\VMware Tools
                                                          • API String ID: 4021432409-1915594051
                                                          • Opcode ID: 4e38b839c97e853e088b89e59f31bd11186dc15767536bcab97c3b54645444db
                                                          • Instruction ID: e84149e4f0eef26602518006a150ee2713be1e4ba19ced45e6a30175313ebe7c
                                                          • Opcode Fuzzy Hash: 4e38b839c97e853e088b89e59f31bd11186dc15767536bcab97c3b54645444db
                                                          • Instruction Fuzzy Hash: BD41E01250C7C1C5E762DB28E44835AEFA0E793368F581169E7D947BDACBEEC148CB21
                                                          Function 00007FF7C18A1D70 Relevance: 15.0, APIs: 10, Instructions: 50clipboardmemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: ClipboardGlobal$ByteCharMultiWide$AllocCloseDataEmptyFreeLockOpenUnlock
                                                          • String ID:
                                                          • API String ID: 1965520120-0
                                                          • Opcode ID: 157459983b14d43045f12caff330d5b23f9d56f10b12b28ab43e68da8f23084f
                                                          • Instruction ID: 10fa87a2ed2a6998261163243879b578e6f16922f27678e8c7bcc18ee1bd2beb
                                                          • Opcode Fuzzy Hash: 157459983b14d43045f12caff330d5b23f9d56f10b12b28ab43e68da8f23084f
                                                          • Instruction Fuzzy Hash: BB115131B0DB0382EB247F26B814225A3E1AF49BF1F484635DA4D43BA4DE7CD4608720
                                                          Function 00007FF7C1886CB0 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 396COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: !g.Initialized && !g.SettingsLoaded$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$FindSettingsHandler(handler->TypeName) == 0$Table$Window$n >= 0 && n < BITCOUNT
                                                          • API String ID: 2739980228-416841283
                                                          • Opcode ID: 99d0254d89a6abc808eb31087cf52d3574c70eaa104251720cba6e683b7780ca
                                                          • Instruction ID: 44799c5a9a0b8a35cbb20f85ce991336b3070759baff96eb95e5eac71830675b
                                                          • Opcode Fuzzy Hash: 99d0254d89a6abc808eb31087cf52d3574c70eaa104251720cba6e683b7780ca
                                                          • Instruction Fuzzy Hash: 1412B336A0DB8686EB10EF24E8802B9B7E5FB44764F944236DA4D437A4DFBCE465C310
                                                          Function 00007FF7C1896EC0 Relevance: 14.3, Strings: 11, Instructions: 524COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0 && "Unknown event!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Processed$Remaining$button >= 0 && button < ImGuiMouseButton_COUNT$i >= 0 && i < Size$it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size$key != ImGuiKey_None$n >= 0 && n < BITCOUNT
                                                          • API String ID: 0-1923509833
                                                          • Opcode ID: 1ed67802044e51be6d7839670f05d2371b5f64d9626a24ad05dad900cbb79e92
                                                          • Instruction ID: 99a2c0b9d5269ea2850df4bf06af53baa12550eea9e149da4ba2e0701eea3781
                                                          • Opcode Fuzzy Hash: 1ed67802044e51be6d7839670f05d2371b5f64d9626a24ad05dad900cbb79e92
                                                          • Instruction Fuzzy Hash: 4142E262B0C3C286EB68AF25A5503B9BBD0FB42764F844135DA9D47684DBBCF474CB20
                                                          Function 00007FF7C18DC628 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007E6719ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                          • String ID:
                                                          • API String ID: 2277577599-0
                                                          • Opcode ID: c688bddeaeefac873e56668a93d44276559217fb76c9b2df63bf723872700d1b
                                                          • Instruction ID: 57f46b9a122f45fdacb816be445bf0f60dd589ca942910c924e5b046b3cbc5da
                                                          • Opcode Fuzzy Hash: c688bddeaeefac873e56668a93d44276559217fb76c9b2df63bf723872700d1b
                                                          • Instruction Fuzzy Hash: A0315272618B8286EB60AF60E8403EDB3B1FB84764F84443ADA4E47B95DF7CD558C720
                                                          Function 00007FF7C18A1C20 Relevance: 12.1, APIs: 8, Instructions: 87clipboardCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: Clipboard$00007CloseDataF020Open
                                                          • String ID:
                                                          • API String ID: 2409120337-0
                                                          • Opcode ID: 4f80a7dd8e70029c47bd5bee4d5a62c6acc5d586712dd20aedd815bcf88934c7
                                                          • Instruction ID: fd2444b8ae52c43ebb1a507f87df3e9de3b8801b43ce6d66bc642f96f96b6455
                                                          • Opcode Fuzzy Hash: 4f80a7dd8e70029c47bd5bee4d5a62c6acc5d586712dd20aedd815bcf88934c7
                                                          • Instruction Fuzzy Hash: 4731723270CB4287E754AF25B80415AA6E5FB89BB0F940534EE8D47794DF7CE4618720
                                                          Function 00007FF7C189E1C0 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: !scoring_rect.IsInverted()$<NULL>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: from move, window "%s", layer=%d$[nav] NavMoveRequest: clamp NavRectRel for gamepad move$[nav] NavMoveRequestForward %d$g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None$g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded
                                                          • API String ID: 0-1751011103
                                                          • Opcode ID: 616e74a7204e9dce75e279fc66c1a8e3481e8fb7dc9d7603612969489961d151
                                                          • Instruction ID: 1ac745690aa335bff4dbdcab4c764ffb1dbedff8e7e7f1c1f13f3cb5f4d986ad
                                                          • Opcode Fuzzy Hash: 616e74a7204e9dce75e279fc66c1a8e3481e8fb7dc9d7603612969489961d151
                                                          • Instruction Fuzzy Hash: 2132EB32D1CBCA46E352AF3680412F9B790EF697B4F588731DE58362E1DF6875A18630
                                                          Function 00007FF7C18A96B0 Relevance: 10.4, Strings: 8, Instructions: 438COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$dx >= 0$dy >= 0$e->ey >= y_top$e->sy <= y_bottom && e->ey >= y_top$fabsf(area) <= 1.01f$sy1 > y_final-0.01f$x >= 0 && x < len
                                                          • API String ID: 0-3568222241
                                                          • Opcode ID: a88b8822a652a6a58d3c13b7e93a3326d83c4615cbc288f37a7b030f3c75b75f
                                                          • Instruction ID: aa31fbcbea16ba5685e75c349d5bdbebec1c08a151af02ad779a4f92ceef4b20
                                                          • Opcode Fuzzy Hash: a88b8822a652a6a58d3c13b7e93a3326d83c4615cbc288f37a7b030f3c75b75f
                                                          • Instruction Fuzzy Hash: 7F12DB22D1CF8D86E312AF3754820B5E290AFBF3A4F59D732F948315B2DF6C61A19610
                                                          Function 00007FF7C18A6C90 Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 830COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
                                                          • API String ID: 0-2705777111
                                                          • Opcode ID: edfeb65d1308a1a2c81e6d4701ec9977621ea4772a7802d1cdbd828d6ad7ee2b
                                                          • Instruction ID: c0d3c87a37e426ec4993d3c905ce47a3caa8bd44b7e1ab3bb9080ab314beb4bf
                                                          • Opcode Fuzzy Hash: edfeb65d1308a1a2c81e6d4701ec9977621ea4772a7802d1cdbd828d6ad7ee2b
                                                          • Instruction Fuzzy Hash: E9728C23A1CBE846D3039F3690422B9B7E1EF6E794F59C333ED44A2661EB38E5518700
                                                          Function 00007FF7C18BCDD0 Relevance: 9.0, Strings: 7, Instructions: 237COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (0) && "Calling PopItemFlag() too many times!"$*Missing Text*$<Unknown>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Calling PopItemFlag() too many times!$p >= Data && p < DataEnd
                                                          • API String ID: 0-3275063505
                                                          • Opcode ID: e4eb3a359b1981c674d1e108ddc2ebf9e4a2e7cc717a12fab28e3b0eef34b5ea
                                                          • Instruction ID: a7769ece1e384d83d5493b551ac5a3504c4469ae165f4224202bd64c650941c7
                                                          • Opcode Fuzzy Hash: e4eb3a359b1981c674d1e108ddc2ebf9e4a2e7cc717a12fab28e3b0eef34b5ea
                                                          • Instruction Fuzzy Hash: E7B1D132A0CB8291EB60EF14D9402A9A7E1FB41BB8F844176DE4C07795DFBCE865C760
                                                          Function 00007FF7C189D620 Relevance: 8.1, Strings: 6, Instructions: 635COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s"$g.NavActivateDownId == g.NavActivateId$g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu$g.NavMoveDir == ImGuiDir_None$g.NavWindow != 0
                                                          • API String ID: 0-2167808928
                                                          • Opcode ID: 50a410fa7a85a90cac139f97951d64da551fdd238b8ea691b949dc80aa3e0e2c
                                                          • Instruction ID: c155a3ef482a7536087fc1b44c9cc2c28e6c4eee8c25b80aca0ceae6dab55655
                                                          • Opcode Fuzzy Hash: 50a410fa7a85a90cac139f97951d64da551fdd238b8ea691b949dc80aa3e0e2c
                                                          • Instruction Fuzzy Hash: 69729B32E0C6C289E765AF35C0443B9AAD1EF45B79F884335DA58172E1CBF878A5C720
                                                          Function 00007FF7C18BF9E0 Relevance: 8.0, Strings: 6, Instructions: 493COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown))))$button >= 0 && button < ImGuiMouseButton_COUNT$id != 0
                                                          • API String ID: 0-2768765550
                                                          • Opcode ID: c83ec724d9ec7e2db4255f0bedf28826b5c2049c68488d60edb634a86f50e9d0
                                                          • Instruction ID: b87405ffa440233ad082c21e14655130184063ffe297e92110332319a9d3fcd1
                                                          • Opcode Fuzzy Hash: c83ec724d9ec7e2db4255f0bedf28826b5c2049c68488d60edb634a86f50e9d0
                                                          • Instruction Fuzzy Hash: 9F22D032E0C28646EB69AE2594503B9F7D1AF467B4F884275DE59172D2CFBCB8708720
                                                          Function 00007FF7C188DFB0 Relevance: 7.2, Strings: 5, Instructions: 977COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #RESIZE$5$6$C:\Users\55yar\Desktop\imgui-master\imgui.h$idx == 0 || idx == 1
                                                          • API String ID: 0-650503096
                                                          • Opcode ID: 240daf669a9bafcbcedf6166f787f1416c004a1cd6fa2f3e4bb0a79944367b7c
                                                          • Instruction ID: df494e882dfde7a2a19cb83b8b4c7e46452f6716b576bb80a3553ae3f52d852b
                                                          • Opcode Fuzzy Hash: 240daf669a9bafcbcedf6166f787f1416c004a1cd6fa2f3e4bb0a79944367b7c
                                                          • Instruction Fuzzy Hash: 52B21732D1C78985F352EF3694412B9B7A0EF5A374F588731EA48279A1DF78B494CB20
                                                          Function 00007FF7C18BD530 Relevance: 6.4, Strings: 5, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$p >= begin() && p < end()$settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount$settings->ID == table->ID
                                                          • API String ID: 0-2168725360
                                                          • Opcode ID: ee471b1d82bd3160a00610b93ddc27c37a03770945cf0a57a55015e5da5f3d14
                                                          • Instruction ID: 743c02e766520c522b07aa22c686bc6dc6c78356a4391664b95b7b1517bc0358
                                                          • Opcode Fuzzy Hash: ee471b1d82bd3160a00610b93ddc27c37a03770945cf0a57a55015e5da5f3d14
                                                          • Instruction Fuzzy Hash: D861D23390C6C296DB51DF25E8842A9B7E0FB01768F88C536DB8D472A1DB7CE559CB20
                                                          Function 00007FF7C18DC8B8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                          • String ID:
                                                          • API String ID: 2933794660-0
                                                          • Opcode ID: ea28d440da4e979608dc7e616e30e56526e81ae9f67b9b208852c015bdb344e1
                                                          • Instruction ID: 4f6bb0a6bc1a7b1a060363e583330952b74256eb2b50bc62f8b81ad44faf0f92
                                                          • Opcode Fuzzy Hash: ea28d440da4e979608dc7e616e30e56526e81ae9f67b9b208852c015bdb344e1
                                                          • Instruction Fuzzy Hash: 3A112122B18F0289EB00EF60E8542B873A4FB59778F440E35DA6D46798DF7CD5658350
                                                          Function 00007FF7C189FA00 Relevance: 5.6, Strings: 4, Instructions: 628COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ##NavUpdateWindowing$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0$shared_mods != 0
                                                          • API String ID: 0-1670481530
                                                          • Opcode ID: 360b769d1a2fdec6627b6b08fcd4e9414ce7f2e576724d62d04151109e8b5536
                                                          • Instruction ID: d6bdee042a299fd8d94ab59c32dac10cb6d5a7ea14b132e463ec447fbc06e23d
                                                          • Opcode Fuzzy Hash: 360b769d1a2fdec6627b6b08fcd4e9414ce7f2e576724d62d04151109e8b5536
