Edit tour

Windows Analysis Report
solara-executor.exe

Overview

General Information

Sample name:	solara-executor.exe
Analysis ID:	1577819
MD5:	6107673fe6de87ac938d8d45ceee771b
SHA1:	0ebf97d44da9ce419102f2407e4b92ccc75677dd
SHA256:	1d820e33b6818f08161dbd3766b37e971b7531ee018dee1eb21822edb1eaa545
Tags:	exeuser-aachum
Infos:

Detection

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Contain functionality to detect virtual machines

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

PE file contains section with special chars

Tries to harvest and steal browser information (history, passwords, etc)

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the clipboard data

Detected potential crypto function

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

solara-executor.exe (PID: 7316 cmdline: "C:\Users\user\Desktop\solara-executor.exe" MD5: 6107673FE6DE87AC938D8D45CEEE771B)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: solara-executor.exe PID: 7316	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.solara-executor.exe.1984c1381d0.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-18T19:37:15.832886+0100	2803274	2	Potentially Bad Traffic	192.168.2.6	49714	172.67.75.163	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: solara-executor.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: solara-executor.exe

ReversingLabs: Detection: 18%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: solara-executor.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_000001984C0B7740 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,CryptUnprotectData,

0_2_000001984C0B7740

Source: unknown

HTTPS traffic detected: 172.67.75.163:443 -> 192.168.2.6:49714 version: TLS 1.2

Source: solara-executor.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: solara-executor.exe, solara-executor.exe, 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb/''GCTL source: solara-executor.exe, 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_000001984C01F46A Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileA,type_info::_name_internal_method,type_info::_name_internal_method,type_info::_name_internal_method,

0_2_000001984C01F46A

Source: Joe Sandbox View

IP Address: 172.67.75.163 172.67.75.163

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:49714 -> 172.67.75.163:443

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: global traffic

DNS traffic detected: DNS query: api.myip.com

Source: solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://https://https/:://websocketpp.processorGeneric
Source: solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: solara-executor.exe, 00000000.00000003.2211474780.000001984C44F000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2246199496.000001984BF94000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/
Source: solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/Russia
Source: solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
Source: solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
Source: solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
Source: solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2212662127.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: solara-executor.exe, solara-executor.exe, 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage
Source: solara-executor.exe, 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold
Source: solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2212662127.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
Source: solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_

Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714

Source: unknown

HTTPS traffic detected: 172.67.75.163:443 -> 192.168.2.6:49714 version: TLS 1.2

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_00007FF6341D1D70 OpenClipboard,MultiByteToWideChar,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard,

0_2_00007FF6341D1D70

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_00007FF6341D1D70 OpenClipboard,MultiByteToWideChar,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,CloseClipboard,

0_2_00007FF6341D1D70

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_00007FF6341D1C20 OpenClipboard,GetClipboardData,CloseClipboard,GlobalLock,WideCharToMultiByte,WideCharToMultiByte,GlobalUnlock,CloseClipboard,

0_2_00007FF6341D1C20

Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF634200330 GetClientRect,QueryPerformanceCounter,GetForegroundWindow,ClientToScreen,SetCursorPos,GetCursorPos,ScreenToClient,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_00007FF634200330
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF634200D02 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		0_2_00007FF634200D02

System Summary

PE file contains section with special chars

Source: solara-executor.exe

Static PE information: section name: "/hR

Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF634203F90 PostQuitMessage,GetWindowRect,SetWindowPos,NtdllDefWindowProc_A,		0_2_00007FF634203F90
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF63420E278 NtdllDefWindowProc_A,		0_2_00007FF63420E278

Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF634204720	0_2_00007FF634204720
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341FEA60	0_2_00007FF6341FEA60
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341FF2F0	0_2_00007FF6341FF2F0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF634200330	0_2_00007FF634200330
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341FFCE0	0_2_00007FF6341FFCE0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341DAD40	0_2_00007FF6341DAD40
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341FE5B0	0_2_00007FF6341FE5B0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341B5D90	0_2_00007FF6341B5D90
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341F0DE0	0_2_00007FF6341F0DE0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341E25F0	0_2_00007FF6341E25F0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341ECDD0	0_2_00007FF6341ECDD0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341C4620	0_2_00007FF6341C4620
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341CD620	0_2_00007FF6341CD620
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341B9E10	0_2_00007FF6341B9E10
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341D96B0	0_2_00007FF6341D96B0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341C46F0	0_2_00007FF6341C46F0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341D7EF0	0_2_00007FF6341D7EF0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341C6EC0	0_2_00007FF6341C6EC0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341B9730	0_2_00007FF6341B9730
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341BDFB0	0_2_00007FF6341BDFB0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341E97F0	0_2_00007FF6341E97F0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341DBFC0	0_2_00007FF6341DBFC0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341F6090	0_2_00007FF6341F6090
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341EF9E0	0_2_00007FF6341EF9E0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341E59E0	0_2_00007FF6341E59E0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341DB1E0	0_2_00007FF6341DB1E0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341CE1C0	0_2_00007FF6341CE1C0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341C5A30	0_2_00007FF6341C5A30
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341F2A00	0_2_00007FF6341F2A00
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341CFA00	0_2_00007FF6341CFA00
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341DC270	0_2_00007FF6341DC270
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341CC250	0_2_00007FF6341CC250
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341CF250	0_2_00007FF6341CF250
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341FBA80	0_2_00007FF6341FBA80
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341FC310	0_2_00007FF6341FC310
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341FA370	0_2_00007FF6341FA370
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341FCB40	0_2_00007FF6341FCB40
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341DDB50	0_2_00007FF6341DDB50
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341BFBB0	0_2_00007FF6341BFBB0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341B7390	0_2_00007FF6341B7390
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341E6BC0	0_2_00007FF6341E6BC0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341B6CB0	0_2_00007FF6341B6CB0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341D6C90	0_2_00007FF6341D6C90
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341E7CE0	0_2_00007FF6341E7CE0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341D54F0	0_2_00007FF6341D54F0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341ED530	0_2_00007FF6341ED530
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF634200D02	0_2_00007FF634200D02
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6341DBD10	0_2_00007FF6341DBD10
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_000001984C0E0FF0	0_2_000001984C0E0FF0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_000001984C043841	0_2_000001984C043841
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_000001984C00BA30	0_2_000001984C00BA30

Source: C:\Users\user\Desktop\solara-executor.exe	Code function: String function: 00007FF6341D1F40 appears 40 times
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: String function: 00007FF6341C85B0 appears 36 times
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: String function: 00007FF63420E460 appears 867 times

Source: solara-executor.exe

Static PE information: Section: bbbb ZLIB complexity 0.9988679984861591

Source: classification engine

Classification label: mal88.spyw.evad.winEXE@1/1@1/1

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_000001984BFF6FE0 std::_Fac_node::_Fac_node,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,

0_2_000001984BFF6FE0

Source: C:\Users\user\Desktop\solara-executor.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\HJWXIAQ3.htm

Jump to behavior

Source: C:\Users\user\Desktop\solara-executor.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: solara-executor.exe, 00000000.00000002.4005978558.000001984C5BA000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C5DE000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: solara-executor.exe

ReversingLabs: Detection: 18%

Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: xinput1_4.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\solara-executor.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: solara-executor.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: solara-executor.exe

Static file information: File size 1248295 > 1048576

Source: solara-executor.exe

Static PE information: Raw size of bbbb is bigger than: 0x100000 < 0x121000

Source: solara-executor.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb source: solara-executor.exe, solara-executor.exe, 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp
Source:	Binary string: C:\Users\55yar\Desktop\imgui-master\examples\imgui_loader\Release\example_win32_directx9.pdb/''GCTL source: solara-executor.exe, 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\solara-executor.exe

Unpacked PE file: 0.2.solara-executor.exe.7ff6341b0000.1.unpack "/hR:EW;bbbb:EW;Unknown_Section2:W; vs "/hR:ER;bbbb:ER;Unknown_Section2:W;

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_00007FF6341FF7A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,

0_2_00007FF6341FF7A0

Source: initial sample

Static PE information: section where entry point is pointing to: bbbb

Source: solara-executor.exe	Static PE information: section name: "/hR
Source: solara-executor.exe	Static PE information: section name: bbbb
Source: solara-executor.exe	Static PE information: section name: bNbF

Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF63420E578 push rax; retf		0_2_00007FF63420E579
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_000001984C16D632 pushfd ; retf BD37h		0_2_000001984C16D7D9

Source: solara-executor.exe

Static PE information: section name: bbbb entropy: 7.999761627141752

Malware Analysis System Evasion

Contain functionality to detect virtual machines

Source: C:\Users\user\Desktop\solara-executor.exe	Code function: SOFTWARE\VMware, Inc.\VMware Tools SOFTWARE\VMware, Inc.\VMware Tools SOFTWARE\VMware, Inc.\VMware Tools		0_2_00007FF634203D40
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: \\.\VBoxMiniRdrDN \\.\VBoxMiniRdrDN \\.\VBoxMiniRdrDN		0_2_00007FF634203C00

Source: C:\Users\user\Desktop\solara-executor.exe

File opened / queried: VBoxMiniRdrDN

Jump to behavior

Source: C:\Users\user\Desktop\solara-executor.exe	Window / User API: threadDelayed 5529			Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Window / User API: foregroundWindowGot 1664			Jump to behavior

Source: C:\Users\user\Desktop\solara-executor.exe

0_2_000001984C01F46A

Source: solara-executor.exe, 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware ToolsNOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm0123456789+/LoadLibraryA
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696487552\|UE
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696487552u
Source: solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsdvboxserviceu
Source: solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice
Source: solara-executor.exe, 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Kernel32.dllKernel32.dll\\.\VBoxMiniRdrDN
Source: solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtrayx64dbgh
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696487552f
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696487552x
Source: solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareuser
Source: solara-executor.exe, solara-executor.exe, 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: \\.\VBoxMiniRdrDN
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696487552}
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696487552
Source: solara-executor.exe, 00000000.00000003.2211474780.000001984C45E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2208261026.000001984C45E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005708630.000001984C45E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4004385732.000001984BF2E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696487552
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696487552o
Source: solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwaretray
Source: solara-executor.exe, 00000000.00000002.4004385732.000001984BF2E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696487552
Source: solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-gaVGAuthServicevmwaretrayv
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696487552d
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696487552
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696487552j
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696487552]
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696487552x
Source: solara-executor.exe, solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtray
Source: solara-executor.exe, solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-ga
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696487552
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696487552h
Source: solara-executor.exe, 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696487552t
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
Source: solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: wiresharkvmwareuseri
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
Source: solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696487552s
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696487552
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696487552t
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552x
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696487552}
Source: solara-executor.exe, 00000000.00000003.2183482801.000001984C5E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552

Source: C:\Users\user\Desktop\solara-executor.exe

API call chain: ExitProcess graph end node

graph_0-76664

Source: C:\Users\user\Desktop\solara-executor.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_00007FF63420C628 IsProcessorFeaturePresent,00007FFDA46F19C0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FFDA46F19C0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF63420C628

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_00007FF6341FF7A0 QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,

0_2_00007FF6341FF7A0

Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF63420C628 IsProcessorFeaturePresent,00007FFDA46F19C0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FFDA46F19C0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF63420C628
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF63420C80C SetUnhandledExceptionFilter,	0_2_00007FF63420C80C
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF63420E0B0 SetUnhandledExceptionFilter,	0_2_00007FF63420E0B0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF63420E0D0 SetUnhandledExceptionFilter,	0_2_00007FF63420E0D0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF63420E0C0 SetUnhandledExceptionFilter,	0_2_00007FF63420E0C0

Source: C:\Users\user\Desktop\solara-executor.exe	Code function: QueryPerformanceFrequency,QueryPerformanceCounter,GetKeyboardLayout,GetLocaleInfoA,LoadLibraryA,GetProcAddress,GetProcAddress,		0_2_00007FF6341FF7A0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: GetKeyboardLayout,GetLocaleInfoA,		0_2_00007FF63420105B

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_00007FF63420C8B8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF63420C8B8

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: solara-executor.exe	String found in binary or memory: Electrum-LTC
Source: solara-executor.exe	String found in binary or memory: \ElectronCash\wallets
Source: solara-executor.exe	String found in binary or memory: \com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Source: solara-executor.exe	String found in binary or memory: \Exodus\exodus.wallet
Source: solara-executor.exe	String found in binary or memory: \Ethereum\keystore
Source: solara-executor.exe	String found in binary or memory: Exodus Web
Source: solara-executor.exe	String found in binary or memory: Ethereum
Source: solara-executor.exe	String found in binary or memory: \Coinomi\Coinomi\wallets
Source: solara-executor.exe	String found in binary or memory: \Ethereum\keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0absryc3.default\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Source: Yara match	File source: 0.2.solara-executor.exe.1984c1381d0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: solara-executor.exe PID: 7316, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	1 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Input Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	11 Virtualization/Sandbox Evasion	1 Input Capture	121 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	11 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	3 Clipboard Data	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	12 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	12 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
solara-executor.exe	18%	ReversingLabs
solara-executor.exe	100%	Avira	HEUR/AGEN.1314582
solara-executor.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
http://https://https/:://websocketpp.processorGeneric	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.myip.com	172.67.75.163	true	false		high
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.myip.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://https://https/:://websocketpp.processorGeneric	solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2212662127.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.	solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage	solara-executor.exe, solara-executor.exe, 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2212662127.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3	solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.myip.com/Russia	solara-executor.exe, 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp	false		high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold	solara-executor.exe, 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp	false		high
https://www.ecosia.org/newtab/	solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg	solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	solara-executor.exe, 00000000.00000003.2239000405.000001984C787000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2224404179.000001984C836000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4005978558.000001984C6AF000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_	solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta	solara-executor.exe, 00000000.00000003.2202318264.000001984C79C000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.75.163	api.myip.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1577819
Start date and time:	2024-12-18 19:36:18 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 47s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	solara-executor.exe
Detection:	MAL
Classification:	mal88.spyw.evad.winEXE@1/1@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 88% Number of executed functions: 31 Number of non-executed functions: 138
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 40.126.53.6, 20.223.36.55, 13.107.246.63, 20.109.210.53, 20.223.35.26, 2.18.40.157, 150.171.28.10, 2.18.40.144, 23.218.208.109
Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, tse1.mm.bing.net, g.bing.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: solara-executor.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.75.163	http://keynstrings.com/qdop/shriejeapd-xtre-czoyj-wux-182-n-ql72-dn6/?c=fg228vRhwgeAXmTlARVFPNkYQLEru1SQGolYq6DI2QO81BQyaFaUvmsyEbo4THF&dx6ywq7xi--6pmvnh36bm-q6ly=LedZebpban&f5W%2bAIcMkGZ9Lp3h7Da%2bJcuQl1mIISCF0%2bsnvlLl1C7JZwlOpPadnHGgzJCg9kkRnhKcM0BjIT2Bh9Pj1vF476j%3d%1d&url=htths%2a%0v%0wfr-tr.fazeboak.bon%2fUrbanZoccer%7c	Get hash	malicious	GRQ Scam	Browse	trk.adtrk18.com/aff_c?offer_id=15108&aff_id=1850&url_id=14904&aff_sub=ee27fca9-b066-4ae9-9cbc-def0df49be21&aff_sub5=cm3l19374

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.myip.com	WaveExecutor.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	WaveExecutor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	file.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	file.exe	Get hash	malicious	Amadey, Cryptbot	Browse	172.67.75.163
	file.exe	Get hash	malicious	Amadey, XWorm	Browse	172.67.75.163
fp2e7a.wpc.phicdn.net	g8ix97hz.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	192.229.221.95
	http://golden1-alert.net/online	Get hash	malicious	Unknown	Browse	192.229.221.95
	ji2xlo1f.exe	Get hash	malicious	LummaC	Browse	192.229.221.95
	random.exe.2.exe	Get hash	malicious	LummaC	Browse	192.229.221.95
	https://pluginvest.freshdesk.com/en/support/solutions/articles/157000010678-pluginvest-laadoplossing	Get hash	malicious	Unknown	Browse	192.229.221.95
	stail.exe.3.exe	Get hash	malicious	Socks5Systemz	Browse	192.229.221.95
	GV7DzNoqCI.exe	Get hash	malicious	Unknown	Browse	192.229.221.95
	sxVHUOSqVC.exe	Get hash	malicious	Unknown	Browse	192.229.221.95
	R0SkdJNujW.exe	Get hash	malicious	Unknown	Browse	192.229.221.95
	zWkO4hyEk4.exe	Get hash	malicious	Unknown	Browse	192.229.221.95

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://mee6.xyz	Get hash	malicious	Unknown	Browse	172.66.0.227
	g8ix97hz.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	162.159.61.3
	https://usemployee-hrdbenefits.com	Get hash	malicious	Unknown	Browse	104.16.123.96
	file.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RHADAMANTHYS, zgRAT	Browse	172.67.131.246
	https://em.navan.com/MDM3LUlLWi04NzEAAAGXecU3IyvXka_yOfm1UXs3oOmq7mq-S6uBgGscrsY0kWMgpLalbadmEIYbTEXYqyKQHEXyRQM=	Get hash	malicious	Unknown	Browse	104.16.79.73
	A file has been sent to you via DROPBOX.pdf	Get hash	malicious	Unknown	Browse	104.17.25.14
	https://usps.com-parcelbvxce.vip/i/	Get hash	malicious	Unknown	Browse	104.21.4.80
	http://golden1-alert.net/online	Get hash	malicious	Unknown	Browse	104.17.25.14

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	List of required items and services.pdf.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	172.67.75.163
	g8ix97hz.vbs	Get hash	malicious	GuLoader, RHADAMANTHYS	Browse	172.67.75.163
	Setup.msi	Get hash	malicious	Unknown	Browse	172.67.75.163
	InstallSetup.exe	Get hash	malicious	LummaC	Browse	172.67.75.163
	T2dvU8f2xg.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	PAYMENT SWIFT AND SOA TT07180016-24_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	172.67.75.163
	z68scancopy.vbs	Get hash	malicious	FormBook	Browse	172.67.75.163
	oiBxz37xUo.dll	Get hash	malicious	Unknown	Browse	172.67.75.163

Process:	C:\Users\user\Desktop\solara-executor.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.406851198109578
Encrypted:	false
SSDEEP:	3:YMb1gXME2OMfQxaNmGGL4:YMeX32uxaNmRL4
MD5:	720F698997A1D19594ED650E32E02974
SHA1:	A4F89E711434820EAA2250F0421904468ED9D13F
SHA-256:	0949A3EF0FE90F28780ADDE31202E2DC9C5FA57123355DF9C9FAA89A6EECCC04
SHA-512:	32D94C8297E64041F851F62D168A7AB8418ABEFB97B1AD0B33D2D801DDF204AF2228D29470AEF18F3A9309FF3E9A8C78CC657D7D5DFC40F70F27EE34100812FA
Malicious:	false
Reputation:	low
Preview:	{"ip":"8.46.123.189","country":"United States","cc":"US"}

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.941670398228598
TrID:	Win64 Executable GUI (202006/5) 93.51% Win64 Executable (generic) (12005/4) 5.56% DOS Executable Generic (2002/1) 0.93% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	solara-executor.exe
File size:	1'248'295 bytes
MD5:	6107673fe6de87ac938d8d45ceee771b
SHA1:	0ebf97d44da9ce419102f2407e4b92ccc75677dd
SHA256:	1d820e33b6818f08161dbd3766b37e971b7531ee018dee1eb21822edb1eaa545
SHA512:	798affa3cabc3537d226ebdffa458309b0fa81a21939990eebdf121971e870d70d96f8b75ff6746b5d397e28015beb81f8af35df51f10adbf91c378d4dce74d2
SSDEEP:	24576:PDnqyaenIySWhuUSC/i/dH9ONOznpY4sEkm30TEhibtyuk5mj5dRvgRnFpt:PGy5LSwUdbznqfEZ3RGN2Fpt
TLSH:	DE45122BB7E46771D934D473CB9BC71AB330A262D0768B5B05C28B1F665A00A774BF18
File Content Preview:	MZ......................@.2.92.UPX!._0x001818c..........................!..L.!This program cannot be run in DOS mode....$.......4=..p\..p\..p\..y$P.`\..`...v\..`...r\..`...y\..`...n\..;$..`\..W...s\..p\...\..;...x\..;.<.q\..;...q\..Richp\.................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x140631280
Entrypoint Section:	bbbb
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6761A24F [Tue Dec 17 16:09:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	b20f1daac672151d282f9ffd530ca36b

Entrypoint Preview

Instruction
push ebx
push esi
push edi
push ebp
dec eax
lea esi, dword ptr [FFEDFD75h]
dec eax
lea edi, dword ptr [esi-00510000h]
push edi
mov eax, 0062FDCFh
push eax
dec eax
mov ecx, esp
dec eax
mov edx, edi
dec eax
mov edi, esi
mov esi, 00120274h
push ebp
dec eax
mov ebp, esp
inc esp
mov ecx, dword ptr [ecx]
dec ecx
mov eax, edx
dec eax
mov edx, esi
dec eax
lea esi, dword ptr [edi+02h]
push esi
mov al, byte ptr [edi]
dec edx
mov cl, al
and al, 07h
shr cl, 00000003h
dec eax
mov ebx, FFFFFD00h
dec eax
shl ebx, cl
mov cl, al
dec eax
lea ebx, dword ptr [esp+ebx*2-00000E78h]
dec eax
and ebx, FFFFFFC0h
push 00000000h
dec eax
cmp esp, ebx
jne 00007FE4B148D8CBh
push ebx
dec eax
lea edi, dword ptr [ebx+08h]
mov cl, byte ptr [esi-01h]
dec edx
mov byte ptr [edi+02h], al
mov al, cl
shr cl, 00000004h
mov byte ptr [edi+01h], cl
and al, 0Fh
mov byte ptr [edi], al
dec eax
lea ecx, dword ptr [edi-04h]
push eax
inc ecx
push edi
dec eax
lea eax, dword ptr [edi+04h]
inc ebp
xor edi, edi
inc ecx
push esi
inc ecx
mov esi, 00000001h
inc ecx
push ebp
inc ebp
xor ebp, ebp
inc ecx
push esp
push ebp
push ebx
dec eax
sub esp, 48h
dec eax
mov dword ptr [esp+38h], ecx
dec eax
mov dword ptr [esp+20h], eax
mov eax, 00000001h
dec eax
mov dword ptr [esp+40h], esi
dec esp
mov dword ptr [esp+30h], eax
mov ebx, eax
inc esp
mov dword ptr [esp+2Ch], ecx
movzx ecx, byte ptr [edi+02h]
shl ebx, cl
mov ecx, ebx

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729
[IMP] VS2005 build 50727