                                                          • Instruction Fuzzy Hash: 9062A222A0C78696E759AF3181443BDA6D1FF55778F888235CA5D132D2DFACB8B4C720
                                                          Function 00007FF7C18ABFC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 203COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007E6719
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i*stride_in_bytes] == 0
                                                          • API String ID: 1823926093-15633718
                                                          • Opcode ID: fc9bdb31b49db41d9048269f0056432805a2286ecc5246c3cfab3adad49f64b9
                                                          • Instruction ID: 7d41029af0e0a00d9fe642e5a9ddbb0cf6e631e0eec82b164ab18b88213ce08e
                                                          • Opcode Fuzzy Hash: fc9bdb31b49db41d9048269f0056432805a2286ecc5246c3cfab3adad49f64b9
                                                          • Instruction Fuzzy Hash: 59710673B0C6A247D3269B2CA84136EFED1B789764F5C4235EAC9C2B45CA7CE521CA50
                                                          Function 00007FF7C18ABD10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 196COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007E6719
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i] == 0
                                                          • API String ID: 1823926093-2060079458
                                                          • Opcode ID: c264afed42174643e985218cfa408d0faf0002bce259567f4b919d414c4abda1
                                                          • Instruction ID: def15fb58439d94c53b8a2c5c919eb5521c606b3a6641b6efaad26810c4332ac
                                                          • Opcode Fuzzy Hash: c264afed42174643e985218cfa408d0faf0002bce259567f4b919d414c4abda1
                                                          • Instruction Fuzzy Hash: CC71C37362C6E686C721CF79984467AFFE5E785724F484239EA8C82B45CA7ED124CB10
                                                          Function 00007FF7C188FBB0 Relevance: 5.4, Strings: 4, Instructions: 420COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #CLOSE$#COLLAPSE$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
                                                          • API String ID: 0-766050946
                                                          • Opcode ID: 1126328c5b21c693ac038cd1df2188b2ff28e9b00e29aeb85db486171dcffa84
                                                          • Instruction ID: 586bfb9088238ef4734844182aaf97ab74f34be91d4d22a19ea160bbabed63af
                                                          • Opcode Fuzzy Hash: 1126328c5b21c693ac038cd1df2188b2ff28e9b00e29aeb85db486171dcffa84
                                                          • Instruction Fuzzy Hash: C3121932E1CB8985F311DF3290416F9B3E0AF6A3B4F549732EE48236A1DF69A495C750
                                                          Function 00007FF7C18C0DE0 Relevance: 5.4, Strings: 4, Instructions: 420COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$ImMax(size_contents_v, size_visible_v) > 0.0f$idx == 0 || idx == 1
                                                          • API String ID: 0-3128625980
                                                          • Opcode ID: b79e59873a2d6d86e0f324a7f6a030a3696cd852f2a3f58e1130bf7054de911f
                                                          • Instruction ID: 671b84ba6e3e7ca32cd75e43afebbc18feac7f189d8b9b08f0279eb09d8814fe
                                                          • Opcode Fuzzy Hash: b79e59873a2d6d86e0f324a7f6a030a3696cd852f2a3f58e1130bf7054de911f
                                                          • Instruction Fuzzy Hash: 2E12E732D1CBC985E312EA3750812B9E791AFAF7A4F5CC732ED58325A1DB6CB491C610
                                                          Function 00007FF7C18C2A00 Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ##v$#ComboPopup$C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
                                                          • API String ID: 0-2429816084
                                                          • Opcode ID: 896d9a7eb4ff265f7d9a372d651be776c216d9fd4f77bbaffeda6aa337f1ec2a
                                                          • Instruction ID: c57e97fd274ad07c4f2c5b0d3a5b7d21bbcd2a3d8c02d487a8cb78c32bf88076
                                                          • Opcode Fuzzy Hash: 896d9a7eb4ff265f7d9a372d651be776c216d9fd4f77bbaffeda6aa337f1ec2a
                                                          • Instruction Fuzzy Hash: B4E1F732E18B8989E711DF3694401EDB3A1FF69368F449732EE08375E5DF68A065D710
                                                          Function 00007FF7C18CC310 Relevance: 4.1, Strings: 3, Instructions: 301COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (0) && "Calling PopItemFlag() too many times!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Calling PopItemFlag() too many times!
                                                          • API String ID: 0-102052167
                                                          • Opcode ID: d533dedf91d6cb1dc57bdba6c40da6b5cd47abdc815c8fb68137785444874cbe
                                                          • Instruction ID: 71d86e02d0079176ed421eedcd1de9d69a6377ffe2d85d90988b35081576c18b
                                                          • Opcode Fuzzy Hash: d533dedf91d6cb1dc57bdba6c40da6b5cd47abdc815c8fb68137785444874cbe
                                                          • Instruction Fuzzy Hash: 87E1B53191CAC985E322AF3690413F9F390EF99764F489332EA48265A1DFADA4A5C710
                                                          Function 00007FF7C1885D90 Relevance: 3.6, APIs: 2, Instructions: 579COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00007FF7C18ACE80: 00007FFB1E6719C0.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000023D0B271FE0,00007FF7C1885C91), ref: 00007FF7C18ACFE7
                                                            • Part of subcall function 00007FF7C18ACE80: 00007FFB2ADBA0D0.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000023D0B271FE0,00007FF7C1885C91), ref: 00007FF7C18AD044
                                                          • 00007FFB1E6719C0.VCRUNTIME140 ref: 00007FF7C188640C
                                                          • 00007FFB1E6719C0.VCRUNTIME140 ref: 00007FF7C1886BAF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007$E6719
                                                          • String ID:
                                                          • API String ID: 2352233328-0
                                                          • Opcode ID: 9e4317997261937fea7a7ee8b6c161e0b27ad81cbb1ca3eaf5bda0d117835ba9
                                                          • Instruction ID: 5bbfe1517637d42c28442b15c7a17e04c1774529eeb9c7f49056a9cdc9631cd9
                                                          • Opcode Fuzzy Hash: 9e4317997261937fea7a7ee8b6c161e0b27ad81cbb1ca3eaf5bda0d117835ba9
                                                          • Instruction Fuzzy Hash: C5828173815BC187D328CF30B9981DAB7A8FB55350F105219DBF622A61DB78F1A6E708
                                                          Function 00007FF7C18AB1E0 Relevance: 3.3, APIs: 2, Instructions: 255COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID:
                                                          • API String ID: 2739980228-0
                                                          • Opcode ID: a901a21fe380d731cddb8a90d61eee48211ebf7b2a1aaf05e539e712814af4b7
                                                          • Instruction ID: 89a2132821ba0c8cdcd907188c2f7f92dcda4b4a6c5d4525019afbe46d49d493
                                                          • Opcode Fuzzy Hash: a901a21fe380d731cddb8a90d61eee48211ebf7b2a1aaf05e539e712814af4b7
                                                          • Instruction Fuzzy Hash: BAB11733A18AD586E321EF3590442BEF7E4FF58BA4F448332EB8552654EB78E492C710
                                                          Function 00007FF7C18D105B Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: InfoKeyboardLayoutLocale
                                                          • String ID:
                                                          • API String ID: 1218629382-0
                                                          • Opcode ID: f283ab7825a6475dc086a71a2a168ceadd91aec4ad0de022f7e24bf4c51d4291
                                                          • Instruction ID: 5fdb0da35d64060e687af15b2baad19422f4dddf390e2538791afcaeba73ddb7
                                                          • Opcode Fuzzy Hash: f283ab7825a6475dc086a71a2a168ceadd91aec4ad0de022f7e24bf4c51d4291
                                                          • Instruction Fuzzy Hash: 0BF0A022718A8686E762AF66A4002AAF3D4FB48774F94403BCF8D53350DE7DD893C710
                                                          Function 00007FF7C189C250 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • (window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened, xrefs: 00007FF7C189C2E4
                                                          • C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7C189C2DD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened$C:\Users\55yar\Desktop\imgui-master\imgui.cpp
                                                          • API String ID: 0-3836044477
                                                          • Opcode ID: 59a3e0b9d0ed32fc26bab3bb040e05495808e826a9946ae6e3f556fdb2d6b851
                                                          • Instruction ID: a4e1c4dfe46d5c8e17d117e022fb1ad93f9cdfe4902efacc54adb95442ae27a7
                                                          • Opcode Fuzzy Hash: 59a3e0b9d0ed32fc26bab3bb040e05495808e826a9946ae6e3f556fdb2d6b851
                                                          • Instruction Fuzzy Hash: E0D1E523D0CA8E81E3237A3740420B9F3D0AF6E3B5F589736FD58361A1DB9A75A54660
                                                          Function 00007FF7C18A7EF0 Relevance: 2.7, Strings: 2, Instructions: 225COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: !(o > b->size || o < 0)$C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
                                                          • API String ID: 0-2013812653
                                                          • Opcode ID: 0d476810ee24973e4687efe328c80034deff5b45b82e8c1e7edba5a50064980d
                                                          • Instruction ID: ec9aa0f088a01a34c834ad61157d4743572c518123289671ae1e413f7d78033c
                                                          • Opcode Fuzzy Hash: 0d476810ee24973e4687efe328c80034deff5b45b82e8c1e7edba5a50064980d
                                                          • Instruction Fuzzy Hash: 12B1D132A0CAC48AE701DF7A90401BDBBF0FB893A5F545335EF8922675DB78A591CB10
                                                          Function 00007FF7C18B59E0 Relevance: 2.6, Strings: 2, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$text_end != 0
                                                          • API String ID: 0-48455972
                                                          • Opcode ID: 08f38f8f42a20b6ae9d2cfd4b0838849bdb775e757d534d2916361f9775c9024
                                                          • Instruction ID: 922acbc3b6dbb2c54461e4d26b2b590cc55156cabfae13d5615f47870572847f
                                                          • Opcode Fuzzy Hash: 08f38f8f42a20b6ae9d2cfd4b0838849bdb775e757d534d2916361f9775c9024
                                                          • Instruction Fuzzy Hash: DD41D811A0D75A86EB21ED239880179E691AF55BB0FD88732DD0C276D49BBCE4918B10
                                                          Function 00007FF7C18946F0 Relevance: 2.6, Strings: 2, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
                                                          • API String ID: 0-1180621679
                                                          • Opcode ID: 1e37af945958fdbbf9efb019e9e7f485eed15aa847ee9e907e7b1330e220a63a
                                                          • Instruction ID: 89eff65ec01cd1302ece1b03bf9520ab856d458f57109479fcd52f9e96a31af2
                                                          • Opcode Fuzzy Hash: 1e37af945958fdbbf9efb019e9e7f485eed15aa847ee9e907e7b1330e220a63a
                                                          • Instruction Fuzzy Hash: 1931AE72B141E98BEB98CF62A850F797B60E3D6742B896131EF8417A48C63CD111CBA0
                                                          Function 00007FF7C1894620 Relevance: 2.6, Strings: 2, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
                                                          • API String ID: 0-1180621679
                                                          • Opcode ID: 1692b8b0b4d5c362798770ae27053444f645312b350ac7f61c9bf755d23bb4d4
                                                          • Instruction ID: c07c06154faa8cf3da22706df563bdc971dba589d53164888d751f4d03e5fe0c
                                                          • Opcode Fuzzy Hash: 1692b8b0b4d5c362798770ae27053444f645312b350ac7f61c9bf755d23bb4d4
                                                          • Instruction Fuzzy Hash: 89110AB160869186E708CF61E8E007977E0F785791F81103BEBCE07645DE7CD191C760
                                                          Function 0000023D0FBF0FF0 Relevance: 1.7, Strings: 1, Instructions: 412COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 571b037c833f41477eab1f803613ee28cd15a9307d76852dee75fe241bfed66e
                                                          • Instruction ID: c73843b55131a0efdfe486e10ee6e1e8d33891bf2f294fb9754f8729c57e02a7
                                                          • Opcode Fuzzy Hash: 571b037c833f41477eab1f803613ee28cd15a9307d76852dee75fe241bfed66e
                                                          • Instruction Fuzzy Hash: EEE1F07421CB888FE7A4DF18D45876AB7E1FB99305F20491DE48EC32A0DB78D885DB06
                                                          Function 00007FF7C18A54F0 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
                                                          • API String ID: 0-2705777111
                                                          • Opcode ID: 0e547a02c0faae0f31701a54dd046d557730ddebfdeab5f4b8c068a73400c959
                                                          • Instruction ID: ac8df0f177b05cb9226476e7be562fb452d8085eaa63f7d3e6755b7f16145931
                                                          • Opcode Fuzzy Hash: 0e547a02c0faae0f31701a54dd046d557730ddebfdeab5f4b8c068a73400c959
                                                          • Instruction Fuzzy Hash: 735158A6B284B183DB20DF2AC8C15BC77D1E74A752FD48076D25CC2F91C62DC15A9F20