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6411b0	0x504	bNbF
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x632000	0xf1b0	bNbF
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x322000	0x4410	"/hR
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6416b4	0x20	bNbF
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x631e60	0x28	bbbb
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x631e90	0x140	bbbb
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
"/hR	0x1000	0x510000	0x0	d41d8cd98f00b204e9800998ecf8427e	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bbbb	0x511000	0x121000	0x121000	fb76c604981fcb6c4067a2c5117730c7	False	0.9988679984861591	data	7.999761627141752	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bNbF	0x632000	0x10000	0xf800	0c5ce6f0a1e32589f6d634730baa9e50	False	0.2612462197580645	data	3.9453169926813554	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
None	0x640ff4	0x2e	data			1.108695652173913
RT_RCDATA	0x336020	0x3201	empty			0
RT_RCDATA	0x339224	0x3201	empty			0
RT_RCDATA	0x33c428	0x3201	empty			0
RT_RCDATA	0x33f62c	0x3201	empty			0
RT_RCDATA	0x342830	0x3201	empty			0
RT_RCDATA	0x345a34	0x3201	empty			0
RT_RCDATA	0x348c38	0x3201	empty			0
RT_RCDATA	0x34be3c	0x3201	empty			0
RT_RCDATA	0x34f040	0x3201	empty			0
RT_RCDATA	0x352244	0x3201	empty			0
RT_RCDATA	0x355448	0x3201	empty			0
RT_RCDATA	0x35864c	0x3201	empty			0
RT_RCDATA	0x35b850	0x3201	empty			0
RT_RCDATA	0x35ea54	0x3201	empty			0
RT_RCDATA	0x361c58	0x3201	empty			0
RT_RCDATA	0x364e5c	0x3201	empty			0
RT_RCDATA	0x368060	0x3201	empty			0
RT_RCDATA	0x36b264	0x3201	empty			0
RT_RCDATA	0x36e468	0x3201	empty			0
RT_RCDATA	0x37166c	0x3201	empty			0
RT_RCDATA	0x374870	0x3201	empty			0
RT_RCDATA	0x377a74	0x3201	empty			0
RT_RCDATA	0x37ac78	0x3201	empty			0
RT_RCDATA	0x37de7c	0x3201	empty			0
RT_RCDATA	0x381080	0x3201	empty			0
RT_RCDATA	0x384284	0x3201	empty			0
RT_RCDATA	0x387488	0x3201	empty			0
RT_RCDATA	0x38a68c	0x3201	empty			0
RT_RCDATA	0x38d890	0x76	empty			0
RT_RCDATA	0x38d908	0x22	empty			0
RT_RCDATA	0x38d92c	0x3201	empty			0
RT_RCDATA	0x390b30	0x3201	empty			0
RT_RCDATA	0x393d34	0x3201	empty			0
RT_RCDATA	0x396f38	0x3201	empty			0
RT_RCDATA	0x39a13c	0x3201	empty			0
RT_RCDATA	0x39d340	0x796	empty			0
RT_RCDATA	0x39dad8	0xf	empty			0
RT_RCDATA	0x39dae8	0x3201	empty			0
RT_RCDATA	0x3a0cec	0x3201	empty			0
RT_RCDATA	0x3a3ef0	0xedcf4	empty			0
RT_RCDATA	0x491be4	0x3201	empty			0
RT_RCDATA	0x494de8	0x9418	empty			0
RT_RCDATA	0x49e200	0x3201	empty			0
RT_RCDATA	0x4a1404	0x3201	empty			0
RT_RCDATA	0x4a4608	0x55	empty			0
RT_RCDATA	0x4a4660	0x3201	empty			0
RT_RCDATA	0x4a7864	0x3201	empty			0
RT_RCDATA	0x4aaa68	0x3201	empty			0
RT_RCDATA	0x4adc6c	0x3201	empty			0
RT_RCDATA	0x4b0e70	0x3201	empty			0
RT_RCDATA	0x4b4074	0x3201	empty			0
RT_RCDATA	0x4b7278	0x9e	empty			0
RT_RCDATA	0x4b7318	0x1f2	empty			0
RT_RCDATA	0x4b750c	0x3201	empty			0
RT_RCDATA	0x4ba710	0x3201	empty			0
RT_RCDATA	0x4bd914	0x3201	empty			0
RT_RCDATA	0x4c0b18	0x3201	empty			0
RT_RCDATA	0x4c3d1c	0x7d	empty			0
RT_RCDATA	0x4c3d9c	0x7d	empty			0
RT_RCDATA	0x4c3e1c	0x7d	empty			0
RT_RCDATA	0x4c3e9c	0x7d	empty			0
RT_RCDATA	0x4c3f1c	0x7d	empty			0
RT_RCDATA	0x4c3f9c	0x7d	empty			0
RT_RCDATA	0x4c401c	0x7d	empty			0
RT_RCDATA	0x4c409c	0x7d	empty			0
RT_RCDATA	0x4c411c	0x7d	empty			0
RT_RCDATA	0x4c419c	0x7d	empty			0
RT_RCDATA	0x4c421c	0x7d	empty			0
RT_RCDATA	0x4c429c	0x7d	empty			0
RT_RCDATA	0x4c431c	0x7d	empty			0
RT_RCDATA	0x4c439c	0x7d	empty			0
RT_RCDATA	0x4c441c	0x7d	empty			0
RT_RCDATA	0x4c449c	0x7d	empty			0
RT_RCDATA	0x4c451c	0x7d	empty			0
RT_RCDATA	0x4c459c	0x7d	empty			0
RT_RCDATA	0x4c461c	0x3201	empty			0
RT_RCDATA	0x4c7820	0x3201	empty			0
RT_RCDATA	0x4caa24	0x3201	empty			0
RT_RCDATA	0x4cdc28	0x3201	empty			0
RT_RCDATA	0x4d0e2c	0x3201	empty			0
RT_RCDATA	0x4d4030	0x3201	empty			0
RT_RCDATA	0x4d7234	0x3201	empty			0
RT_RCDATA	0x4da438	0x3201	empty			0
RT_RCDATA	0x4dd63c	0x3201	empty			0
RT_RCDATA	0x4e0840	0x3201	empty			0
RT_RCDATA	0x4e3a44	0x3201	empty			0
RT_RCDATA	0x4e6c48	0x3201	empty			0
RT_RCDATA	0x4e9e4c	0x3201	empty			0
RT_RCDATA	0x4ed050	0x3201	empty			0
RT_RCDATA	0x4f0254	0x3201	empty			0
RT_RCDATA	0x4f3458	0x3201	empty			0
RT_RCDATA	0x4f665c	0x3201	empty			0
RT_RCDATA	0x4f9860	0x3201	empty			0
RT_RCDATA	0x4fca64	0x3201	empty			0
RT_RCDATA	0x4ffc68	0x3201	empty			0
RT_RCDATA	0x502e6c	0x3201	empty			0
RT_RCDATA	0x506070	0x3201	empty			0
RT_RCDATA	0x509274	0x3201	empty			0
RT_RCDATA	0x50c478	0x3201	empty			0
RT_RCDATA	0x50f67c	0x3201	empty			0
RT_RCDATA	0x512880	0x3201	data			1.0008593078665728
RT_RCDATA	0x515a84	0x3201	data			1.0008593078665728
RT_RCDATA	0x518c88	0x3201	data			1.0008593078665728
RT_RCDATA	0x51be8c	0x3201	data			1.0008593078665728
RT_RCDATA	0x51f090	0x3201	data			1.0008593078665728
RT_RCDATA	0x522294	0x3201	data			1.0008593078665728
RT_RCDATA	0x525498	0x3201	data			1.0008593078665728
RT_RCDATA	0x52869c	0x3201	data			1.0008593078665728
RT_RCDATA	0x52b8a0	0x3201	data			1.0008593078665728
RT_RCDATA	0x52eaa4	0x3201	data			1.0008593078665728
RT_RCDATA	0x531ca8	0x3201	data			1.0008593078665728
RT_RCDATA	0x534eac	0x3201	data			1.0008593078665728
RT_RCDATA	0x5380b0	0x3201	data			1.0008593078665728
RT_RCDATA	0x53b2b4	0x3201	data			1.0008593078665728
RT_RCDATA	0x53e4b8	0x3201	OpenPGP Public Key			1.0008593078665728
RT_RCDATA	0x5416bc	0x3201	data			1.0008593078665728
RT_RCDATA	0x5448c0	0x3201	data			1.0008593078665728
RT_RCDATA	0x547ac4	0x3201	data			1.0008593078665728
RT_RCDATA	0x54acc8	0x3201	data			1.0008593078665728
RT_RCDATA	0x54decc	0x3201	data			1.0008593078665728
RT_RCDATA	0x5510d0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5542d4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5574d8	0x3201	data			1.0008593078665728
RT_RCDATA	0x55a6dc	0x3201	data			1.0008593078665728
RT_RCDATA	0x55d8e0	0x3201	data			1.0008593078665728
RT_RCDATA	0x560ae4	0x3201	data			1.0008593078665728
RT_RCDATA	0x563ce8	0x3201	data			1.0008593078665728
RT_RCDATA	0x566eec	0x3201	data			1.0008593078665728
RT_RCDATA	0x56a0f0	0x3201	SysEx File -			1.0008593078665728
RT_RCDATA	0x56d2f4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5704f8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5736fc	0x3201	data			1.0008593078665728
RT_RCDATA	0x576900	0x3201	data			1.0008593078665728
RT_RCDATA	0x579b04	0x3201	data			1.0008593078665728
RT_RCDATA	0x57cd08	0x3201	data			1.0008593078665728
RT_RCDATA	0x57ff0c	0x3201	data			1.0008593078665728
RT_RCDATA	0x583110	0x3201	data			1.0008593078665728
RT_RCDATA	0x586314	0x3201	data			1.0008593078665728
RT_RCDATA	0x589518	0x3201	data			1.0008593078665728
RT_RCDATA	0x58c71c	0x3201	data			1.0008593078665728
RT_RCDATA	0x58f920	0x3201	data			1.0008593078665728
RT_RCDATA	0x592b24	0x3201	data			1.0008593078665728
RT_RCDATA	0x595d28	0x3201	data			1.0008593078665728
RT_RCDATA	0x598f2c	0x3201	data			1.0008593078665728
RT_RCDATA	0x59c130	0x3201	data			1.0008593078665728
RT_RCDATA	0x59f334	0x3201	data			1.0008593078665728
RT_RCDATA	0x5a2538	0x3201	OpenPGP Public Key			1.0008593078665728
RT_RCDATA	0x5a573c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5a8940	0x3201	data			1.0008593078665728
RT_RCDATA	0x5abb44	0x3201	data			1.0008593078665728
RT_RCDATA	0x5aed48	0x3201	data			1.0008593078665728
RT_RCDATA	0x5b1f4c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5b5150	0x3201	OpenPGP Public Key			1.0008593078665728
RT_RCDATA	0x5b8354	0x3201	data			1.0008593078665728
RT_RCDATA	0x5bb558	0x3201	data			1.0008593078665728
RT_RCDATA	0x5be75c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c1960	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c4b64	0x3201	data			1.0008593078665728
RT_RCDATA	0x5c7d68	0x3201	data			1.0008593078665728
RT_RCDATA	0x5caf6c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5ce170	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d1374	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d4578	0x3201	data			1.0008593078665728
RT_RCDATA	0x5d777c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5da980	0x3201	data			1.0008593078665728
RT_RCDATA	0x5ddb84	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e0d88	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e3f8c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5e7190	0x3201	data			1.0008593078665728
RT_RCDATA	0x5ea394	0x3201	data			1.0008593078665728
RT_RCDATA	0x5ed598	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f079c	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f39a0	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f6ba4	0x3201	data			1.0008593078665728
RT_RCDATA	0x5f9da8	0x3201	data			1.0008593078665728
RT_RCDATA	0x5fcfac	0x3201	data			1.0008593078665728
RT_RCDATA	0x6001b0	0x3201	data			1.0008593078665728
RT_RCDATA	0x6033b4	0x3201	data			1.0008593078665728
RT_RCDATA	0x6065b8	0x3201	data			1.0008593078665728
RT_RCDATA	0x6097bc	0x3201	data			1.0008593078665728
RT_RCDATA	0x60c9c0	0x3201	data			1.0008593078665728
RT_RCDATA	0x60fbc4	0x3201	data			1.0008593078665728
RT_RCDATA	0x612dc8	0x3201	data			1.0008593078665728
RT_RCDATA	0x615fcc	0x3201	data			1.0008593078665728
RT_RCDATA	0x6191d0	0x3201	data			1.0008593078665728
RT_RCDATA	0x61c3d4	0x3201	data			1.0008593078665728
RT_RCDATA	0x61f5d8	0x3201	data			1.0008593078665728
RT_RCDATA	0x6227dc	0x3201	data			1.0008593078665728
RT_RCDATA	0x6259e0	0x3201	data			1.0008593078665728
RT_MANIFEST	0x641028	0x2	data			5.0
RT_MANIFEST	0x641030	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727
None	0x628d68	0x102	data			1.0426356589147288
None	0x628e6c	0xda	data			1.0504587155963303
None	0x628f48	0xba	data			1.0591397849462365
None	0x629004	0x12a	data			1.0369127516778522
None	0x629130	0x16e	data			1.030054644808743
None	0x6292a0	0x16c	data			1.0302197802197801
None	0x62940c	0xfa	data			1.044
None	0x629508	0x11a	data			1.0390070921985815
None	0x629624	0x178	data			1.0292553191489362
None	0x62979c	0xe0	data			1.0491071428571428
None	0x62987c	0xbc	data			1.0585106382978724
None	0x629938	0x124	data			1.0376712328767124
None	0x629a5c	0xb0	data			1.0625
None	0x629b0c	0xa6	data			1.0662650602409638
None	0x629bb4	0x7e	data			1.0873015873015872
None	0x629c34	0xd6	data			1.0514018691588785
None	0x629d0c	0xe6	data			1.0478260869565217
None	0x629df4	0xea	data			1.047008547008547
None	0x629ee0	0xca	data			1.0544554455445545
None	0x629fac	0xde	data			1.0495495495495495
None	0x62a08c	0x98	data			1.0723684210526316
None	0x62a124	0xe4	data			1.0482456140350878
None	0x62a208	0xc2	data			1.056701030927835
None	0x62a2cc	0xbe	data			1.0578947368421052
None	0x62a38c	0x11a	data			1.0390070921985815
None	0x62a4a8	0xa8	data			1.0654761904761905
None	0x62a550	0xda	data			1.0504587155963303
None	0x62a62c	0xa2	data			1.0679012345679013
None	0x62a6d0	0xea	data			1.047008547008547
None	0x62a7bc	0x88	data			1.0808823529411764
None	0x62a844	0xd8	data			1.0509259259259258
None	0x62a91c	0x152	data			1.032544378698225
None	0x62aa70	0x134	data			1.0357142857142858
None	0x62aba4	0xec	data			1.0466101694915255
None	0x62ac90	0x120	data			1.0381944444444444
None	0x62adb0	0x116	data			1.039568345323741
None	0x62aec8	0x7e	data			1.0873015873015872
None	0x62af48	0xf2	data			1.0454545454545454
None	0x62b03c	0x106	data			1.0419847328244274
None	0x62b144	0xdc	data			1.05
None	0x62b220	0xde	OpenPGP Secret Key			1.0495495495495495
None	0x62b300	0x152	data			1.032544378698225
None	0x62b454	0x154	data			1.0323529411764707
None	0x62b5a8	0xe4	data			1.0482456140350878
None	0x62b68c	0xc0	OpenPGP Secret Key			1.0572916666666667
None	0x62b74c	0xac	data			1.063953488372093
None	0x62b7f8	0xf2	data			1.0454545454545454
None	0x62b8ec	0xdc	data			1.05
None	0x62b9c8	0x126	data			1.0374149659863945
None	0x62baf0	0x9c	data			1.0705128205128205
None	0x62bb8c	0x8a	data			1.0797101449275361
None	0x62bc18	0x15a	data			1.0317919075144508
None	0x62bd74	0xf8	data			1.0443548387096775
None	0x62be6c	0xe2	data			1.0486725663716814
None	0x62bf50	0x5a	data			1.1222222222222222
None	0x62bfac	0x106	data			1.0419847328244274
None	0x62c0b4	0xc8	data			1.055
None	0x62c17c	0xcc	data			1.053921568627451
None	0x62c248	0xd6	data			1.0514018691588785
None	0x62c320	0x144	data			1.0339506172839505
None	0x62c464	0x138	data			1.0352564102564104
None	0x62c59c	0xf8	data			1.0443548387096775
None	0x62c694	0xe2	data			1.0486725663716814
None	0x62c778	0xd6	data			1.0514018691588785
None	0x62c850	0x140	data			1.034375
None	0x62c990	0x88	data			1.0808823529411764
None	0x62ca18	0x10c	data			1.041044776119403
None	0x62cb24	0x9a	data			1.0714285714285714
None	0x62cbc0	0x88	data			1.0808823529411764
None	0x62cc48	0xc4	data			1.0561224489795917
None	0x62cd0c	0xbc	data			1.0585106382978724
None	0x62cdc8	0xa2	data			1.0679012345679013
None	0x62ce6c	0x100	OpenPGP Secret Key			1.04296875
None	0x62cf6c	0x100	data			1.04296875
None	0x62d06c	0x126	data			1.0374149659863945
None	0x62d194	0x100	data			1.04296875
None	0x62d294	0x80	data			1.0859375
None	0x62d314	0xee	data			1.046218487394958
None	0x62d404	0x9e	data			1.0696202531645569
None	0x62d4a4	0x94	data			1.0743243243243243
None	0x62d538	0xf8	OpenPGP Public Key			1.0443548387096775
None	0x62d630	0xe0	data			1.0491071428571428
None	0x62d710	0x100	data			1.04296875
None	0x62d810	0x8a	data			1.0797101449275361
None	0x62d89c	0x5a	data			1.1222222222222222
None	0x62d8f8	0x100	data			1.04296875
None	0x62d9f8	0xac	data			1.063953488372093
None	0x62daa4	0x144	data			1.0339506172839505
None	0x62dbe8	0x14e	data			1.032934131736527
None	0x62dd38	0xa4	data			1.0670731707317074
None	0x62dddc	0xd0	data			1.0528846153846154
None	0x62deac	0xf8	data			1.0443548387096775
None	0x62dfa4	0x15a	data			1.0317919075144508
None	0x62e100	0xb2	data			1.0617977528089888
None	0x62e1b4	0xf2	data			1.0454545454545454
None	0x62e2a8	0xbc	data			1.0585106382978724
None	0x62e364	0xc2	data			1.056701030927835
None	0x62e428	0xe8	data			1.0474137931034482
None	0x62e510	0x164	data			1.0308988764044944
None	0x62e674	0x98	data			1.0723684210526316
None	0x62e70c	0xf4	OpenPGP Public Key			1.0450819672131149
None	0x62e800	0x158	data			1.0319767441860466
None	0x62e958	0xe0	data			1.0491071428571428
None	0x62ea38	0x82	data			1.0846153846153845
None	0x62eabc	0x126	data			1.0374149659863945