                                                          Function 00007FF7C18D3C00 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: AcquireExclusiveLock
                                                          • String ID: \\.\VBoxMiniRdrDN
                                                          • API String ID: 4021432409-4073649278
                                                          • Opcode ID: 4d59e053f126c934bbe87067bd4d078bce445e7bd00d98d7c2fa9bd51dfe6ad4
                                                          • Instruction ID: d7e8e397911ceebf26f9dcc9c299e4b04ebe0d30198f0c411acd499569d0a6bd
                                                          • Opcode Fuzzy Hash: 4d59e053f126c934bbe87067bd4d078bce445e7bd00d98d7c2fa9bd51dfe6ad4
                                                          • Instruction Fuzzy Hash: 86316D2250CBC289D761EB2CA84425ABBA0A793374F940374F7EE477E9DB6CD101CB21
                                                          Function 00007FF7C18ADB50 Relevance: .9, Instructions: 868COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 01177c0944c594afe8d2519272f25f100af435ea639e3592be59496485798271
                                                          • Instruction ID: 16323632255ba6e0c3cf01a8141ccaee4f3ed5c6397913f0ad74eb7917049fe3
                                                          • Opcode Fuzzy Hash: 01177c0944c594afe8d2519272f25f100af435ea639e3592be59496485798271
                                                          • Instruction Fuzzy Hash: 54925F33928B8886C715CF37948116DBBA0FFADB94B19D716DE0823761EB35E4A4DB00
                                                          Function 00007FF7C18CA370 Relevance: .4, Instructions: 439COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7056ad41baa53b0861df8fc1b3d75c338a12c52f935646fbc65459307e15986b
                                                          • Instruction ID: 8b357af4b3ed0f0aff0409bdfb2fdd94039d46895b8389527512678a59537347
                                                          • Opcode Fuzzy Hash: 7056ad41baa53b0861df8fc1b3d75c338a12c52f935646fbc65459307e15986b
                                                          • Instruction Fuzzy Hash: 0B22A332E0C7858AE711DE7690503BEF7A0FB593B8F544335EE4826695EBBCA464CB10
                                                          Function 00007FF7C18AC270 Relevance: .4, Instructions: 405COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 27504f3df9fe3d2bcbeeb46f454de5265eb1ecadf1d403471eb2c49202ba0498
                                                          • Instruction ID: c69ea13b2ad9baf47f7b12a0008affda1b03cc84f18602ba2f372066265d4258
                                                          • Opcode Fuzzy Hash: 27504f3df9fe3d2bcbeeb46f454de5265eb1ecadf1d403471eb2c49202ba0498
                                                          • Instruction Fuzzy Hash: 9702E332A186C48BD325CF369041679F7E0FF5DBA4F148336EA8963655EB38E5A1CB10
                                                          Function 00007FF7C18B6BC0 Relevance: .4, Instructions: 396COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c7a4d81e31cc1f335a30e7f1e06cc74edf758b19acc56c80cb797eaa226930cd
                                                          • Instruction ID: 176e12f7a6082f0317e0806fac03128ccc4d2713eadda583f5b01cfcd9eabfdb
                                                          • Opcode Fuzzy Hash: c7a4d81e31cc1f335a30e7f1e06cc74edf758b19acc56c80cb797eaa226930cd
                                                          • Instruction Fuzzy Hash: EC02ED23D1CB8986D311EE3694421B9F3A0FFAE3A4F645731FE44229A5DF69F0619B10
                                                          Function 00007FF7C18CBA80 Relevance: .4, Instructions: 362COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be17f392ea121d90e75c9b272ceadb28d56538019bb9e4878e4f70c653414feb
                                                          • Instruction ID: 39149944aabcb91a3078366e29a6e9251ee060974c95d5dc72c2fd1749058ec0
                                                          • Opcode Fuzzy Hash: be17f392ea121d90e75c9b272ceadb28d56538019bb9e4878e4f70c653414feb
                                                          • Instruction Fuzzy Hash: 0FF1A532A0CB8286E771EE2590503B9B7E0EB55FB4F884135DE89076D5CBB9E855CB20
                                                          Function 00007FF7C1889730 Relevance: .3, Instructions: 301COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1ce395c067b3fab69857288410e128d86538e75d917210ad2953944e45964f92
                                                          • Instruction ID: 070bb7f973b7777b7cece2549e96efecfe11ac82c2345ff82b8fde6ebd09cabc
                                                          • Opcode Fuzzy Hash: 1ce395c067b3fab69857288410e128d86538e75d917210ad2953944e45964f92
                                                          • Instruction Fuzzy Hash: 2ED1C062D0D6C395FF66AE3540002B9B7D0AF92778F984135EE491A9C6CFBCA8619330
                                                          Function 00007FF7C18CE5B0 Relevance: .3, Instructions: 275COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4d84135fe5031b75b4d8ac2960b53fb71714476753b43893bff389ca86a997f9
                                                          • Instruction ID: 42c725d99a0496f59cf818d93e7e90402149fecae001cb8aa71138368349c82f
                                                          • Opcode Fuzzy Hash: 4d84135fe5031b75b4d8ac2960b53fb71714476753b43893bff389ca86a997f9
                                                          • Instruction Fuzzy Hash: 2AC14D36750B8982E7108F3BD454BAD67A1EB9EF98F09D231CE0A17B64DF7AD1458700
                                                          Function 00007FF7C18AAD40 Relevance: .3, Instructions: 254COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 33a42b9f9b29d3832b029c47bcf8cdb7f01e3eef0a0307a1879daa4bfe730252
                                                          • Instruction ID: e1c7ffd19c0481230f4ce1df78729a8efc6a7803b8ba0a87b30ddbb5965164c3
                                                          • Opcode Fuzzy Hash: 33a42b9f9b29d3832b029c47bcf8cdb7f01e3eef0a0307a1879daa4bfe730252
                                                          • Instruction Fuzzy Hash: 93B1A622E28FCC41E223AA3750821F5E250AF7F3D5F2DDB23FD8475AB2AB5961D15610
                                                          Function 00007FF7C1895A30 Relevance: .3, Instructions: 251COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 15ba45cef193519d0e8a2cf2df657ba8e3e1ef1d8cacf801574288a9be6fea2f
                                                          • Instruction ID: bd6eaa90a7f8599ef08f1a1bf9d74116c93a5fd2f3bf4ba42c0d4247117b8984
                                                          • Opcode Fuzzy Hash: 15ba45cef193519d0e8a2cf2df657ba8e3e1ef1d8cacf801574288a9be6fea2f
                                                          • Instruction Fuzzy Hash: 66D1C322D0E3C1C9E3519F3594407F87BD4FB66B68F4C827BDB8817686CB6864609B71
                                                          Function 00007FF7C189F250 Relevance: .2, Instructions: 185COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6877bc407da904a33211ddbdad51888c4838a2b73c3e89749f5d9815c1d3e555
                                                          • Instruction ID: ffde2fc2a47944cb2276ba1c7850904b09df52dc6884b9a3ca0291c531577df8
                                                          • Opcode Fuzzy Hash: 6877bc407da904a33211ddbdad51888c4838a2b73c3e89749f5d9815c1d3e555
                                                          • Instruction Fuzzy Hash: FB91063291C68587E35AAF3590403FDBBE0FF04778F588376DA59161D5DBB875A08B20
                                                          Function 00007FF7C18DE050 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 648528a407e212a7f5a2beb008c6e8ef11472fc43ed2d5d1bde36790216f3e34
                                                          • Instruction ID: 30eb593ccc0df632dca798ab862b691de12d64854e677112edbfd4912043f67f
                                                          • Opcode Fuzzy Hash: 648528a407e212a7f5a2beb008c6e8ef11472fc43ed2d5d1bde36790216f3e34
                                                          • Instruction Fuzzy Hash: 91311CA790EBC74BE3527E784C660697FD0BB96E3478E817AC284421C3E99A2C15C771
                                                          Function 00007FF7C18DE200 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6f76b69e54d21ee0aea8ea25b6d29d9dd87d9392bb8614d28d55f211ad7c3c1d
                                                          • Instruction ID: 8d5aeda3c4468e37c3a8c3bbcadd7bd9eb944eef9013cf07a238db053b930e97
                                                          • Opcode Fuzzy Hash: 6f76b69e54d21ee0aea8ea25b6d29d9dd87d9392bb8614d28d55f211ad7c3c1d
                                                          • Instruction Fuzzy Hash: 6521DE87D4D7C71DF7EA7E641CAA438AFC0DBA2A31BCD4579F2C8021C3988969258771
                                                          Function 00007FF7C18DE0B0 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 36ee239c5d24e46cdd60b743f7756e6b305d80beccbf515749a4b6e0d5898f4c
                                                          • Instruction ID: 8efe81b674044060ef540dd6e2ed909a186920d40193c506a0d7474432a7d634
                                                          • Opcode Fuzzy Hash: 36ee239c5d24e46cdd60b743f7756e6b305d80beccbf515749a4b6e0d5898f4c
                                                          • Instruction Fuzzy Hash: C101CCA790EBC34BE3533E784D5A0197FD0BB95E2478E817AC384421C7E99A2C15C732
                                                          Function 00007FF7C18DE0C0 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a422d00b7dd0fd14525c5c1af7926a5ef345e25b0c1d376ef78f2dd52a3de787
                                                          • Instruction ID: 1ac1175e5c213a103c36fe6ac33a48b88bf9cc72f0b8133b7bbc759494c07441
                                                          • Opcode Fuzzy Hash: a422d00b7dd0fd14525c5c1af7926a5ef345e25b0c1d376ef78f2dd52a3de787
                                                          • Instruction Fuzzy Hash: CCF0E1A790EBC24BE3523E7888661597FD0BB91E2078E807AD284421C7ED9A2C15C772
                                                          Function 00007FF7C18DE0D0 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e3ea30ebda66b848019ad8e19e71a2c59527ec1bc90ae7bae2b6b1a2228ddcf9
                                                          • Instruction ID: 57f1dc0f6e9746295eb4caa9197501df34d7b2584d478b62c06df6688c71e486
                                                          • Opcode Fuzzy Hash: e3ea30ebda66b848019ad8e19e71a2c59527ec1bc90ae7bae2b6b1a2228ddcf9
                                                          • Instruction Fuzzy Hash: FFF0D0A790EBC64BF3523E7889560197FD0BB55E3078E8079C284021C7E9992C158331
                                                          Function 00007FF7C18DE0A0 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f801bfde92b589c3a6d53c17ddcd4892fa86ee7eb976dc1f946df16b7269d6e
                                                          • Instruction ID: eb61445867441c150f99d4ff4aab3d9140ac7fb9988d7b1424a8b8cdb021d597
                                                          • Opcode Fuzzy Hash: 2f801bfde92b589c3a6d53c17ddcd4892fa86ee7eb976dc1f946df16b7269d6e
                                                          • Instruction Fuzzy Hash: 33E0C99790EBC64AE3532E384CA50197F90BA9292478E81BAC284431C7E88D2C15C732
                                                          Function 00007FF7C18DE278 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 21c79f8d4b1a295e38c2abf4fbd9cca6c3c5ba9f495910fed74b6d6a85d07fda
                                                          • Instruction ID: f7118079c3a338a18b7a3944f13fc7f5bb145a072c5f55ae06d92256a2c9fd4f
                                                          • Opcode Fuzzy Hash: 21c79f8d4b1a295e38c2abf4fbd9cca6c3c5ba9f495910fed74b6d6a85d07fda
                                                          • Instruction Fuzzy Hash: C3C0924BC0CA470EFAB4783808FAAE48BC4EF73270F894631F558834D11A8A39234270
                                                          Function 00007FF7C18DC80C Relevance: .0, Instructions: 2COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 629e4b8bc268abd5ff6f1821ab861a0b50d73f20c8cb0795d9f958efeeda9d3b
                                                          • Instruction ID: 0ac6a22c403f10194fcbdceacb29358cda26580ba9ae4d2f5eb3bb804b3ecb45
                                                          • Opcode Fuzzy Hash: 629e4b8bc268abd5ff6f1821ab861a0b50d73f20c8cb0795d9f958efeeda9d3b
                                                          • Instruction Fuzzy Hash: B9A0012191CA0390EB04BF00A851920A2E1BB50370B808475C04D414609FACA821C320
                                                          Function 0000023D0FB04850 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0000023D0FB05360: _WChar_traits.LIBCPMTD ref: 0000023D0FB0538D
                                                            • Part of subcall function 0000023D0FB04AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB04AD0
                                                            • Part of subcall function 0000023D0FB04AA0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FB04B2F
                                                            • Part of subcall function 0000023D0FB04AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB04B41
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FB048B8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork$Char_traits
                                                          • String ID: $ $ $B$D$K$KDBM$M$a$a$a$b$c$e$g$i$l$o$t$y
                                                          • API String ID: 1777712374-1292890139
                                                          • Opcode ID: b2d997a1cd0057e47c91f10b8e029a4fbb281733a314e99ff4f758cdf7aee981
                                                          • Instruction ID: 9e3e360875220711aa5d01d297727dbcae331bf1e6df04bc7ef379f6b2bb6fdb
                                                          • Opcode Fuzzy Hash: b2d997a1cd0057e47c91f10b8e029a4fbb281733a314e99ff4f758cdf7aee981
                                                          • Instruction Fuzzy Hash: 6261F93050CB848FE765EB68C448B9ABBE1FBA5304F14492DA0C9C7261DBB9D489CB53
                                                          Function 00007FF7C1897C60 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007B5630
                                                          • String ID: 1.91.6 WIP$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$strcmp(version, "1.91.6 WIP") == 0 && "Mismatched version string!"$sz_idx == sizeof(ImDrawIdx) && "Mismatched struct layout!"$sz_io == sizeof(ImGuiIO) && "Mismatched struct layout!"$sz_style == sizeof(ImGuiStyle) && "Mismatched struct layout!"$sz_vec2 == sizeof(ImVec2) && "Mismatched struct layout!"$sz_vec4 == sizeof(ImVec4) && "Mismatched struct layout!"$sz_vert == sizeof(ImDrawVert) && "Mismatched struct layout!"