Imports

DLL	Import
ADVAPI32.dll	RegOpenKeyExA
api-ms-win-crt-heap-l1-1-0.dll	free
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale
api-ms-win-crt-math-l1-1-0.dll	cosf
api-ms-win-crt-runtime-l1-1-0.dll	exit
api-ms-win-crt-stdio-l1-1-0.dll	fseek
api-ms-win-crt-string-l1-1-0.dll	strcmp
api-ms-win-crt-utility-l1-1-0.dll	qsort
d3d9.dll	Direct3DCreate9
IMM32.dll	ImmGetContext
kErneL32.DlL	LoadLibraryA, DeleteAtom, GetProcAddress, VirtualProtect
MSVCP140.dll	_Query_perf_counter
olE32.dll	CoTaskMemFree
SHELL32.dll	ShellExecuteA
USER32.dll	SetCursor
VCRUNTIME140.dll	memset
VCRUNTIME140_1.dll	__CxxFrameHandler4

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-18T19:37:15.832886+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.6	49714	172.67.75.163	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 19:37:13.628911018 CET	49714	443	192.168.2.6	172.67.75.163
Dec 18, 2024 19:37:13.628950119 CET	443	49714	172.67.75.163	192.168.2.6
Dec 18, 2024 19:37:13.629035950 CET	49714	443	192.168.2.6	172.67.75.163
Dec 18, 2024 19:37:13.642235041 CET	49714	443	192.168.2.6	172.67.75.163
Dec 18, 2024 19:37:13.642246962 CET	443	49714	172.67.75.163	192.168.2.6
Dec 18, 2024 19:37:14.875044107 CET	443	49714	172.67.75.163	192.168.2.6
Dec 18, 2024 19:37:14.877188921 CET	49714	443	192.168.2.6	172.67.75.163
Dec 18, 2024 19:37:15.349327087 CET	49714	443	192.168.2.6	172.67.75.163
Dec 18, 2024 19:37:15.349348068 CET	443	49714	172.67.75.163	192.168.2.6
Dec 18, 2024 19:37:15.349687099 CET	443	49714	172.67.75.163	192.168.2.6
Dec 18, 2024 19:37:15.349746943 CET	49714	443	192.168.2.6	172.67.75.163
Dec 18, 2024 19:37:15.364975929 CET	49714	443	192.168.2.6	172.67.75.163
Dec 18, 2024 19:37:15.411345005 CET	443	49714	172.67.75.163	192.168.2.6
Dec 18, 2024 19:37:15.832880020 CET	443	49714	172.67.75.163	192.168.2.6
Dec 18, 2024 19:37:15.832948923 CET	49714	443	192.168.2.6	172.67.75.163
Dec 18, 2024 19:37:15.832968950 CET	443	49714	172.67.75.163	192.168.2.6
Dec 18, 2024 19:37:15.832988977 CET	443	49714	172.67.75.163	192.168.2.6
Dec 18, 2024 19:37:15.833010912 CET	49714	443	192.168.2.6	172.67.75.163
Dec 18, 2024 19:37:15.833034039 CET	49714	443	192.168.2.6	172.67.75.163
Dec 18, 2024 19:37:15.834861040 CET	49714	443	192.168.2.6	172.67.75.163
Dec 18, 2024 19:37:15.834884882 CET	443	49714	172.67.75.163	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 18, 2024 19:37:13.482150078 CET	57797	53	192.168.2.6	1.1.1.1
Dec 18, 2024 19:37:13.622361898 CET	53	57797	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 18, 2024 19:37:13.482150078 CET	192.168.2.6	1.1.1.1	0x4496	Standard query (0)	api.myip.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 18, 2024 19:37:09.661267042 CET	1.1.1.1	192.168.2.6	0x25ae	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 18, 2024 19:37:09.661267042 CET	1.1.1.1	192.168.2.6	0x25ae	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Dec 18, 2024 19:37:13.622361898 CET	1.1.1.1	192.168.2.6	0x4496	No error (0)	api.myip.com		172.67.75.163	A (IP address)	IN (0x0001)	false
Dec 18, 2024 19:37:13.622361898 CET	1.1.1.1	192.168.2.6	0x4496	No error (0)	api.myip.com		104.26.9.59	A (IP address)	IN (0x0001)	false
Dec 18, 2024 19:37:13.622361898 CET	1.1.1.1	192.168.2.6	0x4496	No error (0)	api.myip.com		104.26.8.59	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.myip.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49714	172.67.75.163	443	7316	C:\Users\user\Desktop\solara-executor.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-18 18:37:15 UTC	182	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43 Host: api.myip.com
2024-12-18 18:37:15 UTC	778	IN	HTTP/1.1 200 OK Date: Wed, 18 Dec 2024 18:37:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding cf-cache-status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Koq5Uo3GRzsjwrxdV03B3gqHetFLSmdq26EwM4Rbrcoyrg1HHyFZAnF5ojWTWk6jTtZjU30QzKJT%2Bf7AMpMIQ1keRcmQUS83ifh%2BGX%2F9WX62KfK4sSeS4AKG7kgtmA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f41435c3a31729f-EWR server-timing: cfL4;desc="?proto=TCP&rtt=2027&min_rtt=2020&rtt_var=771&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2817&recv_bytes=820&delivery_rate=1405873&cwnd=169&unsent_bytes=0&cid=a320fb49e9069f24&ts=971&x=0"
2024-12-18 18:37:15 UTC	63	IN	Data Raw: 33 39 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a Data Ascii: 39{"ip":"8.46.123.189","country":"United States","cc":"US"}
2024-12-18 18:37:15 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	13:37:12
Start date:	18/12/2024
Path:	C:\Users\user\Desktop\solara-executor.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\solara-executor.exe"
Imagebase:	0x7ff6341b0000
File size:	1'248'295 bytes
MD5 hash:	6107673FE6DE87AC938D8D45CEEE771B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	3.2%
Dynamic/Decrypted Code Coverage:	34.5%
Signature Coverage:	28.3%
Total number of Nodes:	950
Total number of Limit Nodes:	44

Executed Functions

Function 00007FF634204720 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 892
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SHBrowseForFolder.SHELL32 ref: 00007FF634204B10
SHGetPathFromIDList.SHELL32 ref: 00007FF634204B3D
CoTaskMemFree.OLE32 ref: 00007FF634204C11

Part of subcall function 00007FF634203AD0: CreateFileA.KERNEL32 ref: 00007FF634203B29
Part of subcall function 00007FF634203AD0: CloseHandle.KERNEL32 ref: 00007FF634203B41

RemoveDirectoryA.KERNEL32 ref: 00007FF634205289
CreateDirectoryA.KERNEL32 ref: 00007FF634205299
MessageBoxA.USER32 ref: 00007FF6342052BE
ExitProcess.KERNEL32 ref: 00007FF634205A35

Strings

continue, xrefs: 00007FF634205A0F
Install, xrefs: 00007FF63420526B
Failed to create setup directory, xrefs: 00007FF6342052B0
C:\Users\user\Desktop\solara-executor, xrefs: 00007FF634204B4B, 00007FF634204B5E, 00007FF634204B7A, 00007FF634204BD2, 00007FF6342051C4, 00007FF634205282, 00007FF634205292
P, xrefs: 00007FF634204AFD
f, xrefs: 00007FF6342047FE
Solara, xrefs: 00007FF634204C22, 00007FF634205391
installation..., xrefs: 00007FF634205885
Fail, xrefs: 00007FF6342052A9
solara-executor, xrefs: 00007FF634204BB3
..., xrefs: 00007FF634204AB4
destinatinal folder, xrefs: 00007FF63420515C
choose install folder, xrefs: 00007FF634204AEE
Loader, xrefs: 00007FF634204C4E, 00007FF6342053BD

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: CreateDirectory$BrowseCloseExitFileFolderFreeFromHandleListMessagePathProcessRemoveTask
String ID: Loader$...$C:\Users\user\Desktop\solara-executor$Fail$Failed to create setup directory$Install$P$Solara$choose install folder$continue$destinatinal folder$f$installation...$solara-executor
API String ID: 380753353-2219470131
Opcode ID: 8d7d44eaddbc20831c6762e85175d0632f03872633d4611175878a45b0127301
Instruction ID: e56570930b2b94378d369c7c8dd2997253375cdd7816b54ffae65da06993dfab
Opcode Fuzzy Hash: 8d7d44eaddbc20831c6762e85175d0632f03872633d4611175878a45b0127301
Instruction Fuzzy Hash: 3BA21E3191DA8685E660DB22E5D13BAF360FF89340F404635EA8DE77A6DF3DE144AB40

Function 00007FF6341FF7A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

QueryPerformanceFrequency.KERNEL32 ref: 00007FF6341FF803
QueryPerformanceCounter.KERNEL32 ref: 00007FF6341FF819
GetKeyboardLayout.USER32 ref: 00007FF6341FF910
GetLocaleInfoA.KERNEL32 ref: 00007FF6341FF92C
LoadLibraryA.KERNEL32 ref: 00007FF6341FF9C5
GetProcAddress.KERNEL32 ref: 00007FF6341FF9FD
GetProcAddress.KERNEL32 ref: 00007FF6341FFA11

Strings

xinput1_1.dll, xrefs: 00007FF6341FF9A7
i >= 0 && i < Size, xrefs: 00007FF6341FF955
XInputGetCapabilities, xrefs: 00007FF6341FF9EF
xinput1_2.dll, xrefs: 00007FF6341FF99B
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341FF7BC
C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF6341FF7E7
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341FF94E
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF6341FF7C3
xinput9_1_0.dll, xrefs: 00007FF6341FF98F
io.BackendPlatformUserData == nullptr && "Already initialized a platform backend!", xrefs: 00007FF6341FF7EE
xinput1_3.dll, xrefs: 00007FF6341FF983
xinput1_4.dll, xrefs: 00007FF6341FF977
imgui_impl_win32, xrefs: 00007FF6341FF8D0
XInputGetState, xrefs: 00007FF6341FFA03

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: AddressPerformanceProcQuery$CounterFrequencyInfoKeyboardLayoutLibraryLoadLocale
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$XInputGetCapabilities$XInputGetState$i >= 0 && i < Size$imgui_impl_win32$io.BackendPlatformUserData == nullptr && "Already initialized a platform backend!"$xinput1_1.dll$xinput1_2.dll$xinput1_3.dll$xinput1_4.dll$xinput9_1_0.dll
API String ID: 2839060773-805143068
Opcode ID: b7794f76b813ba0ffa93ba3e4a0341deb698b7340ee9810f303d84f49f8841cb
Instruction ID: d3a78e764d841ced8169ab6c8f821934463dba856a0fed8547ff446ef1d8ed65
Opcode Fuzzy Hash: b7794f76b813ba0ffa93ba3e4a0341deb698b7340ee9810f303d84f49f8841cb
Instruction Fuzzy Hash: CD716D32A19F86C6E7148F15FA902A9B3A5FB48784F444236CA8DD3B64EF7DE095D700

Function 00007FF634200330 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182
keyboardCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClientRect.USER32 ref: 00007FF6342003B0
QueryPerformanceCounter.KERNEL32 ref: 00007FF6342003EC
GetForegroundWindow.USER32 ref: 00007FF634200445
ClientToScreen.USER32 ref: 00007FF63420047D
SetCursorPos.USER32 ref: 00007FF63420048F
GetCursorPos.USER32 ref: 00007FF6342004A9
ScreenToClient.USER32 ref: 00007FF6342004BB
GetKeyState.USER32 ref: 00007FF6342004FD
GetKeyState.USER32 ref: 00007FF634200544
GetKeyState.USER32 ref: 00007FF63420058B
GetKeyState.USER32 ref: 00007FF6342005D2

Strings

C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF63420035A, 00007FF634200431
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF634200387
bd->hWnd != 0, xrefs: 00007FF634200438
bd != nullptr && "Context or backend not initialized? Did you call ImGui_ImplWin32_Init()?", xrefs: 00007FF634200361
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF634200380

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: State$Client$CursorScreen$CounterForegroundPerformanceQueryRectWindow
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "Context or backend not initialized? Did you call ImGui_ImplWin32_Init()?"$bd->hWnd != 0
API String ID: 1576454153-990843061
Opcode ID: b9b1333f0241c167bb0d36fc47031ea75db285839677a006f3658dc029a391cc
Instruction ID: 4470b959499319dd7980e4091266cbfd99577bcc859d899a67daac52c4f2eaa5
Opcode Fuzzy Hash: b9b1333f0241c167bb0d36fc47031ea75db285839677a006f3658dc029a391cc
Instruction Fuzzy Hash: C091B122E0868686FB21CB25E694379E7E1FF86784F084131D94DE7796CF6DE484DB00

Function 00007FF634203F90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtdllDefWindowProc_A.NTDLL ref: 00007FF6342041D0

Strings

E, xrefs: 00007FF634204176

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: NtdllProc_Window
String ID: E
API String ID: 4255912815-3568589458
Opcode ID: 60b10af7e7726b57b2a11d93ff49d429ce7ba957dc1b0bd3a5e91d316a4ed560
Instruction ID: d469adc5bfedc44801262ae5c9e6e31f872813f1dc98603977ff90cfae4c0fb5
Opcode Fuzzy Hash: 60b10af7e7726b57b2a11d93ff49d429ce7ba957dc1b0bd3a5e91d316a4ed560
Instruction Fuzzy Hash: 70514F31A0C6968AE7648B14E59437AF2E1EB86791F104135EA8DD3B99DF3ED484EB00

Function 000001984C01F46A Relevance: 8.0, APIs: 5, Instructions: 519
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C01F47B
FindFirstFileA.KERNEL32 ref: 000001984C01F48B

Part of subcall function 000001984BFF5180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFF5217

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$FileFindFirst
String ID:
API String ID: 2113789597-0
Opcode ID: 06887e1307c0165ed681ee8080f10d51a9ecc12a7ddf961e6366d459280c14db
Instruction ID: 7bc6abf49cd82ec696fba97ed359d8aed05c41abd8b0fe148b0347d3bdd4ef35
Opcode Fuzzy Hash: 06887e1307c0165ed681ee8080f10d51a9ecc12a7ddf961e6366d459280c14db
Instruction Fuzzy Hash: FD12BE31518B898FE765EB18C4A5BDFB7E5FFD9300F50496EA08EC3192EE3099458B42

Function 00007FF6341FF2F0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341FF57D

Strings

, xrefs: 00007FF6341FF3DD
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF6341FF320
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341FF319

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: $C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"
API String ID: 2168931217-1764846569
Opcode ID: 6e28a316da41b94bf50931ee6c5702acf42ef958fdcde222e39192c421343862
Instruction ID: 01f281e6161b4583992d69b1153b1eb8db21c309880481c27a82d5b8522b817e
Opcode Fuzzy Hash: 6e28a316da41b94bf50931ee6c5702acf42ef958fdcde222e39192c421343862
Instruction Fuzzy Hash: 87916A32705A8586EB10CF26D4903ADBBA5FB89B88F448136DE4E93B64DF78E446D700

Function 000001984BFF6FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000001984BFFA110: char_traits.LIBCPMTD ref: 000001984BFFA13D

std::_Fac_node::_Fac_node.LIBCPMTD ref: 000001984BFF754F
CreateToolhelp32Snapshot.KERNEL32 ref: 000001984BFF75C4
Process32FirstW.KERNEL32 ref: 000001984BFF764B
Process32NextW.KERNEL32 ref: 000001984BFF77AB

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Process32$CreateFac_nodeFac_node::_FirstNextSnapshotToolhelp32char_traitsstd::_
String ID:
API String ID: 4114415025-0
Opcode ID: b447e1fdda4dec36b7a34e48ad19bb37ccf871ec3052bdc89735a2700575b0cd
Instruction ID: 42207b9be169c904b1964cc3023a29b8707d0a4b734dac2a2dbec68e5ee5f4c9
Opcode Fuzzy Hash: b447e1fdda4dec36b7a34e48ad19bb37ccf871ec3052bdc89735a2700575b0cd
Instruction Fuzzy Hash: 6E321D32A18A4D4BE755EB28C4657EFB2E2FF99300F91497BA04EC3292ED31D945CB41

Function 000001984C0B7740 Relevance: 4.7, APIs: 3, Instructions: 164encryptionCOMMON

Download Yara Rule

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C0B77D6
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C0B7854
CryptUnprotectData.CRYPT32 ref: 000001984C0B78AD

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$CryptDataUnprotect
String ID:
API String ID: 3418212865-0
Opcode ID: 4a58d185219048462ed20adef7d46b637afd1ce34fa3cdcfcaa02483a53deee4
Instruction ID: bb94439eb01d25b2732567c185ed832712251f5618272970c81d3e50c77caccf
Opcode Fuzzy Hash: 4a58d185219048462ed20adef7d46b637afd1ce34fa3cdcfcaa02483a53deee4
Instruction Fuzzy Hash: 2F519E70518B898FE7A4EB28C4697EEB7E1FF99301F50492E948DC3261DF749444CB42

Function 00007FF6341FEA60 Relevance: 2.9, Strings: 2, Instructions: 374COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341FECA2, 00007FF6341FEE41, 00007FF6341FEE8F
i >= 0 && i < Size, xrefs: 00007FF6341FECA9, 00007FF6341FEE48, 00007FF6341FEE96

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 0-1817040388
Opcode ID: 56d521ff8339707aadcb59bad46e377d0a037c71524e825469e81c85201c9fb9
Instruction ID: 6ae26529d00a18188626aada7b87ea798b048960457c7b1f15cd7cebfd9d5285
Opcode Fuzzy Hash: 56d521ff8339707aadcb59bad46e377d0a037c71524e825469e81c85201c9fb9
Instruction Fuzzy Hash: 6F027936705B8586DB20CF26D484AAE7BA5FB88B88F068626DF4D87764DF39D445CB00

Function 00007FF6341FFCE0 Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f85459a4f5f85dc817c154eb3d07b0bf51aad233fa7be8da4c6d5771264566b4
Instruction ID: 9726d5a4d782d2b240d3d12e2548d045f102eccea62f3a6474245c2c6a2dcfcd
Opcode Fuzzy Hash: f85459a4f5f85dc817c154eb3d07b0bf51aad233fa7be8da4c6d5771264566b4
Instruction Fuzzy Hash: 74020902E28ABA85F752963555813F9A3C1CF6A384F188732ED59F3BD6DF5DA4829200

Function 00007FF6342026C0 Relevance: 15.5, APIs: 10, Instructions: 516
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF634202818

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: ce6c98c5b26b5447e9699c6d82b08a0c665aec57600c35ced484b5b0925df019
Instruction ID: e0948afcc54f4e57f54adc80002e226e287fadefc8fb4d6d77a25d731273672d
Opcode Fuzzy Hash: ce6c98c5b26b5447e9699c6d82b08a0c665aec57600c35ced484b5b0925df019
Instruction Fuzzy Hash: 5C42B03660ABC585DAB0DB15E5A43ABF3A5FBC8B80F004536DA8D93B69DF3DD4449B00

Function 00007FF6342041E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 00007FF634204221
RegisterClassExA.USER32 ref: 00007FF63420427A
GetSystemMetrics.USER32 ref: 00007FF634204282
GetSystemMetrics.USER32 ref: 00007FF63420429B
CreateWindowExA.USER32 ref: 00007FF63420430D
ShowWindow.USER32 ref: 00007FF634204326
UpdateWindow.USER32 ref: 00007FF634204333

Strings

class001, xrefs: 00007FF63420425A, 00007FF634204304

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: Window$MetricsSystem$ClassCreateHandleModuleRegisterShowUpdate
String ID: class001
API String ID: 3666473625-3656631403
Opcode ID: 53389c19fc29f04132dcce79cdbd498e5441cdc0ef18e48b201337a412e8095a
Instruction ID: e039bde37433750c06374bd30fd943d7172f46e16d6830dc7d1c2f239ccf4083
Opcode Fuzzy Hash: 53389c19fc29f04132dcce79cdbd498e5441cdc0ef18e48b201337a412e8095a
Instruction Fuzzy Hash: 4531D770A18B428AF7508F64F9D836AB7A0FB46744F510139D98DD6B6ACF7EE048E740

Function 00007FF634206C10 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MessageBoxA.USER32 ref: 00007FF634206E6D

Strings

v2.1.1 Setup!Before starting the installation, select the folder where the files will be installed, xrefs: 00007FF634206DFE
FrghcZrah, xrefs: 00007FF634206C2B
v2.1.1 Setup, xrefs: 00007FF634206E23
Welcome to , xrefs: 00007FF634206DEA
A, xrefs: 00007FF634206CF6
Solara, xrefs: 00007FF634206DE3, 00007FF634206E2A

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: Message
String ID: v2.1.1 Setup$ v2.1.1 Setup!Before starting the installation, select the folder where the files will be installed$A$FrghcZrah$Solara$Welcome to
API String ID: 2030045667-4036644300
Opcode ID: 818e4b6d2888c4cba2b6a02a4dad209fdc6011418aa973f574071f8947bbbd02
Instruction ID: e200d00b57dbfc8bb9ba2b2f6bfe5b07eeb887b7e3fa041d5c63cdede82728a2
Opcode Fuzzy Hash: 818e4b6d2888c4cba2b6a02a4dad209fdc6011418aa973f574071f8947bbbd02
Instruction Fuzzy Hash: 2C71102260DB8281DB60DB65F5E12AEE7E0EF85784F404035EACDD3BAADE2DD145DB00

Function 000001984C0FCB40 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 000001984C0FCB6D
Process32NextW.KERNEL32 ref: 000001984C0FCBEF
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C0FCC5C
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C0FCC95
Process32NextW.KERNEL32 ref: 000001984C0FCD3E

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyNextProcess32Queue::StructuredWork$CreateSnapshotToolhelp32
String ID:
API String ID: 2993956496-0
Opcode ID: ccef948bbded8c3c363223a2ce267501defc5825a781fad79f845297002980c6
Instruction ID: fc5308b3a15e73fde2bcd7b19890d11ea294eb82b52fb3373d0f21e26d3cb88c
Opcode Fuzzy Hash: ccef948bbded8c3c363223a2ce267501defc5825a781fad79f845297002980c6
Instruction Fuzzy Hash: A6513F31518B898BE365EB28C455BDEB7E5FFD5300F405A2EA08EC31A1DF709945CB41

Function 000001984C1DA382 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 143
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32 ref: 000001984C1DA428