                                                          • API String ID: 2248877218-1295771896
                                                          • Opcode ID: 73982e209b0fe399edd5979ae14340f42387c4a8ef84f5c8a3e1b2a1a2d52266
                                                          • Instruction ID: 4d9061bb336dbf6028ed03bbc3172fff6e365d6ccb34219d6b0945f367c8a231
                                                          • Opcode Fuzzy Hash: 73982e209b0fe399edd5979ae14340f42387c4a8ef84f5c8a3e1b2a1a2d52266
                                                          • Instruction Fuzzy Hash: 9B311A25A0DA4780EB10BF05E8441A5A3E2FF567B4FC85435D84D036A4DFADE529C770
                                                          Function 00007FF7C18B47D0 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 170COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • 00007FFB1E6719C0.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7C18B4ABE), ref: 00007FF7C18B48FE
                                                          • 00007FFB1E6719C0.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7C18B4ABE), ref: 00007FF7C18B4911
                                                          • 00007FFB1E6719C0.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7C18B4ABE), ref: 00007FF7C18B4929
                                                          • 00007FFB1E6719C0.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FF7C18B4ABE), ref: 00007FF7C18B4971
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007E6719
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$i >= 0 && i < Size$index >= 0$pad_left + line_width + pad_right == r->Width && y < r->Height$r->IsPacked()
                                                          • API String ID: 1823926093-458361149
                                                          • Opcode ID: c8c261c216b1aebd6a1147a5566a9e7cdbbc1a367a531d2b4b0594f3f14ed8bd
                                                          • Instruction ID: ae467e046b27d8b637398fe8c5f48f525227f447f9cd52464d2062166270f611
                                                          • Opcode Fuzzy Hash: c8c261c216b1aebd6a1147a5566a9e7cdbbc1a367a531d2b4b0594f3f14ed8bd
                                                          • Instruction Fuzzy Hash: 34713332B08B5682E700DF29E841278B3A2FF55BA0F958235DE5D537A0EFB8E065C350
                                                          Function 0000023D0FB869A0 Relevance: 17.0, APIs: 11, Instructions: 484COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000023D0FB86BDD
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FB86C5A
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FB86C73
                                                          • Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 0000023D0FB86CB3
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FB86D12
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FB86D2B
                                                          • _Min_value.LIBCPMTD ref: 0000023D0FB86D62
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FB86D7E
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FB86D97
                                                          • _Max_value.LIBCPMTD ref: 0000023D0FB86DCE
                                                          • _Min_value.LIBCPMTD ref: 0000023D0FB86DEB
                                                            • Part of subcall function 0000023D0FB8F140: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000023D0FB8F165
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
                                                          • String ID:
                                                          • API String ID: 2048856540-0
                                                          • Opcode ID: e866146c94e960af1540157134187f2a0fce7dbc0c02fbcd93b84c3e2d61bdcf
                                                          • Instruction ID: 74fd23f0c9f1a72d8092e71274fd03b8aa10756760ea04f553d1b9fac073acbd
                                                          • Opcode Fuzzy Hash: e866146c94e960af1540157134187f2a0fce7dbc0c02fbcd93b84c3e2d61bdcf
                                                          • Instruction Fuzzy Hash: 1A02EE7011CB888FDBB5EB18D498BEAB3E5FBE8701F50091E958EC3291DE749945CB42
                                                          Function 0000023D0FB72A10 Relevance: 15.2, APIs: 10, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: std::make_error_code$std::error_condition::error_condition
                                                          • String ID:
                                                          • API String ID: 2527301759-0
                                                          • Opcode ID: 71ef438b1bb58b4182dc28e9ffd7d5b29104a32867a1bdd3a258c92d20c36c8b
                                                          • Instruction ID: 0e57b04d0f7dbc6596b8860630d3cab3996b0b582d34e9fc4272fea6c1264d63
                                                          • Opcode Fuzzy Hash: 71ef438b1bb58b4182dc28e9ffd7d5b29104a32867a1bdd3a258c92d20c36c8b
                                                          • Instruction Fuzzy Hash: D56100302187554BE25EDB29E459B2AB7E9BB85740FB00868F1C9C76E2CA2CDE41CF51
                                                          Function 00007FF7C18A9E40 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 426COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007E6719
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$z != 0$z->direction$z->ey >= scan_y_top
                                                          • API String ID: 1823926093-479673919
                                                          • Opcode ID: b1f5d2743eba00185b4ef35da03a36488c5a9ffa4c6548543b2ac54dad6f16f8
                                                          • Instruction ID: 5ecfad2a2bd917d1d067fde3f8357addd6cf5131f62666c43cac415bb416c436
                                                          • Opcode Fuzzy Hash: b1f5d2743eba00185b4ef35da03a36488c5a9ffa4c6548543b2ac54dad6f16f8
                                                          • Instruction Fuzzy Hash: 5E12D232908BC587D7629F35D0412A9B3A0FF58BA4F588336DB4963764EB7CE1A5CB10
                                                          Function 00007FF7C18B4020 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 216COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007$E6719F020
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$i >= 0 && i < Size$pack_context != 0$pack_rects[i].w == user_rects[i].Width && pack_rects[i].h == user_rects[i].Height$user_rects.Size >= 1
                                                          • API String ID: 1826410401-766226355
                                                          • Opcode ID: 8ce10e466192048a1693556da465ee69bb877a76bb65d9e6bfeac6a609cba9b4
                                                          • Instruction ID: 76362661f2aca1f0907f6c51b86d474688047db647e9c9df266f282a9e5330e1
                                                          • Opcode Fuzzy Hash: 8ce10e466192048a1693556da465ee69bb877a76bb65d9e6bfeac6a609cba9b4
                                                          • Instruction Fuzzy Hash: D6A19F36A0CA1386EB14EF15D8441B8B7A1FB45BB8F808136CE4E47664DFBCE566C760
                                                          Function 00007FF7C18BDF40 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$i >= 0 && i < Size$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table->MemoryCompacted == false
                                                          • API String ID: 2739980228-1783795845
                                                          • Opcode ID: 62f75428c15231a191c8b2183383776eb55f8038cf437fe52e0662faf8159130
                                                          • Instruction ID: d99632c751811b794cf3c78a9800cd010f5ef1f1ed18aa1d27db58c2e0de7116
                                                          • Opcode Fuzzy Hash: 62f75428c15231a191c8b2183383776eb55f8038cf437fe52e0662faf8159130
                                                          • Instruction Fuzzy Hash: E251B272A0CA8686DB10EF15E8542E8B7E1FB55B68F840136CE0C47764DFBDE166C360
                                                          Function 0000023D0FB4A850 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Decorator::getTableTypeshared_ptr
                                                          • String ID: d
                                                          • API String ID: 143873753-2564639436
                                                          • Opcode ID: 9472d0e4b889f094a3cab1acffd77fe61c7aaf73f92bde8c9ff228181d57b494
                                                          • Instruction ID: b21a6396654ab48aca862be9b6d984be7e1461ab8e4f3eeafb5626c43e4e8137
                                                          • Opcode Fuzzy Hash: 9472d0e4b889f094a3cab1acffd77fe61c7aaf73f92bde8c9ff228181d57b494
                                                          • Instruction Fuzzy Hash: E59134305187848FD799EB28D058B5BBBE5FFD9700F54095DB089C72A2DA38D945CF02
                                                          Function 0000023D0FB4A540 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 244COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Decorator::getTableTypeshared_ptr
                                                          • String ID: d
                                                          • API String ID: 143873753-2564639436
                                                          • Opcode ID: 9036c0c1e63749c3bc76dfb6a94ead1f4178844c3cfab8ee976c09acc3f1cf2d
                                                          • Instruction ID: a25838b289224cf26f0e0d22fe6133e3d6d58648ce73fac4f5e3bdd1adf33838
                                                          • Opcode Fuzzy Hash: 9036c0c1e63749c3bc76dfb6a94ead1f4178844c3cfab8ee976c09acc3f1cf2d
                                                          • Instruction Fuzzy Hash: 9B9111306187848FE799EB28D45876BBBE5FBD9700F54095DB0C9C72A2DA38DA45CF02
                                                          Function 0000023D0FB50EC0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: type_info::_name_internal_method$char_traits
                                                          • String ID: $'
                                                          • API String ID: 2432257368-2481900351
                                                          • Opcode ID: 80be3a970e3a749e1926a631d758321b903abe1dc6e94d3da15c608f29041d81
                                                          • Instruction ID: 8814b916289fcd38dd37b185e99a2d769bcb45581af8357362685598fb71449e
                                                          • Opcode Fuzzy Hash: 80be3a970e3a749e1926a631d758321b903abe1dc6e94d3da15c608f29041d81
                                                          • Instruction Fuzzy Hash: 6A513331118B888FD7A6FB18D489BDEB7E5FBA8B00F50495DA089C31A1DF389644CF42
                                                          Function 00007FF7C18D0C30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 149windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: EventMouseTrack$ClientExtraInfoMessageScreen
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
                                                          • API String ID: 3561655495-3890275027
                                                          • Opcode ID: 56b5d8c4c4cd4702416651cf8138708fd5936cd832d97e54c425377689c9d51c
                                                          • Instruction ID: fc880a02a2592bd92882a9df5c76b6ed0d66ee494d2d256deeb1957f3750fad7
                                                          • Opcode Fuzzy Hash: 56b5d8c4c4cd4702416651cf8138708fd5936cd832d97e54c425377689c9d51c
                                                          • Instruction Fuzzy Hash: AD618C72A0C7428AE714EF65E4402ADB7E1FF45764F984139DA0A52A94CFBCE4A58720
                                                          Function 00007FF7C188CB20 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 130COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: __swprintf_l
                                                          • String ID: #Child$%s/%08X$%s/%s_%08X$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$id != 0
                                                          • API String ID: 1488884202-1586801193
                                                          • Opcode ID: 46a1a0c6a0e47ec31a009c470b2dafd8de949c046316960332f141e314256c12
                                                          • Instruction ID: 2c7db8e8a3853f6ab873b15cfd88a5280e30d3fc110de01924c33e46293cddc3
                                                          • Opcode Fuzzy Hash: 46a1a0c6a0e47ec31a009c470b2dafd8de949c046316960332f141e314256c12
                                                          • Instruction Fuzzy Hash: 7551CF32A0CB8696E754EF26D0402E9F7E1FF89764F848136DA4C03A95CFBCA0A5C710
                                                          Function 00007FF7C18A43E0 Relevance: 12.4, APIs: 8, Instructions: 350COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID:
                                                          • API String ID: 2739980228-0
                                                          • Opcode ID: f94a614454fe2cb526baa10b2cce888be569503d75c325dc1dce0eb86242048f