Strings

d, xrefs: 000001984C1DA3D9
%, xrefs: 000001984C1DA492

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID: %$d
API String ID: 544645111-2062555646
Opcode ID: 54094574cc393b862cd2771380fe1ec476da5795c3c02fbf705b5334c7136e22
Instruction ID: a4ce7eb53bbe8114f9f3d3395495385a5f2fed1d6750b36a1cd81c8581d056ca
Opcode Fuzzy Hash: 54094574cc393b862cd2771380fe1ec476da5795c3c02fbf705b5334c7136e22
Instruction Fuzzy Hash: 0041C130A1CA568FE318CA6DD4A83EAB2D5FBD9316F50462EF087C32D0CB68D5058B46

Function 000001984C0D8720 Relevance: 4.7, APIs: 3, Instructions: 233
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001984C0D87C0

Part of subcall function 000001984C026A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C026AAB
Part of subcall function 000001984C026A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C026ABA

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C0D8826
CreateFileA.KERNEL32 ref: 000001984C0D8852

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFiletype_info::_name_internal_method
String ID:
API String ID: 645652700-0
Opcode ID: 819d9873fe87e5e0672c7b493bbbe385e55e3c781ecdd4f5973528374cac9e4f
Instruction ID: 6b61d8c117c5c3ca91fc266219c9ad1bf1f65829d9b1ea388e7d0c2e38e1ac99
Opcode Fuzzy Hash: 819d9873fe87e5e0672c7b493bbbe385e55e3c781ecdd4f5973528374cac9e4f
Instruction Fuzzy Hash: 71812F30619A498FE7A4EB68C865BDEB7E1FF99310F404A6DA08DC32D1DE35D845CB02

Function 000001984C0E0EBC Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 207memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 000001984C1DA5C6

Strings

d, xrefs: 000001984C1DA574
%, xrefs: 000001984C1DA620

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: %$d
API String ID: 4275171209-2062555646
Opcode ID: 0397274e70c8a7f3d789460244b764dcb58fce8343aaa3aac63c8b35ee727e9f
Instruction ID: 6c193635efd7c6c8079edcaadc40b11c5c52ce61774f1aeff88dbe4e53d6af00
Opcode Fuzzy Hash: 0397274e70c8a7f3d789460244b764dcb58fce8343aaa3aac63c8b35ee727e9f
Instruction Fuzzy Hash: 4951E331628A0ACFD31CDA28C4A87EE77D5FB9D355F500A2EB08BC32D1DA64D5468B42

Function 000001984C0D8D40 Relevance: 4.6, APIs: 3, Instructions: 80fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C0D8D86
CreateFileA.KERNEL32 ref: 000001984C0D8DB5
ReadFile.KERNEL32 ref: 000001984C0D8DE4

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: ebd15ed829b08a1b500daa4d553f069842ecabd0a130300aab089dd93fe54596
Instruction ID: bb1d41957c92ab9c4dc603cad346395bff170139d8e3e735318aadb60cfe08cc
Opcode Fuzzy Hash: ebd15ed829b08a1b500daa4d553f069842ecabd0a130300aab089dd93fe54596
Instruction Fuzzy Hash: 3E21B470658B888FDB94EF1CC498B9ABBE0FB99305F50491DE489C3260DBB5D844CB42

Function 000001984BFF4740 Relevance: 4.6, APIs: 3, Instructions: 80COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFF476C
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFF477E

Part of subcall function 000001984BFF53C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFF53DD

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFF47BB

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 56f0e97885bd8304239a8f2878fdd14305f6cae0faeb2e433c02dacfefb3af0e
Instruction ID: a147e0f0ef9776f0bd141aab3953123dbfd4727779bded2883b7de854dd8ea8b
Opcode Fuzzy Hash: 56f0e97885bd8304239a8f2878fdd14305f6cae0faeb2e433c02dacfefb3af0e
Instruction Fuzzy Hash: 6931BA71528B989FD794EF28C455B9EBBE1FF95300F80492EB489C32A1DF70A455CB42

Function 00007FF634203AD0 Relevance: 4.6, APIs: 3, Instructions: 68registryfileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 00007FF634203B29
CloseHandle.KERNEL32 ref: 00007FF634203B41
RegOpenKeyExA.ADVAPI32 ref: 00007FF634203BCD

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: CloseCreateFileHandleOpen
String ID:
API String ID: 420164193-0
Opcode ID: 400d762f45c222ad54dc4951f779c31423d5e1f4fd11ce37fb757c510c9c0084
Instruction ID: 44ec4eb57d9446710ffb5b4a079fc914749429ff4147b3f65cdb78329af3a0f4
Opcode Fuzzy Hash: 400d762f45c222ad54dc4951f779c31423d5e1f4fd11ce37fb757c510c9c0084
Instruction Fuzzy Hash: 2721A03160C68186E720CB64F5A87BAE6E1FB847A4F500235E69DD3BD8DF7EC4459B00

Function 000001984C0D8CA0 Relevance: 4.5, APIs: 3, Instructions: 48fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C0D8CC7
CreateFileA.KERNEL32 ref: 000001984C0D8CF6
ReadFile.KERNEL32 ref: 000001984C0D8D1E

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: 00f0e8137a90342245313ce85138990c6ed6b9c8d6714f93bfdec8d0e61b2606
Instruction ID: bd3a2a9440ff0a52350d6e51c60f6053511d9fccdd2676b3eaffcdf6ebfe59a1
Opcode Fuzzy Hash: 00f0e8137a90342245313ce85138990c6ed6b9c8d6714f93bfdec8d0e61b2606
Instruction Fuzzy Hash: 06010274618B488FD744EF28C85871ABBE0FB9A304F50091DF08AC32A0DB79C9498B42

Function 00007FF634204540 Relevance: 4.5, APIs: 3, Instructions: 32windowCOMMON

Download Yara Rule

APIs

PeekMessageA.USER32 ref: 00007FF634204559
TranslateMessage.USER32 ref: 00007FF634204568
DispatchMessageA.USER32 ref: 00007FF634204573

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: Message$DispatchPeekTranslate
String ID:
API String ID: 4217535847-0
Opcode ID: fb7ffd9013c6280f3680469662e411462aaa5576de6003425bd1f7d40c52d67d
Instruction ID: 609aaee31f3e1fdeb1bee1d757262304384db5eaae84d6fc54f43a9328efca81
Opcode Fuzzy Hash: fb7ffd9013c6280f3680469662e411462aaa5576de6003425bd1f7d40c52d67d
Instruction Fuzzy Hash: A501842192C49286F3509B20AAE177AEAE0BFA1345F505031F14FD2795CF2EE549BB10

Function 00007FF6341E21B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341E236B

Strings

gfff, xrefs: 00007FF6341E21F0

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: gfff
API String ID: 2168931217-1553575800
Opcode ID: 6015d84ae1b1d65a6ab8ddef2866e44c8506d770f6cc5ed3b1f5fe4bfbead1f1
Instruction ID: e9081f8ff5f5f781de762859d78385b9cbe65d1a7c54fe8e64d37c7ded06e4d4
Opcode Fuzzy Hash: 6015d84ae1b1d65a6ab8ddef2866e44c8506d770f6cc5ed3b1f5fe4bfbead1f1
Instruction Fuzzy Hash: 65514663708A8586D7058F28D9912BDFBB2FB8CB80F498226DA48D7799CF3CD195C700

Function 00007FF634204370 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

00007FFD940B5F50.D3D9 ref: 00007FF63420437B

Strings

@, xrefs: 00007FF63420440A

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007D940
String ID: @
API String ID: 1355977542-2766056989
Opcode ID: c9bde2acb797ea5a268e1411900f8b57382d5fe92209a827650add27bf516a59
Instruction ID: a3e8aae1a03f74d4943b4aa7d746578062546c8c547d961ee0ff0172bcc3b8d8
Opcode Fuzzy Hash: c9bde2acb797ea5a268e1411900f8b57382d5fe92209a827650add27bf516a59
Instruction Fuzzy Hash: C011C370A0860686F7108F41E994365A6E0EF46788F424135D94DD77ABDF7EA184AB00

Function 000001984C0D8BC0 Relevance: 3.1, APIs: 2, Instructions: 56fileCOMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C0D8BE0
CreateFileA.KERNEL32 ref: 000001984C0D8C0F

Part of subcall function 000001984BFFA170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFFA18D

Part of subcall function 000001984C0D8720: type_info::_name_internal_method.LIBCMTD ref: 000001984C0D87C0
Part of subcall function 000001984C0D8720: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C0D8826
Part of subcall function 000001984C0D8720: CreateFileA.KERNEL32 ref: 000001984C0D8852

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFile$type_info::_name_internal_method
String ID:
API String ID: 2627539804-0
Opcode ID: cc7fafd89d896ea43074705b9a37fd9b433cefd388bc7ac13a0765c05240d101
Instruction ID: e4cf19e8e97bb30bcc5afc9dc8dd25cd9b61599303eb6c65837af16a76177dc4
Opcode Fuzzy Hash: cc7fafd89d896ea43074705b9a37fd9b433cefd388bc7ac13a0765c05240d101
Instruction Fuzzy Hash: FA11DB70618B898FE794EF28C45979AB7E1FBDA341F40492EE08DC3261DF79D8458B42

Function 00007FF63420C0CC Relevance: 3.1, APIs: 2, Instructions: 55COMMON

Download Yara Rule

APIs

_RTC_Initialize.LIBCMT ref: 00007FF63420C104
00007FFDB2241B20.API-MS-WIN-CRT-LOCALE-L1-1-0 ref: 00007FF63420C150

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B2241Initialize
String ID:
API String ID: 1127141782-0
Opcode ID: 5b54a8b9123677f748fd2ee654e194cb8d97a930d90aeec746cf412f2530cc20
Instruction ID: 70c9f169efdcb29c3a48505e3459d3b57a989a5cd356eb96ff84f89799741011
Opcode Fuzzy Hash: 5b54a8b9123677f748fd2ee654e194cb8d97a930d90aeec746cf412f2530cc20
Instruction Fuzzy Hash: 94116AD4E0854742FA6CBBB24BF72B9C2D58F95340F440471E64DE63D3EE1EA845A226

Function 00007FF63420C064 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63420C094

Part of subcall function 00007FF63420C898: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF63420C8A1

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63420C09A

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: a62e57b613f6e6410e13ca755f8d4b74df9e9e7d5764e1737291f7a9854307f7
Instruction ID: 464b70bc0d604e55b0a343fcfb4c0aa7ffdd4e9af34f8091b6ba38ba04982cee
Opcode Fuzzy Hash: a62e57b613f6e6410e13ca755f8d4b74df9e9e7d5764e1737291f7a9854307f7
Instruction Fuzzy Hash: F7F05E90E1920B41FD2D66A766F61B881C18F09B70F5C0630ED7CE67C2ED1FA49AB210

Function 000001984C1033C0 Relevance: 1.7, APIs: 1, Instructions: 247COMMON

Download Yara Rule

APIs

std::_Fac_node::_Fac_node.LIBCPMTD ref: 000001984C10343A

Part of subcall function 000001984BFFA170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFFA18D

Part of subcall function 000001984C0D8720: type_info::_name_internal_method.LIBCMTD ref: 000001984C0D87C0
Part of subcall function 000001984C0D8720: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C0D8826
Part of subcall function 000001984C0D8720: CreateFileA.KERNEL32 ref: 000001984C0D8852

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFac_nodeFac_node::_Filestd::_type_info::_name_internal_method
String ID:
API String ID: 3000750846-0
Opcode ID: 3f2ef6f74bf225def2dab778cd6fcba1428f71d8aef22a335888cc59ac8b6020
Instruction ID: a31c62efa04f83082d72817c056597bbe6d8a9be55d2f34c9508042493c862fd
Opcode Fuzzy Hash: 3f2ef6f74bf225def2dab778cd6fcba1428f71d8aef22a335888cc59ac8b6020
Instruction Fuzzy Hash: 8E914F3165CB898FE765EB28C454BEAB7E1FF9A304F40095DE089C3292EE75D941CB42

Function 00007FF634201B90 Relevance: 1.7, APIs: 1, Instructions: 199libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF634201DDE

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
Instruction ID: e4e2cbe0b5604ae84b2bb3681076b6378d57f21bb5fd39d65c13d6ea3b2dedcb
Opcode Fuzzy Hash: 0687a482410035a8978432453c5d728bbb6bc986c65ef01f96900fa291c08832
Instruction Fuzzy Hash: 90A18536619B8486DB60CB5AE49032AB7E4F7C8B94F504126EBCE87B68DF3DD455CB00

Function 000001984C119D5C Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 000001984C119D8C

Part of subcall function 000001984C11A810: std::bad_alloc::bad_alloc.LIBCMTD ref: 000001984C11A819