                                                          • Instruction ID: 9255269816f0f59b637fd25799468e3f5d4dc1d87162ae45b6b9a32b279c0a81
                                                          • Opcode Fuzzy Hash: f94a614454fe2cb526baa10b2cce888be569503d75c325dc1dce0eb86242048f
                                                          • Instruction Fuzzy Hash: 7E027A7271999296DB09FF24C5950FCB3B4FB50B64B944232D60E832A1EF78E67AC350
                                                          Function 00007FF7C1888380 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 164COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • 00007FFB2AD9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7C1888442
                                                          • 00007FFB2AD9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7C18884FA
                                                          • 00007FFB2AD9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7C188858A
                                                            • Part of subcall function 00007FF7C18881E0: 00007FFB2AD9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7C1888269
                                                            • Part of subcall function 00007FF7C18881E0: 00007FFB2AD9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7C18882E9
                                                            • Part of subcall function 00007FF7C18881E0: 00007FFB2AD9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7C188836A
                                                          • 00007FFB2AD9F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7C1888624
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$DrawList == &DrawListInst
                                                          • API String ID: 2739980228-20161693
                                                          • Opcode ID: 2d8ea6574ee6b8056d063ee5808aa292970097db89a4d7c438daa540352c4861
                                                          • Instruction ID: 1b561b159502af8822da7e37b74a1688f40c8ba56a2bac29facedb4dd8f758b3
                                                          • Opcode Fuzzy Hash: 2d8ea6574ee6b8056d063ee5808aa292970097db89a4d7c438daa540352c4861
                                                          • Instruction Fuzzy Hash: 0471CE7360DA9286D745EF28D0951FCB3B5FB04B98F984236CA0E87660DF78D5AAC350
                                                          Function 0000023D0FB3FBC0 Relevance: 9.4, APIs: 6, Instructions: 410COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$Decorator::getTableTypebool_shared_ptr
                                                          • String ID:
                                                          • API String ID: 2413108386-0
                                                          • Opcode ID: 09bb8693cdd345d70ffcf971e1c493b358d70803e10c2bb5853e910151989129
                                                          • Instruction ID: 78b4c0b67b0cbdb58288015236fba209c42c9faafe4aacd6565398688324d156
                                                          • Opcode Fuzzy Hash: 09bb8693cdd345d70ffcf971e1c493b358d70803e10c2bb5853e910151989129
                                                          • Instruction Fuzzy Hash: 84F1463055CB488FE76AEB18D458BEBB7E4FF99700F60491DA089C7192DE749A44CF42
                                                          Function 0000023D0FB6E080 Relevance: 9.4, APIs: 6, Instructions: 408COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000023D0FB6E0A3
                                                          • Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000023D0FB6E0B7
                                                          • std::make_error_code.LIBCPMTD ref: 0000023D0FB6E0D0
                                                          • std::make_error_code.LIBCPMTD ref: 0000023D0FB6E132
                                                          • std::make_error_code.LIBCPMTD ref: 0000023D0FB6E300
                                                            • Part of subcall function 0000023D0FB16020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 0000023D0FB1602E
                                                          • std::make_error_code.LIBCPMTD ref: 0000023D0FB6E1B7
                                                            • Part of subcall function 0000023D0FB18FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000023D0FB18FFE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
                                                          • String ID:
                                                          • API String ID: 3233732842-0
                                                          • Opcode ID: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
                                                          • Instruction ID: 66fe78f8d91bf89b45bc284a984b072d46b5d0bd6e36ff6169498e97caa06098
                                                          • Opcode Fuzzy Hash: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
                                                          • Instruction Fuzzy Hash: EBF1DF301187888FD6A9EB28D459BEEB7E5FBD9700F60485DA18DC3292DE38D945CF42
                                                          Function 0000023D0FB3BB60 Relevance: 9.1, APIs: 6, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::$Base::ContextIdentityQueueWork$Affinity::operator!=HardwareList
                                                          • String ID:
                                                          • API String ID: 2242293343-0
                                                          • Opcode ID: 0f09c845dda9b562757045dec8ee4d3361f5b6171332ab6d94f79fbde5fb3f63
                                                          • Instruction ID: 2037bf7c8f7c72563ac828a062894ba93f7490d13a9339c91e73b3235c1ffad4
                                                          • Opcode Fuzzy Hash: 0f09c845dda9b562757045dec8ee4d3361f5b6171332ab6d94f79fbde5fb3f63
                                                          • Instruction Fuzzy Hash: 58414631158B488FD799EB14E459BDBB7E4FFD4700F90491DA089D3292DE78DA44CB42
                                                          Function 0000023D0FB81A30 Relevance: 9.1, APIs: 6, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
                                                          • String ID:
                                                          • API String ID: 1588182640-0
                                                          • Opcode ID: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
                                                          • Instruction ID: 08378deee12152001031b5d588d9584e49a6a8e5152785a4bec19e77bb8df034
                                                          • Opcode Fuzzy Hash: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
                                                          • Instruction Fuzzy Hash: C631CB30618B888FDAA4EF28D45975EB7E1FBE9740F60095DA48DC3252DA789941CB42
                                                          Function 00007FF7C1887D10 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 246COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007E6719
                                                          • String ID: #MOVE$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
                                                          • API String ID: 1823926093-319756798
                                                          • Opcode ID: b4340bdd38b7b9769abd49ed6405a14d352e2387e4be97406b1e305ec5bfd546
                                                          • Instruction ID: 935ed02f5a3eb312d366214ace35f8e57c95796cd8813ebed1bd446e168a61f4
                                                          • Opcode Fuzzy Hash: b4340bdd38b7b9769abd49ed6405a14d352e2387e4be97406b1e305ec5bfd546
                                                          • Instruction Fuzzy Hash: 50D13A32606BC19AD754DF29E988799B7A9F705F24FA94238C7A807790DF35E072C704
                                                          Function 00007FF7C18B13B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 152COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF7C18B13DA
                                                          • C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7C18B13D3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
                                                          • API String ID: 2739980228-3599239301
                                                          • Opcode ID: 25f72e3c8c282048cd647ec2fff06e31e0aedba023ac7ffc24038e7a7775b1cc
                                                          • Instruction ID: 3401ef1746931bd2af8c96b2f1152864addd8ba3fbb5e817d9c0a560be77bc66
                                                          • Opcode Fuzzy Hash: 25f72e3c8c282048cd647ec2fff06e31e0aedba023ac7ffc24038e7a7775b1cc
                                                          • Instruction Fuzzy Hash: 5061C373A09A4682DB45EF14E5942BCB3B1FB05BA4F948236DB0E47364DF78E56AC340
                                                          Function 00007FF7C18BCA90 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->SortOrder < table->SortSpecsCount$p >= Data && p < DataEnd
                                                          • API String ID: 2739980228-2291414753
                                                          • Opcode ID: e9122d132843dbd3fc90186753353c71bc0eb896d549cd1bf48cf2c0944e686a
                                                          • Instruction ID: 3e35c07260ebb133d78d22c94e57d1a45da370ab04c33c7ee56bc3a245763092
                                                          • Opcode Fuzzy Hash: e9122d132843dbd3fc90186753353c71bc0eb896d549cd1bf48cf2c0944e686a
                                                          • Instruction Fuzzy Hash: 6A61CF3260CA9292DB08EF28D5941BCB7A0FB44B60F844136DF5D83254DFBCE5A6C3A0
                                                          Function 00007FF7C1882E30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007$A8950$F020
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$filename && mode
                                                          • API String ID: 3465666832-1878659873
                                                          • Opcode ID: 32812b3c54b52d5fddf171a9a411fc68495d8a89a2949104707e8eea0ed6fa51
                                                          • Instruction ID: e3dc4780a491b95fd3033eca764d94ec805e16c9acd3db39c4ff7aabaf824e4d
                                                          • Opcode Fuzzy Hash: 32812b3c54b52d5fddf171a9a411fc68495d8a89a2949104707e8eea0ed6fa51
                                                          • Instruction Fuzzy Hash: 8A419121A0DA5382FB54FF15A444178A3E2FF48BB4B980131DA4E43BD1DE7CE466C320
                                                          Function 00007FF7C18D13F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: Capture$ExtraInfoMessage
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
                                                          • API String ID: 2172523684-3890275027
                                                          • Opcode ID: e5ed3c2d33467ee866650776db45dde0e5327c93dae5451d5cdba795c5f28f26
                                                          • Instruction ID: 1b2db570d07fb4c5cc56e4c651c90efbe43025ede49e42c3d910c7521e902c44
                                                          • Opcode Fuzzy Hash: e5ed3c2d33467ee866650776db45dde0e5327c93dae5451d5cdba795c5f28f26
                                                          • Instruction Fuzzy Hash: B821E466609B4386E751EF25E4442A9B3E2FF44BB8FC00232DE2E47394DF78E5568760
                                                          Function 00007FF7C18A1F40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: printf
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$[%05d] $[%s] [%05d]
                                                          • API String ID: 3524737521-3476604433
                                                          • Opcode ID: 1f05ae7bfb494f84aad7026fd753fc4d603e48b965f2e09f5000b0581db317b5
                                                          • Instruction ID: d1e72e87da49856ed43fdf0ded8f6e77c7e0793957c23aee5666f69748b54643
                                                          • Opcode Fuzzy Hash: 1f05ae7bfb494f84aad7026fd753fc4d603e48b965f2e09f5000b0581db317b5
                                                          • Instruction Fuzzy Hash: C421CD76A08A4286EB21AF11F8445AAB7E1EF40BA4F848031DE4D57655CF7CE5A4C750
                                                          Function 00007FF7C18CFA50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF7C18CFAAA
                                                          • bd != nullptr && "No platform backend to shutdown, or already shutdown?", xrefs: 00007FF7C18CFA8B
                                                          • C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF7C18CFA84
                                                          • GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF7C18CFAB1
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: FreeLibrary
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "No platform backend to shutdown, or already shutdown?"