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
String ID:
API String ID: 680105476-0
Opcode ID: 64a47e28c3614743c32ebf0df84499a9aef0dcbac1c74a8302aad57f47b4e453
Instruction ID: cbd1e1d8d512c729fd3c62e8dd8265094ad6081f0445c10638783be3a9126aa8
Opcode Fuzzy Hash: 64a47e28c3614743c32ebf0df84499a9aef0dcbac1c74a8302aad57f47b4e453
Instruction Fuzzy Hash: 8C018C30A3190B0EFEA8737548B53F825DDEF4F352F9405299836C71D6ED1C88929251

Function 00007FF63420BCB0 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF63420BCD3

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: b1371d319780f7c63a2b5d838895a119c58dee36737aa1d21d8aaa4a908d7d1e
Instruction ID: 4dd960d2502c4e22f7988faeb1c8a1e2176cddf6b7f955fecd602edd093b0df5
Opcode Fuzzy Hash: b1371d319780f7c63a2b5d838895a119c58dee36737aa1d21d8aaa4a908d7d1e
Instruction Fuzzy Hash: 86015262618F4685D6709B59E59022AF7E0FF88798F400231FAADD6798DF3DD1509704

Non-executed Functions

Function 00007FF6341E25F0 Relevance: 54.1, APIs: 16, Strings: 14, Instructions: 1603COMMON

Download Yara Rule

APIs

00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341E2777
00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341E2789
00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341E2ABA
00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341E2B09
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341E3F7F
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341E4005

Strings

cfg.DstFont && (!cfg.DstFont->IsLoaded() || cfg.DstFont->ContainerAtlas == atlas), xrefs: 00007FF6341E2821
font->ConfigData == font_config, xrefs: 00007FF6341E3AC1
n < (Storage.Size << 5), xrefs: 00007FF6341E2B57, 00007FF6341E2BB3, 00007FF6341E2BE5
i >= 0 && i < Size, xrefs: 00007FF6341E27C0, 00007FF6341E27E5, 00007FF6341E286B, 00007FF6341E2911, 00007FF6341E2A19, 00007FF6341E2F65, 00007FF6341E2FA8, 00007FF6341E2FED, 00007FF6341E312F, 00007FF6341E36A4, 00007FF6341E39E4, 00007FF6341E3B3F
atlas->ConfigData.Size > 0, xrefs: 00007FF6341E2635
font_offset >= 0 && "FontData is incorrect, or FontNo cannot be found.", xrefs: 00007FF6341E28CC
glyph_index_in_font != 0, xrefs: 00007FF6341E3163
0 && "stbtt_InitFont(): failed to parse FontData. It is correct and complete? Check FontDataSize.", xrefs: 00007FF6341E2A58
src_tmp.DstIndex != -1, xrefs: 00007FF6341E2A79
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6341E2B50, 00007FF6341E2BAC, 00007FF6341E2BDE
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341E27B9, 00007FF6341E27DE, 00007FF6341E2864, 00007FF6341E290A, 00007FF6341E2A12, 00007FF6341E2F5E, 00007FF6341E2FA1, 00007FF6341E2FE6, 00007FF6341E3128, 00007FF6341E369D, 00007FF6341E39DD, 00007FF6341E3B38
src_range[0] <= src_range[1] && "Invalid range: is your glyph range array persistent? it is zero-terminated?", xrefs: 00007FF6341E2961
src_tmp.GlyphsList.Size == src_tmp.GlyphsCount, xrefs: 00007FF6341E2D53
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6341E262E, 00007FF6341E281A, 00007FF6341E28C5, 00007FF6341E295A, 00007FF6341E2A5F, 00007FF6341E2A80, 00007FF6341E2D4C, 00007FF6341E315C, 00007FF6341E3ABA

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007$B222F020
String ID: 0 && "stbtt_InitFont(): failed to parse FontData. It is correct and complete? Check FontDataSize."$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$atlas->ConfigData.Size > 0$cfg.DstFont && (!cfg.DstFont->IsLoaded() || cfg.DstFont->ContainerAtlas == atlas)$font->ConfigData == font_config$font_offset >= 0 && "FontData is incorrect, or FontNo cannot be found."$glyph_index_in_font != 0$i >= 0 && i < Size$n < (Storage.Size << 5)$src_range[0] <= src_range[1] && "Invalid range: is your glyph range array persistent? it is zero-terminated?"$src_tmp.DstIndex != -1$src_tmp.GlyphsList.Size == src_tmp.GlyphsCount
API String ID: 2211405229-2192739418
Opcode ID: f438b7f5490826f6287a76a7ec04228756cec118a08182ee0e1111dcaa512f5b
Instruction ID: 0dcf56640772d32cbe9daf5bc06d6f332ee2651bc2cb6d6125f67a4702747c50
Opcode Fuzzy Hash: f438b7f5490826f6287a76a7ec04228756cec118a08182ee0e1111dcaa512f5b
Instruction Fuzzy Hash: 03F21376B04A8686E715CF29D4D42BDB7A0FB58B88F149236CA4ED3B90DF39E485D700

Function 00007FF6341B9E10 Relevance: 48.3, APIs: 2, Strings: 25, Instructions: 1049COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341BAA84
00007FFDB224A0D0.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF6341BAEDF

Strings

g.Font->IsLoaded(), xrefs: 00007FF6341BA274
g.WindowsFocusOrder.Size <= g.Windows.Size, xrefs: 00007FF6341BA584
333?, xrefs: 00007FF6341BACDE
GImGui != 0, xrefs: 00007FF6341BA715
GetCurrentWindowRead()->Flags & ImGuiWindowFlags_Tooltip, xrefs: 00007FF6341BAD9C
Left, xrefs: 00007FF6341BAD0F
Right, xrefs: 00007FF6341BAD1B
g.MovingWindow && g.MovingWindow->RootWindow, xrefs: 00007FF6341BA6D0
Click %s Button to break in debugger! (remap w/ Ctrl+Shift), xrefs: 00007FF6341BAD51
gfff, xrefs: 00007FF6341BB114
i >= 0 && i < Size, xrefs: 00007FF6341B9E96, 00007FF6341B9ECA, 00007FF6341BA121, 00007FF6341BA241, 00007FF6341BA8F5, 00007FF6341BA92C, 00007FF6341BA95F, 00007FF6341BAAFA
g.Viewports.Size == 1, xrefs: 00007FF6341BA0FE
Size > 0, xrefs: 00007FF6341BABDE
(Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames), xrefs: 00007FF6341BAFA2
g.CurrentWindow->IsFallbackWindow == true, xrefs: 00007FF6341BB026
Press ESC to abort picking., xrefs: 00007FF6341BAD03
NewFrame(): ClearActiveID() because it isn't marked alive anymore!, xrefs: 00007FF6341BA3C3
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341B9E4D, 00007FF6341BA0F7, 00007FF6341BA26D, 00007FF6341BA57D, 00007FF6341BA6C9, 00007FF6341BA70E, 00007FF6341BAD95, 00007FF6341BB01F
Middle, xrefs: 00007FF6341BAD27
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341B9E8F, 00007FF6341B9EC3, 00007FF6341B9F00, 00007FF6341BA11A, 00007FF6341BA23A, 00007FF6341BA8EE, 00007FF6341BA925, 00007FF6341BA958, 00007FF6341BAAF3, 00007FF6341BABD7
Debug##Default, xrefs: 00007FF6341BAFCA
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF6341B9E54
HoveredId: 0x%08X, xrefs: 00007FF6341BACF7
Remap w/ Ctrl+Shift: click anywhere to select new mouse button., xrefs: 00007FF6341BAD3B
it >= Data && it < Data + Size, xrefs: 00007FF6341B9F07

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007$B222B224F020
String ID: (Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames)$333?$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Click %s Button to break in debugger! (remap w/ Ctrl+Shift)$Debug##Default$GImGui != 0$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$GetCurrentWindowRead()->Flags & ImGuiWindowFlags_Tooltip$HoveredId: 0x%08X$Left$Middle$NewFrame(): ClearActiveID() because it isn't marked alive anymore!$Press ESC to abort picking.$Remap w/ Ctrl+Shift: click anywhere to select new mouse button.$Right$Size > 0$g.CurrentWindow->IsFallbackWindow == true$g.Font->IsLoaded()$g.MovingWindow && g.MovingWindow->RootWindow$g.Viewports.Size == 1$g.WindowsFocusOrder.Size <= g.Windows.Size$gfff$i >= 0 && i < Size$it >= Data && it < Data + Size
API String ID: 1964672387-8291574
Opcode ID: d3b2595934c51ed1d8cb045eddf48157a67c1cc9c59cca699bf918a1817e944d
Instruction ID: 9f75236c7e80d98d13585901a3a58be7eee2d8eec27daee3b27bc57cb0006f83
Opcode Fuzzy Hash: d3b2595934c51ed1d8cb045eddf48157a67c1cc9c59cca699bf918a1817e944d
Instruction Fuzzy Hash: 7BC29332A08AC689EB21CF35D8942F8BBA1FF55788F044235DA0DDB7A5DF39A585D700

Function 00007FF6341F6090 Relevance: 36.4, Strings: 26, Instructions: 3919COMMON

Download Yara Rule

Strings

callback_data.BufSize == state->BufCapacity, xrefs: 00007FF6341F8BA6
state != 0, xrefs: 00007FF6341F6FCC, 00007FF6341F761C, 00007FF6341F887E, 00007FF6341F9355
%*s%.*s, xrefs: 00007FF6341F9FA0
font->ContainerAtlas->TexID == _CmdHeader.TextureId, xrefs: 00007FF6341F92A9, 00007FF6341F9B64
idx <= obj->TextLen, xrefs: 00007FF6341F7110, 00007FF6341F7203
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF6341F6126, 00007FF6341F614E, 00007FF6341F6176, 00007FF6341F6746, 00007FF6341F6B98, 00007FF6341F6F3E, 00007FF6341F6FC5, 00007FF6341F7109, 00007FF6341F71FC, 00007FF6341F7615, 00007FF6341F8877, 00007FF6341F88B5, 00007FF6341F89A4, 00007FF6341F8B7C, 00007FF6341F8B9F, 00007FF6341F8BC2, 00007FF6341F8C69, 00007FF6341F8E94, 00007FF6341F8F51, 00007FF6341F934E
@, xrefs: 00007FF6341FA0BA
callback != 0, xrefs: 00007FF6341F674D, 00007FF6341F89AB
!((flags & ImGuiInputTextFlags_CallbackHistory) && (flags & ImGuiInputTextFlags_Multiline)), xrefs: 00007FF6341F6155
callback_data.BufTextLen == (int)strlen(callback_data.Buf), xrefs: 00007FF6341F8C70
password_font->Glyphs.empty() && password_font->IndexAdvanceX.empty() && password_font->IndexLookup.empty(), xrefs: 00007FF6341F6F45
i >= 0 && i < Size, xrefs: 00007FF6341F7134, 00007FF6341F7227, 00007FF6341F7546
apply_new_text_length >= 0, xrefs: 00007FF6341F8E9B
buf != 0 && buf_size >= 0, xrefs: 00007FF6341F612D
buf[0] != 0, xrefs: 00007FF6341F88BC
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341F6C32, 00007FF6341F6CA1, 00007FF6341F6CDE, 00007FF6341F6D20, 00007FF6341F6D5D, 00007FF6341F6DA8, 00007FF6341F770D, 00007FF6341F77A3, 00007FF6341F78C1, 00007FF6341F796F, 00007FF6341F7A01, 00007FF6341F7A9D, 00007FF6341F7B44, 00007FF6341F7BEB, 00007FF6341F7C25, 00007FF6341F7CD3, 00007FF6341FA09F
#SCROLLY, xrefs: 00007FF6341F67C1, 00007FF6341F67F0, 00007FF6341F9E36
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341F712D, 00007FF6341F7220, 00007FF6341F753F
apply_new_text_length <= buf_size, xrefs: 00007FF6341F8F58
!((flags & ImGuiInputTextFlags_CallbackCompletion) && (flags & ImGuiInputTextFlags_AllowTabInput)), xrefs: 00007FF6341F617D
state && state->ID == id, xrefs: 00007FF6341F6B9F
callback_data.Flags == flags, xrefs: 00007FF6341F8BC9
callback_data.Buf == callback_buf, xrefs: 00007FF6341F8B83
g.DragDropActive || g.ActiveId == id || g.ActiveId == 0 || g.ActiveIdPreviousFrame == id || (g.CurrentMultiSelect != 0 && g.BoxSel, xrefs: 00007FF6341FA0A6
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF6341F6C39, 00007FF6341F6CA8, 00007FF6341F6CE5, 00007FF6341F6D27, 00007FF6341F6D64, 00007FF6341F6DAF, 00007FF6341F7714, 00007FF6341F77AA, 00007FF6341F78C8, 00007FF6341F7976, 00007FF6341F7A08, 00007FF6341F7AA4, 00007FF6341F7B4B, 00007FF6341F7BF2, 00007FF6341F7C2C, 00007FF6341F7CDA
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6341F92A2, 00007FF6341F9B5D