                                                          • API String ID: 3664257935-1332676508
                                                          • Opcode ID: bb86a6f7c7364d40ceef79f0e52fd7b12f9ff1b9120e67842a6bdd4e3ffcc0a4
                                                          • Instruction ID: 2cc8bb7a5feedbbbebd8ec4821abe48774cbe2cdb773afcee84d1b907819dafd
                                                          • Opcode Fuzzy Hash: bb86a6f7c7364d40ceef79f0e52fd7b12f9ff1b9120e67842a6bdd4e3ffcc0a4
                                                          • Instruction Fuzzy Hash: 2231613160DB4682EB44AF19E490678B7A1FB15BA8F888136DA0D43760DF7CE865C760
                                                          Function 00007FF7C18D14F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: Capture$ExtraInfoMessageRelease
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
                                                          • API String ID: 1767768705-3890275027
                                                          • Opcode ID: 0527ba3645a25572ded4bfe279cd1dbea92f4c5092a315049e297b2bad3063cb
                                                          • Instruction ID: f366b96fd43d7db32a5788403a5b1d7ad7789204ed7abf51436793f51d6d914f
                                                          • Opcode Fuzzy Hash: 0527ba3645a25572ded4bfe279cd1dbea92f4c5092a315049e297b2bad3063cb
                                                          • Instruction Fuzzy Hash: 7721D062A1DB4386E751BF65D4002BAA2E1FF49BB4FC40031E90F477A5CEBDE4968720
                                                          Function 0000023D0FB55F20 Relevance: 8.0, APIs: 5, Instructions: 479COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: std::make_error_code$Base::ChoresConcurrency::details::Func_classGroupScheduleSegmentUnrealizedstd::error_condition::error_condition
                                                          • String ID:
                                                          • API String ID: 831135708-0
                                                          • Opcode ID: 2b019b4e3f526854cc6463bb2731e43c27d4326d5903197f3522d122ad0e4905
                                                          • Instruction ID: 681b19818919b2adf9598422babced25a6a76ba8e31a10486b5bd372edc432db
                                                          • Opcode Fuzzy Hash: 2b019b4e3f526854cc6463bb2731e43c27d4326d5903197f3522d122ad0e4905
                                                          • Instruction Fuzzy Hash: C3F11630158B484FE7AAFB28D459BDEB3D9FB94700FA04969A04DC3292DE7CDA45CB41
                                                          Function 0000023D0FB52740 Relevance: 7.9, APIs: 5, Instructions: 422COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000023D0FB527C5
                                                          • std::make_error_code.LIBCPMTD ref: 0000023D0FB52810
                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB52904
                                                          • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 0000023D0FB52BB3
                                                            • Part of subcall function 0000023D0FB5F6A0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000023D0FB5F6CB
                                                          • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 0000023D0FB52C8E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::$Scheduler$ProcessorProxyRoot::Virtual$Base::ChoresConcurrency::details::_EmptyGroupQueue::ScheduleScheduler::_SegmentStructuredUnrealizedWorkstd::make_error_code
                                                          • String ID:
                                                          • API String ID: 1866601945-0
                                                          • Opcode ID: 78ae9953cbedf62042fc3d33d4decda1cf0a4d0c091af80d0bda17040aa99622
                                                          • Instruction ID: 9c40006af8a041794db3d4e8d244eda1e7bb4a71328be26758ecc0d9c7ef64ae
                                                          • Opcode Fuzzy Hash: 78ae9953cbedf62042fc3d33d4decda1cf0a4d0c091af80d0bda17040aa99622
                                                          • Instruction Fuzzy Hash: 11F10230658B488FE7B9FB28D459BDAB3E5FB98700F50492DA0CDC3291DE789645CB42
                                                          Function 0000023D0FB413D0 Relevance: 7.8, APIs: 5, Instructions: 311COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cc1c347d2910cc0400b9c5d360fd704ec17404c1c8a9becaaf1b808fa4f3174e
                                                          • Instruction ID: fd11bc1980d01c233207e2ce93885617a570fc3d3d735f25982ff2d5ed4a1f5e
                                                          • Opcode Fuzzy Hash: cc1c347d2910cc0400b9c5d360fd704ec17404c1c8a9becaaf1b808fa4f3174e
                                                          • Instruction Fuzzy Hash: 0CB1ED3051CB888FDBA5EB1CC095FAAB7E5FB98344F50495DA08EC7261DB74E981CB42
                                                          Function 0000023D0FB35960 Relevance: 7.8, APIs: 5, Instructions: 294COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: fpos
                                                          • String ID:
                                                          • API String ID: 1083263101-0
                                                          • Opcode ID: 6a66e7cf8dba913559191b32390491cef5c931f42b95be3e289b6306e1102091
                                                          • Instruction ID: 5ed21ac2bc58091dafa2e254a4e2323fb370261652343a09789b367a7110e6b5
                                                          • Opcode Fuzzy Hash: 6a66e7cf8dba913559191b32390491cef5c931f42b95be3e289b6306e1102091
                                                          • Instruction Fuzzy Hash: 0EB1113025CB898FD7B9EB18D459B6AB7E4FB99705F68091DE48AC3290D738D944CF02
                                                          Function 0000023D0FB799B0 Relevance: 7.8, APIs: 5, Instructions: 277COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_condition
                                                          • String ID:
                                                          • API String ID: 1851498522-0
                                                          • Opcode ID: 5030b6f4d4358b935513f3764e1def77f0374254cb11d93097da90f9fbad4d41
                                                          • Instruction ID: 4e2c348527a893fe17a2119d098c17cb3f84e48151822ca034bdf3fc77ff1341
                                                          • Opcode Fuzzy Hash: 5030b6f4d4358b935513f3764e1def77f0374254cb11d93097da90f9fbad4d41
                                                          • Instruction Fuzzy Hash: 8BA15431118B484BE76AEB24D445BEFB3E5FB95710F500A19A08EC31E1DE78DA45CF41
                                                          Function 0000023D0FB226B0 Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::_SchedulerScheduler::_$std::error_condition::error_condition$std::bad_exception::bad_exception
                                                          • String ID:
                                                          • API String ID: 3801495819-0
                                                          • Opcode ID: f3d1858459e0af94582484c269b498f47c4f8567e9ef1adb0021aa434c7c7154
                                                          • Instruction ID: de18b6f141f465824d1438c7e8758c32d19ae4ebb08d77d27a70097d4e68f47c
                                                          • Opcode Fuzzy Hash: f3d1858459e0af94582484c269b498f47c4f8567e9ef1adb0021aa434c7c7154
                                                          • Instruction Fuzzy Hash: 77613D34618B488FD7E9EF28D448B9AB7E1FB98710F50495DE08DC3291DB78D945CB02
                                                          Function 0000023D0FB9A5E0 Relevance: 7.7, APIs: 5, Instructions: 179COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
                                                          • String ID:
                                                          • API String ID: 2480882750-0
                                                          • Opcode ID: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
                                                          • Instruction ID: f05ae8ad33fdd6c8fee10573834d6e9e2e39f607dfb4f210f95bcd9fe35c840a
                                                          • Opcode Fuzzy Hash: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
                                                          • Instruction Fuzzy Hash: 3F61EB7051CB488FE7A5EF28C489B9AB7E4FB98740F50491EA48DC3261DB78D985CF42
                                                          Function 0000023D0FB6FF60 Relevance: 7.7, APIs: 5, Instructions: 171COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000023D0FB6FF83
                                                          • Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000023D0FB6FF97
                                                          • std::make_error_code.LIBCPMTD ref: 0000023D0FB6FFB0
                                                          • std::make_error_code.LIBCPMTD ref: 0000023D0FB70003
                                                            • Part of subcall function 0000023D0FB16020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 0000023D0FB1602E
                                                          • std::make_error_code.LIBCPMTD ref: 0000023D0FB70067
                                                            • Part of subcall function 0000023D0FB18FE0: std::error_condition::error_condition.LIBCPMTD ref: 0000023D0FB18FFE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
                                                          • String ID:
                                                          • API String ID: 3233732842-0
                                                          • Opcode ID: 36f1b8e1be24ef3a6cc2bc1991dc0e8dbe358b09201980bfd4b288c65b8c3771
                                                          • Instruction ID: 3782be0b2f258fdd75f651b2768c8886e4ec88589346113286a8d55f0c52422c
                                                          • Opcode Fuzzy Hash: 36f1b8e1be24ef3a6cc2bc1991dc0e8dbe358b09201980bfd4b288c65b8c3771
                                                          • Instruction Fuzzy Hash: 0151C7301587484FE3A9EB18D859B9EB3E5FF94740FA0456DA08DC31A6DF389945CF06
                                                          Function 0000023D0FB70D30 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
                                                          • String ID:
                                                          • API String ID: 2306575402-0
                                                          • Opcode ID: 4b39966be41b15abd6190cfefa99efc2f337a93b3f9923bc7b93d7348519477d
                                                          • Instruction ID: 238132d55c33e7f46b4d86f687e5d94ef18bc7be49ca5d1d17ba1dc1d201ca52
                                                          • Opcode Fuzzy Hash: 4b39966be41b15abd6190cfefa99efc2f337a93b3f9923bc7b93d7348519477d
                                                          • Instruction Fuzzy Hash: A25164306187888BE76AEB24D459BAF77E5FB84744F504A19A0C9D71D2DB3CDA048F42
                                                          Function 00007FF7C1882CA0 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWide$00007F020
                                                          • String ID:
                                                          • API String ID: 2477082939-0
                                                          • Opcode ID: fc5896e256cb37e3bf40e60c3bf080396ef434dd3cf173f2239811d82b423f67
                                                          • Instruction ID: 9f1b153551993668e7d81c398655e6c892da946bc817ac6d780a160afb0b303a
                                                          • Opcode Fuzzy Hash: fc5896e256cb37e3bf40e60c3bf080396ef434dd3cf173f2239811d82b423f67
                                                          • Instruction Fuzzy Hash: 5C41AF76608B4186D724EF16E8440A9BBA2FB48BE4F488236DE4D43B94DF7CC566C700
                                                          Function 0000023D0FB4BF60 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
                                                          • String ID:
                                                          • API String ID: 1588182640-0
                                                          • Opcode ID: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
                                                          • Instruction ID: 918f842ea623715fc91c2455080974398966e6555cbe1c5b7efc2cec8b0b963b
                                                          • Opcode Fuzzy Hash: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
                                                          • Instruction Fuzzy Hash: 7721CD30618B888FDAA5FF2CD45975EB7E1FBE8740FA0495DA48DC3252DE7899408B42
                                                          Function 0000023D0FB6FCF0 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
                                                          • String ID:
                                                          • API String ID: 2306575402-0
                                                          • Opcode ID: a32136fa3a3c95708d011456afc3b85815d78c4fd3309404f318db35ddc1acc6
                                                          • Instruction ID: 15415cf1f3193c6a7c37c3a715120a83d2e3c46181222f2f857e14fefbf352b8
                                                          • Opcode Fuzzy Hash: a32136fa3a3c95708d011456afc3b85815d78c4fd3309404f318db35ddc1acc6
                                                          • Instruction Fuzzy Hash: 07213630258B488FE74AEB24E455BAE77E5FBC4740FA0491DA085C72E2DA3CDA45DF81
                                                          Function 0000023D0FB81C70 Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
                                                          • String ID:
                                                          • API String ID: 1588182640-0
                                                          • Opcode ID: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
                                                          • Instruction ID: 96afaa4f0e75279856af82fc1ebea0129874593468d158626d01f700ab560a5f
                                                          • Opcode Fuzzy Hash: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
                                                          • Instruction Fuzzy Hash: 7F21ED30618B888FDAA4FB2CD45975EB7E1FBE8740FA0495DA48DC3252DE789940CB42
                                                          Function 0000023D0FB694F0 Relevance: 7.6, APIs: 5, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: shared_ptr$allocator$Affinity::operator!=Concurrency::details::Hardware
                                                          • String ID:
                                                          • API String ID: 1053258265-0
                                                          • Opcode ID: d0542d8c5f8c00544737d49b6b181d538de8c3696277a9840e8cef3017e38d50
                                                          • Instruction ID: 6651d4bb0fb80e00e6759eed98d2a7dd5bfc9b9ffdc2e82744405c2ce5889e46
                                                          • Opcode Fuzzy Hash: d0542d8c5f8c00544737d49b6b181d538de8c3696277a9840e8cef3017e38d50
                                                          • Instruction Fuzzy Hash: EC118F3011CB488FD7A4EB28D4497ABB7E5FBD8700F50491EA4CDC3252DA34AA448B82
                                                          Function 0000023D0FB0E510 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: type_info::_name_internal_method$char_traits
                                                          • String ID:
                                                          • API String ID: 2432257368-3916222277
                                                          • Opcode ID: 484fa9ed5a09ce3c1aba4d5e140585cca91a770afe66fd64d1cb6647b4050987
                                                          • Instruction ID: 19f93738d2e4d98329d427516be165dec8ec3c38cb6721b22b0e4a80a43f5dd6
                                                          • Opcode Fuzzy Hash: 484fa9ed5a09ce3c1aba4d5e140585cca91a770afe66fd64d1cb6647b4050987
                                                          • Instruction Fuzzy Hash: D9C1EF31518B488FD76AEB28D459BDFB7E5FB98704F504E29A08AC3191EF38D644CB42
                                                          Function 00007FF7C18BE150 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 187COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$p < end()$p >= begin() && p < end()
                                                          • API String ID: 2739980228-1901453082
                                                          • Opcode ID: 9d9a1517e51c1fe0e5a5e04ee605e1aa435a62f3df0e428a25b9debd2f4fc217
                                                          • Instruction ID: 1cb4ccf8fae72bbc893f0df1d893ac3230af855d80e8f1b243c982e57b5701fe
                                                          • Opcode Fuzzy Hash: 9d9a1517e51c1fe0e5a5e04ee605e1aa435a62f3df0e428a25b9debd2f4fc217
                                                          • Instruction Fuzzy Hash: F581B172B09A429AEB18EF14D9442A9F3E1FF04BA5F848139DE1D47254DF7CE565C320
                                                          Function 0000023D0FB1C5F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Subatomic
                                                          • String ID: d
                                                          • API String ID: 3648745215-2564639436
                                                          • Opcode ID: efb1fcbe8c1811717f4302681e42682ec25775e0b23f357535bcb0ed867f423a
                                                          • Instruction ID: ef82669b7df80007be19fe6f901f76b2b1af756a4b551fb01b82b6aaf13250df
                                                          • Opcode Fuzzy Hash: efb1fcbe8c1811717f4302681e42682ec25775e0b23f357535bcb0ed867f423a
                                                          • Instruction Fuzzy Hash: AF410F70258B488FD795EF28C44D7AABBE6FBA9341F50591EA08AD3260DB74D944CF02
                                                          Function 00007FF7C18D1091 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiUnicodeWideWindow
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
                                                          • API String ID: 3417139564-3890275027
                                                          • Opcode ID: 209bfdbab78ec921e6c6e0e02f910ef59687700a5ea740a5dff3d48987ec466a
                                                          • Instruction ID: 5d7846766bd624f3ffe1d1c9debc42b28fa8c33ee0f16c8fe8b47fde3d642129
                                                          • Opcode Fuzzy Hash: 209bfdbab78ec921e6c6e0e02f910ef59687700a5ea740a5dff3d48987ec466a
                                                          • Instruction Fuzzy Hash: F5519222A1CB4386EB65EF34D4402B9A3E1FF45B79F884136DA4D47A94DFBCD8528320
                                                          Function 00007FF7C18A41F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
                                                          • API String ID: 2739980228-3599239301
                                                          • Opcode ID: 6fb84a0008613fc9e451bc84090f232af98be13056d41ae15d4a5a2dbfb217a0
                                                          • Instruction ID: d68c1ea2ab9fd24841386cfe7a16b8bf8b36d44419e9c5d8922dbe42f5626304
                                                          • Opcode Fuzzy Hash: 6fb84a0008613fc9e451bc84090f232af98be13056d41ae15d4a5a2dbfb217a0
                                                          • Instruction Fuzzy Hash: C851BCB2A0DA5282EB04FF14E4944ACB3F4FB59BA4F984236CA4D43650DFBCD56AC750
                                                          Function 0000023D0FB04AA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB04AD0
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FB04B2F
                                                          • Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB04B41
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
                                                          • String ID:
                                                          • API String ID: 991905282-3916222277
                                                          • Opcode ID: 9ff833f645241d309f74730e56746fcdce4bb14be2cacbeb9f454d4447fa5017
                                                          • Instruction ID: eb3b07d4eb8e4442bc0e9e4b2e850cb29479569112f603e80504bf8af3b14244
                                                          • Opcode Fuzzy Hash: 9ff833f645241d309f74730e56746fcdce4bb14be2cacbeb9f454d4447fa5017
                                                          • Instruction Fuzzy Hash: 2B410D30118B448FE3A8EF28C49975EB7E0FB88701FA0591DB09AC32A1CB749945CF42
                                                          Function 00007FF7C18B1620 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF7C18B1640
                                                          • C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF7C18B1639
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
                                                          • API String ID: 2739980228-3599239301
                                                          • Opcode ID: 949da079233bebc451fdb1efe9aea4bc1086646359ae301130959504423949a1
                                                          • Instruction ID: 0a5e0800145ef73c5973f570ea0d0cf745ca1cabd6862334b2b82a64a15e5dfa
                                                          • Opcode Fuzzy Hash: 949da079233bebc451fdb1efe9aea4bc1086646359ae301130959504423949a1
                                                          • Instruction Fuzzy Hash: 0B31E57360DA5282D745EF24E4951BCB3F5FB15B94B948233CA0E47254DF78D5AAC340
                                                          Function 0000023D0FB72950 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: std::make_error_code$std::error_condition::error_condition
                                                          • String ID: }
                                                          • API String ID: 2527301759-4239843852
                                                          • Opcode ID: be98c45c2635ea1b7c099d9ee1afc8aab728c4e80a3655f5ac3be0dc2360b2bb
                                                          • Instruction ID: 3c35b36ea60d0ff210e839586201ff900c12bfb13b2ccb49640f780e34ed0949
                                                          • Opcode Fuzzy Hash: be98c45c2635ea1b7c099d9ee1afc8aab728c4e80a3655f5ac3be0dc2360b2bb
                                                          • Instruction Fuzzy Hash: AB213E301187848BE35DDB58D044B1ABBE5FB85780F64092DF0C9C31A1D678CA80DF02
                                                          Function 0000023D0FB55890 Relevance: 6.4, APIs: 4, Instructions: 359COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 0000023D0FB55917
                                                          • std::make_error_code.LIBCPMTD ref: 0000023D0FB55992
                                                          • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 0000023D0FB55B1C
                                                            • Part of subcall function 0000023D0FB5F870: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000023D0FB5F8CD
                                                            • Part of subcall function 0000023D0FB5F870: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000023D0FB5F8E4
                                                          • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 0000023D0FB55CAB
                                                            • Part of subcall function 0000023D0FB36BC0: char_traits.LIBCPMTD ref: 0000023D0FB36BE0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Scheduler$Concurrency::details::$Concurrency::details::_ProcessorProxyRoot::Scheduler::_Virtual$Base::ChoresGroupScheduleSegmentUnrealizedchar_traitsstd::make_error_code
                                                          • String ID:
                                                          • API String ID: 3113402709-0
                                                          • Opcode ID: e2d3ee74bc8f1c16197933b13d06f8bb0aa28bf4c35c2e9712a17edbc610efea
                                                          • Instruction ID: 918f83794dc885978dba3088c42096253c573a36239421dca82049ba92f586cc
                                                          • Opcode Fuzzy Hash: e2d3ee74bc8f1c16197933b13d06f8bb0aa28bf4c35c2e9712a17edbc610efea
                                                          • Instruction Fuzzy Hash: 1AC10531158B4C8FE7BAEB18D459BDBB3E5FBA8700F50092E948DC3291DE789645CB42
                                                          Function 0000023D0FB71370 Relevance: 6.3, APIs: 4, Instructions: 304COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • UnDecorator::getVbTableType.LIBCMTD ref: 0000023D0FB71564
                                                            • Part of subcall function 0000023D0FB450A0: char_traits.LIBCPMTD ref: 0000023D0FB450C1
                                                          • Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 0000023D0FB715C1
                                                            • Part of subcall function 0000023D0FB7A0F0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 0000023D0FB7A112
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Scheduler$Concurrency::details::Concurrency::details::_Decorator::getProcessorProxyRoot::Scheduler::_TableTypeVirtualchar_traits
                                                          • String ID:
                                                          • API String ID: 1673230147-0
                                                          • Opcode ID: cfb114ce81b8242a8138127994242184d9f7b02dc7cc79d7158feec11a0593a8
                                                          • Instruction ID: d67aa6ff7152939ffc04404cad5f188f8e5f0804860c9166bc62cde335f239a8
                                                          • Opcode Fuzzy Hash: cfb114ce81b8242a8138127994242184d9f7b02dc7cc79d7158feec11a0593a8
                                                          • Instruction Fuzzy Hash: 0BC1CA7055CB888FE7A5EB18D499BDBB7E5FBA8700F50492EA08DC3261DF349584CB42
                                                          Function 0000023D0FB724C0 Relevance: 6.3, APIs: 4, Instructions: 266COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupScheduleSegmentUnrealizedstd::error_condition::error_condition
                                                          • String ID:
                                                          • API String ID: 1046759889-0
                                                          • Opcode ID: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
                                                          • Instruction ID: b2814f06d266524e8ca8afcb925a65c1a09903115c9996670aca65cb74d041f6
                                                          • Opcode Fuzzy Hash: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
                                                          • Instruction Fuzzy Hash: 9EB1C930118B888FD7A9EB28D459BDEB7E5FBD8700FA0495DA08DC3292DE349945CF42
                                                          Function 0000023D0FB3BF20 Relevance: 6.3, APIs: 4, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fa309a1d5eda81a3067fdfd55af1e6fde9889dbaabf2b138042415afc4b680ce
                                                          • Instruction ID: 3f022a31d3a945d438a43b6b3e3def9cf748e9caf2dcaaa608d1414a091ca812
                                                          • Opcode Fuzzy Hash: fa309a1d5eda81a3067fdfd55af1e6fde9889dbaabf2b138042415afc4b680ce
                                                          • Instruction Fuzzy Hash: FE91EE30118B488FDBA5EB18C095FAAB7E5FBE9304F50495DA08EC7262CB75E945CF42
                                                          Function 0000023D0FB6DCB0 Relevance: 6.2, APIs: 4, Instructions: 212COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: std::make_error_code$std::error_condition::error_condition
                                                          • String ID:
                                                          • API String ID: 2527301759-0
                                                          • Opcode ID: 914871444acda03db8c397575b484ba356f5dbd6d30ab43649a56d47f3854115
                                                          • Instruction ID: 01a9ce5234a3145382d4399389ba4de734bf02bdccef5be307e1b4fd526fb3d5
                                                          • Opcode Fuzzy Hash: 914871444acda03db8c397575b484ba356f5dbd6d30ab43649a56d47f3854115
                                                          • Instruction Fuzzy Hash: 82810330158B898FE3A9EB18D455BAEB7E5FFD4700F50496DA08EC31A2DA38D945CF42
                                                          Function 0000023D0FB35700 Relevance: 6.2, APIs: 4, Instructions: 210COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: fpos
                                                          • String ID:
                                                          • API String ID: 1083263101-0
                                                          • Opcode ID: 6482d30fa890008c781780ebb765b1d214955e0675561b79e15b2cde454a484b
                                                          • Instruction ID: 64b553bd7909de1d859f42576bb29d0d472e36e8d40b6cbd742cf1d7da377371
                                                          • Opcode Fuzzy Hash: 6482d30fa890008c781780ebb765b1d214955e0675561b79e15b2cde454a484b
                                                          • Instruction Fuzzy Hash: E281003055CB89CFE7A5EB28D459B2AB7E4FB98754F68091DB499C32A0C738D940CF02
                                                          Function 0000023D0FB18290 Relevance: 6.1, APIs: 4, Instructions: 147COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: type_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
                                                          • String ID:
                                                          • API String ID: 1744367693-0
                                                          • Opcode ID: 05dacfb44ce026340830ddc3cf9d5ce59777114b69a1943011c7116f23cbb7e6
                                                          • Instruction ID: 26dd8b61c03b6bc3fa998e7bc38509b40456328f8fccf45657122aa52baaaf55
                                                          • Opcode Fuzzy Hash: 05dacfb44ce026340830ddc3cf9d5ce59777114b69a1943011c7116f23cbb7e6
                                                          • Instruction Fuzzy Hash: 715131301187848FE3A5EF18D484BAFB7E5FB98744F544A1DB089C72A1DB78DA45CB42
                                                          Function 00007FF7C18C59A0 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID:
                                                          • API String ID: 2739980228-0
                                                          • Opcode ID: e68efa2831d778e4f34f330c17ca88291312f669d56948be7ecc4bde90aff0f3
                                                          • Instruction ID: 02051f4b44b0e727c73fbc561a33e0cc42b6aed3b2553ef8003e9fc7e02bbac1
                                                          • Opcode Fuzzy Hash: e68efa2831d778e4f34f330c17ca88291312f669d56948be7ecc4bde90aff0f3
                                                          • Instruction Fuzzy Hash: 11518D7261DA52C6CB49EF28D0A50BCB7B1FB58B54B948233CA0E83290DF79D56AC740
                                                          Function 0000023D0FB3C210 Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::$Affinity::operator!=Base::ContextHardwareIdentityQueueWorkshared_ptr
                                                          • String ID:
                                                          • API String ID: 714649587-0
                                                          • Opcode ID: 606393b9907e576b18da76dfb43c28659ee352b60d92254cb05aa7b94d9479f7
                                                          • Instruction ID: e06c385f7ed07a8249801fd05b735477b09008db2346c336efbc6578a812f967
                                                          • Opcode Fuzzy Hash: 606393b9907e576b18da76dfb43c28659ee352b60d92254cb05aa7b94d9479f7
                                                          • Instruction Fuzzy Hash: C2411070518F488FD799EB18D499B6AB7E4FBA8345F60091DB089C32A1DB34D941CF42
                                                          Function 0000023D0FBDE560 Relevance: 6.1, APIs: 4, Instructions: 120COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0000023D0FBDE760: _Byte_length.LIBCPMTD ref: 0000023D0FBDE7CE
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FBDE5E5
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FBDE60E
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FBDE645
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FBDE66E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Byte_length
                                                          • String ID:
                                                          • API String ID: 1141060839-0
                                                          • Opcode ID: 73401877cca2df4d9d6e09be458f0decb97a0093fc0ac4ecf507f84a65ce1821
                                                          • Instruction ID: c0e170bbe076a643818926d0afe3362b58853831e488099c63d186ca529b587f
                                                          • Opcode Fuzzy Hash: 73401877cca2df4d9d6e09be458f0decb97a0093fc0ac4ecf507f84a65ce1821
                                                          • Instruction Fuzzy Hash: 91412230118B488FE759FB18D459BAEB7E5FB98741F50492EA089C3161DF749984CF42
                                                          Function 0000023D0FB8D460 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • type_info::_name_internal_method.LIBCMTD ref: 0000023D0FB8D48B
                                                            • Part of subcall function 0000023D0FB576A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000023D0FB576B8
                                                          • type_info::_name_internal_method.LIBCMTD ref: 0000023D0FB8D4AA
                                                            • Part of subcall function 0000023D0FB80D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 0000023D0FB80D48
                                                          • type_info::_name_internal_method.LIBCMTD ref: 0000023D0FB8D4C9
                                                          • type_info::_name_internal_method.LIBCMTD ref: 0000023D0FB8D4E8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
                                                          • String ID:
                                                          • API String ID: 1588182640-0
                                                          • Opcode ID: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
                                                          • Instruction ID: a37aae4ad83cfe83de477217a36519f441afd2764018af1f2891f359a389d35e
                                                          • Opcode Fuzzy Hash: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
                                                          • Instruction Fuzzy Hash: 7611003061CB488FDA95FB2CD45975EBBE1FBD8740F60095DA089C3262DA38D945CF42
                                                          Function 0000023D0FB03D40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 321COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 0000023D0FB05360: _WChar_traits.LIBCPMTD ref: 0000023D0FB0538D
                                                            • Part of subcall function 0000023D0FB04740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB0476C
                                                            • Part of subcall function 0000023D0FB04740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB0477E
                                                            • Part of subcall function 0000023D0FB04740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 0000023D0FB047BB
                                                            • Part of subcall function 0000023D0FB04850: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FB048B8
                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 0000023D0FB0412A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Char_traits
                                                          • String ID: $X
                                                          • API String ID: 1626164810-1398056850
                                                          • Opcode ID: da34108681e6cb996675731457550fc137bc86ebf3564906fc77d927d8b33079
                                                          • Instruction ID: 21e198cc3ad0fc4f4d9d8dd58df9b8a822399e14fc86699a8a78e410349358e9
                                                          • Opcode Fuzzy Hash: da34108681e6cb996675731457550fc137bc86ebf3564906fc77d927d8b33079
                                                          • Instruction Fuzzy Hash: 28D1C630618B888FD7B5EB28D4997DEB7E1FB98301F50492EA48DC3251DB749985CB42
                                                          Function 0000023D0FB65560 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "$"
                                                          • API String ID: 0-3758156766
                                                          • Opcode ID: 8fdaf1600544622fd33f728529cb6508d7889566d47cbe218040ba2ee86dacff
                                                          • Instruction ID: 2e0774151e71d64f64735c17e76483d4cdb43b5362182693a034f1dfa3385f0b
                                                          • Opcode Fuzzy Hash: 8fdaf1600544622fd33f728529cb6508d7889566d47cbe218040ba2ee86dacff
                                                          • Instruction Fuzzy Hash: 4B710D31118B488AD7A9EB14D485FDBB7E5FB94744F640A1DB08AC31A1DE38D645CF82
                                                          Function 0000023D0FB24B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • std::error_condition::error_condition.LIBCPMTD ref: 0000023D0FB24CEA
                                                            • Part of subcall function 0000023D0FB201A0: Concurrency::details::VirtualProcessor::ClaimTicket::InitializeTicket.LIBCMTD ref: 0000023D0FB201BD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3717485517.0000023D0FB00000.00000040.00001000.00020000.00000000.sdmp, Offset: 0000023D0FB00000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_23d0fb00000_solara-executor.jbxd
                                                          Yara matches
                                                          Similarity
                                                          • API ID: ClaimConcurrency::details::InitializeProcessor::TicketTicket::Virtualstd::error_condition::error_condition
                                                          • String ID: @$@
                                                          • API String ID: 2004282921-149943524
                                                          • Opcode ID: 9950cd689140dd32029c8ba334a83ce130f8fc6c6ba909f7c99662a502cc7da8
                                                          • Instruction ID: be2892384e785456f7bde2b85c825bc32c9a95006139cb966475742dce774760
                                                          • Opcode Fuzzy Hash: 9950cd689140dd32029c8ba334a83ce130f8fc6c6ba909f7c99662a502cc7da8
                                                          • Instruction Fuzzy Hash: 3A51F57450C744CFE7A9EB18D088B9EB7E4FB99744F20092EE199C3681DB749944CF06
                                                          Function 00007FF7C1889BC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$max_error > 0.0f
                                                          • API String ID: 3568877910-3636960062
                                                          • Opcode ID: a1e7d619fba98255bbb59b74f2aa783b82d974d6421d94029452daf7382b12b9
                                                          • Instruction ID: dcf19ca5a4560a7bd4741f193655e3e74e8309011a7f200f45f81bc8e78e6af2
                                                          • Opcode Fuzzy Hash: a1e7d619fba98255bbb59b74f2aa783b82d974d6421d94029452daf7382b12b9
                                                          • Instruction Fuzzy Hash: 2861C732D1C7C985F302AF3680412A9B7D0EFA9764F4CC732EA49365A5DFA8B4D58720
                                                          Function 00007FF7C18A0E40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.SettingsWindows.empty()
                                                          • API String ID: 2739980228-1747592857
                                                          • Opcode ID: 5fcca6ab54b0025e594ec8bc263e215ec36465dfda948e98fee39a4306cf2aa2
                                                          • Instruction ID: 6f7cd1800432555818256ecb88298fb68bd2b4eb7bbd0352544359e14240aa3b
                                                          • Opcode Fuzzy Hash: 5fcca6ab54b0025e594ec8bc263e215ec36465dfda948e98fee39a4306cf2aa2
                                                          • Instruction Fuzzy Hash: D741D132A0DA8682EB40EF21E0541B8B3A1FB44BA8F984136EA4D13785DF7CE465C710
                                                          Function 00007FF7C18A2A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
                                                          • API String ID: 2739980228-1817040388
                                                          • Opcode ID: 62ab15f237ae12dd1f2f720af39e278684e74126654c7f3b00041a021f926d09
                                                          • Instruction ID: 25e10b389c906aab7a0d456c80947bffa1733849ba4efc37994b1ef1a585b746
                                                          • Opcode Fuzzy Hash: 62ab15f237ae12dd1f2f720af39e278684e74126654c7f3b00041a021f926d09
                                                          • Instruction Fuzzy Hash: 9E419232A0CA9287EB14EF14E4901A8B3B5FB447B4B948232DA4D477A0DF78E566C750
                                                          Function 00007FF7C18A2BC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
                                                          • API String ID: 2739980228-1817040388
                                                          • Opcode ID: 9589bf8728c09f5c901920cbf28053feb88018c1b016dbdcb7ec8812433a96cc
                                                          • Instruction ID: 4ce88aa3150296fccdeb2ff46a4d61fd609d177bc228bd8d0faf2a4cc140058d
                                                          • Opcode Fuzzy Hash: 9589bf8728c09f5c901920cbf28053feb88018c1b016dbdcb7ec8812433a96cc
                                                          • Instruction Fuzzy Hash: 5B41BF32A0CA8683D714EF24E8941A8B3B6FB44BB8B944132DE4D477A4DF7CE566C750
                                                          Function 00007FF7C18A2810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007F020
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
                                                          • API String ID: 2739980228-1817040388
                                                          • Opcode ID: ab78d67b3827ca981ba7196448e1a9a9ce10ad8f11ce5b15fb4adaa829971505
                                                          • Instruction ID: 87d8fcf7a947a9ffc3ab30452e6167c0f8098c72385e83f2d1a0d388c057795c
                                                          • Opcode Fuzzy Hash: ab78d67b3827ca981ba7196448e1a9a9ce10ad8f11ce5b15fb4adaa829971505
                                                          • Instruction Fuzzy Hash: 8031AD32A0CA5683D714EF24E4800A8B3E2FB44BA8B944136EA4D83764DF7CE566C750
                                                          Function 00007FF7C188B200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007
                                                          • String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
                                                          • API String ID: 3568877910-1817040388
                                                          • Opcode ID: fae55c63b829811270316bffbfd4df00558370b4b6ef951384af4ae9f73947b3
                                                          • Instruction ID: 3a1e8914e506ca26243e97b9b143a28953dbd51b171357a625c1393d09187a74
                                                          • Opcode Fuzzy Hash: fae55c63b829811270316bffbfd4df00558370b4b6ef951384af4ae9f73947b3
                                                          • Instruction Fuzzy Hash: B021BC21B1C68685FB64EF15A4406ADA7A0FB85FA0F885035DA8E47B58CF7CE861C710
                                                          Function 00007FF7C18A1E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.3721717873.00007FF7C1881000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF7C1880000, based on PE: true
                                                          • Associated: 00000000.00000002.3721681580.00007FF7C1880000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BA1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1BAA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1D11000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3721717873.00007FF7C1EB0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722280395.00007FF7C1EB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.3722315850.00007FF7C1EB2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_7ff7c1880000_solara-executor.jbxd
                                                          Similarity
                                                          • API ID: 00007
                                                          • String ID: $@
                                                          • API String ID: 3568877910-1077428164
                                                          • Opcode ID: 53b76e4c7360ced8355a90c1ba8cca2d8cf467df60d04d43bb1f796f4f86dbcd
                                                          • Instruction ID: c31c74b8240eb87d2fe10b69d297fa3f0d61d3a1f949a84ce1c9a23dce60a31d
                                                          • Opcode Fuzzy Hash: 53b76e4c7360ced8355a90c1ba8cca2d8cf467df60d04d43bb1f796f4f86dbcd
                                                          • Instruction Fuzzy Hash: 9011077291878287D725DF21F14412AB3E1FB99BA4F544235EB8907B18DB7CE994CF10