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: __swprintf_l
String ID: !((flags & ImGuiInputTextFlags_CallbackCompletion) && (flags & ImGuiInputTextFlags_AllowTabInput))$!((flags & ImGuiInputTextFlags_CallbackHistory) && (flags & ImGuiInputTextFlags_Multiline))$#SCROLLY$%*s%.*s$@$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$apply_new_text_length <= buf_size$apply_new_text_length >= 0$buf != 0 && buf_size >= 0$buf[0] != 0$callback != 0$callback_data.Buf == callback_buf$callback_data.BufSize == state->BufCapacity$callback_data.BufTextLen == (int)strlen(callback_data.Buf)$callback_data.Flags == flags$font->ContainerAtlas->TexID == _CmdHeader.TextureId$g.DragDropActive || g.ActiveId == id || g.ActiveId == 0 || g.ActiveIdPreviousFrame == id || (g.CurrentMultiSelect != 0 && g.BoxSel$i >= 0 && i < Size$idx <= obj->TextLen$password_font->Glyphs.empty() && password_font->IndexAdvanceX.empty() && password_font->IndexLookup.empty()$state != 0$state && state->ID == id
API String ID: 1488884202-4266151527
Opcode ID: 195f78c7db5a38b31e4e9b1d80104571116f3c666764a8de835408f227dede20
Instruction ID: 1dde3a3543c738ab93868043dcb40e7c2b77c75ecd088ad345fb82ddf162a0fa
Opcode Fuzzy Hash: 195f78c7db5a38b31e4e9b1d80104571116f3c666764a8de835408f227dede20
Instruction Fuzzy Hash: 6393E332A19A868AE750CB26C0C46B9B7E1FF59788F048335DA5CD77A5CF39E446DB00

Function 00007FF6341B7390 Relevance: 26.8, APIs: 10, Strings: 5, Instructions: 530COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B75A9
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B767F
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B7776
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B7807
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B78BC
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B7965
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B79F6
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B7AB5
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B7B84
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B7C89

Strings

(g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?", xrefs: 00007FF6341B73D0
Forgot to shutdown Platform backend?, xrefs: 00007FF6341B73A9
(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?", xrefs: 00007FF6341B740E
Forgot to shutdown Renderer backend?, xrefs: 00007FF6341B73E7
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341B73C9, 00007FF6341B7407

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: (g.IO.BackendPlatformUserData == 0) && "Forgot to shutdown Platform backend?"$(g.IO.BackendRendererUserData == 0) && "Forgot to shutdown Renderer backend?"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Forgot to shutdown Platform backend?$Forgot to shutdown Renderer backend?
API String ID: 2168931217-2716422499
Opcode ID: 26288e8c175f015e1836f85dd7fd1a69da7496cc3a127bc8ca54b656109c5204
Instruction ID: 4d7e7c8f0d7f36c4dfd5143000c8b005073bd19702ad67a75b1ba05709030172
Opcode Fuzzy Hash: 26288e8c175f015e1836f85dd7fd1a69da7496cc3a127bc8ca54b656109c5204
Instruction Fuzzy Hash: 46426A33608E9292D709DF24D6941FCB3A5FB58B88F884136CA1EC7395DF39A5A6D340

Function 00007FF6341E97F0 Relevance: 24.4, Strings: 19, Instructions: 617COMMON

Download Yara Rule

Strings

(inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!", xrefs: 00007FF6341E9F65
Mismatching PushID/PopID!, xrefs: 00007FF6341E9F0F
i >= 0 && i < Size, xrefs: 00007FF6341E995E, 00007FF6341EA27F, 00007FF6341EA2C5
p >= Buf.Data && p < Buf.Data + Buf.Size, xrefs: 00007FF6341EA347
Size > 0, xrefs: 00007FF6341E9B29, 00007FF6341E9EE4, 00007FF6341E9F35
table != 0 && "Only call EndTable() if BeginTable() returns true!", xrefs: 00007FF6341E984D
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF6341E9846, 00007FF6341E9898, 00007FF6341E98C0, 00007FF6341E99CD, 00007FF6341E9F5E, 00007FF6341E9FAA, 00007FF6341EA0E5, 00007FF6341EA21D, 00007FF6341EA240
(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!", xrefs: 00007FF6341E9FB1
(table->Flags & ImGuiTableFlags_ScrollX) == 0, xrefs: 00007FF6341EA0EC
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6341E9A9E, 00007FF6341E9C1E, 00007FF6341E9DB3, 00007FF6341E9E3D, 00007FF6341EA340
Too many PopItemWidth!, xrefs: 00007FF6341E9F83
inner_window == g.CurrentWindow, xrefs: 00007FF6341E989F
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341E9957, 00007FF6341E9B22, 00007FF6341E9EDD, 00007FF6341E9F2E, 00007FF6341EA278, 00007FF6341EA2BE
table->RowPosY2 == inner_window->DC.CursorPos.y, xrefs: 00007FF6341E99D4
Calling PopStyleColor() too many times!, xrefs: 00007FF6341E97F7
p >= Data && p < DataEnd, xrefs: 00007FF6341E9AA5, 00007FF6341E9C25, 00007FF6341E9DBA, 00007FF6341E9E44
g.CurrentWindow == outer_window && g.CurrentTable == table, xrefs: 00007FF6341EA224
outer_window == inner_window || outer_window == inner_window->ParentWindow, xrefs: 00007FF6341E98C7
g.TablesTempDataStacked > 0, xrefs: 00007FF6341EA247

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: (inner_window->IDStack.back() == table_instance->TableInstanceID) && "Mismatching PushID/PopID!"$(outer_window->DC.ItemWidthStack.Size >= temp_data->HostBackupItemWidthStackSize) && "Too many PopItemWidth!"$(table->Flags & ImGuiTableFlags_ScrollX) == 0$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$Calling PopStyleColor() too many times!$Mismatching PushID/PopID!$Size > 0$Too many PopItemWidth!$g.CurrentWindow == outer_window && g.CurrentTable == table$g.TablesTempDataStacked > 0$i >= 0 && i < Size$inner_window == g.CurrentWindow$outer_window == inner_window || outer_window == inner_window->ParentWindow$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table != 0 && "Only call EndTable() if BeginTable() returns true!"$table->RowPosY2 == inner_window->DC.CursorPos.y
API String ID: 0-2342475368
Opcode ID: fb8c50e147d00a123830afff88922648a2ae1b96f566e52dfccd9055c5c3bd33
Instruction ID: 9c4b268b0fb68a3e1d98ec02d588f2a1bf015d68f7862ef4578c72e10da99b85
Opcode Fuzzy Hash: fb8c50e147d00a123830afff88922648a2ae1b96f566e52dfccd9055c5c3bd33
Instruction Fuzzy Hash: 5D72CF36A08A8A96E725CB36C5C43B9B360FF19784F049631DA4DE36A1DF39B5D4E700

Function 00007FF6341E7CE0 Relevance: 24.0, APIs: 3, Strings: 10, Instructions: 1289COMMON

Download Yara Rule

APIs

00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341E7DA7
00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341E7DC1
00007FFDA46F19C0.VCRUNTIME140(?), ref: 00007FF6341E8883

Strings

table->IsLayoutLocked == false, xrefs: 00007FF6341E7D5B
table->LeftMostEnabledColumn >= 0 && table->RightMostEnabledColumn >= 0, xrefs: 00007FF6341E8168
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341E86DD
i >= 0 && i < Size, xrefs: 00007FF6341E86E4
p >= Data && p < DataEnd, xrefs: 00007FF6341E7E50, 00007FF6341E7E91, 00007FF6341E7F8F, 00007FF6341E8220, 00007FF6341E833B, 00007FF6341E8388, 00007FF6341E8524, 00007FF6341E8646, 00007FF6341E8678, 00007FF6341E8900, 00007FF6341E8938, 00007FF6341E8A6C, 00007FF6341E8E47, 00007FF6341E8E81, 00007FF6341E8F16, 00007FF6341E91DB, 00007FF6341E920D
!is_visible, xrefs: 00007FF6341E8CC9
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF6341E7D54, 00007FF6341E8008, 00007FF6341E8161, 00007FF6341E8CC2
#ContextMenu, xrefs: 00007FF6341E9129
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6341E7E49, 00007FF6341E7E8A, 00007FF6341E7F88, 00007FF6341E8219, 00007FF6341E8334, 00007FF6341E8381, 00007FF6341E851D, 00007FF6341E863F, 00007FF6341E8671, 00007FF6341E88F9, 00007FF6341E8931, 00007FF6341E8A65, 00007FF6341E8E40, 00007FF6341E8E7A, 00007FF6341E8F0F, 00007FF6341E91D4, 00007FF6341E9206
column->IndexWithinEnabledSet <= column->DisplayOrder, xrefs: 00007FF6341E800F

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007
String ID: !is_visible$#ContextMenu$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->IndexWithinEnabledSet <= column->DisplayOrder$i >= 0 && i < Size$p >= Data && p < DataEnd$table->IsLayoutLocked == false$table->LeftMostEnabledColumn >= 0 && table->RightMostEnabledColumn >= 0
API String ID: 3568877910-1387518580
Opcode ID: ec0702dd844992c5246f3174f8b9bbc99badffcfda43b03853648fa86f9c6ef8
Instruction ID: 5daa07cef9885a8ab740784c321dad1a327f7e1c72dc2fa2286c4361f16a6489
Opcode Fuzzy Hash: ec0702dd844992c5246f3174f8b9bbc99badffcfda43b03853648fa86f9c6ef8
Instruction Fuzzy Hash: A7E2C036A08A8596E715CB36C1C03B8B7A0FF59744F089721DB58A3AA1DF79F4E4E740

Function 00007FF634200D02 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 232keyboardCOMMON

Download Yara Rule

APIs

GetKeyState.USER32 ref: 00007FF634200D24
GetKeyState.USER32 ref: 00007FF634200D62
GetKeyState.USER32 ref: 00007FF634200D98
GetKeyState.USER32 ref: 00007FF634200DCE
GetKeyState.USER32 ref: 00007FF634200DE0
GetKeyState.USER32 ref: 00007FF634200EB1
GetKeyState.USER32 ref: 00007FF634200EED
GetKeyState.USER32 ref: 00007FF634200F3D
GetKeyState.USER32 ref: 00007FF634200F79
GetKeyState.USER32 ref: 00007FF634200FC9
GetKeyState.USER32 ref: 00007FF634201005

Strings

ImGui::IsNamedKey(key), xrefs: 00007FF634200E96
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF634200E8F

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: State
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$ImGui::IsNamedKey(key)
API String ID: 1649606143-1336968070
Opcode ID: 000c7aad7ae504db2632ddcdd900167e4b492e161e73d0c01b1bbe1108e36a38
Instruction ID: a7009a6f7b57dc5a99beb97b8fc237574d39e9b6a766bb2f488b863aafebebc2
Opcode Fuzzy Hash: 000c7aad7ae504db2632ddcdd900167e4b492e161e73d0c01b1bbe1108e36a38
Instruction Fuzzy Hash: A1910410E5C65605FBB186346AA53B9E2C2CF61388F194635EC4AF67D5CF2FB882F250

Function 00007FF6341FCB40 Relevance: 20.3, APIs: 2, Strings: 9, Instructions: 1043COMMON

Download Yara Rule

APIs

00007FFDB22349A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF6341FCE46
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341FD0CA

Strings

N/A, xrefs: 00007FF6341FD1B2
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341FCC00, 00007FF6341FCC4B, 00007FF6341FCC7E, 00007FF6341FCCD1, 00007FF6341FCD30, 00007FF6341FD125, 00007FF6341FD27C, 00007FF6341FD449, 00007FF6341FD477, 00007FF6341FD4A7, 00007FF6341FD5CC
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF6341FD14E, 00007FF6341FD1C9
tab->NameOffset < tab_bar->TabsNames.Buf.Size, xrefs: 00007FF6341FD1D0
Calling PopStyleColor() too many times!, xrefs: 00007FF6341FCB43
i >= 0 && i < Size, xrefs: 00007FF6341FCC07, 00007FF6341FCC52, 00007FF6341FCC85, 00007FF6341FCCD8, 00007FF6341FCD37, 00007FF6341FD12C, 00007FF6341FD283, 00007FF6341FD450, 00007FF6341FD47E, 00007FF6341FD4AE, 00007FF6341FD5D3
tab->LastFrameVisible >= tab_bar->PrevFrameVisible, xrefs: 00007FF6341FD155
IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease))), xrefs: 00007FF6341FD9D7
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341FD9D0

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007$B222B22349F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$Calling PopStyleColor() too many times!$IsNamedKeyOrMod(key) && (owner_id != ((ImGuiID)0) || (flags & (ImGuiInputFlags_LockThisFrame | ImGuiInputFlags_LockUntilRelease)))$N/A$i >= 0 && i < Size$tab->LastFrameVisible >= tab_bar->PrevFrameVisible$tab->NameOffset < tab_bar->TabsNames.Buf.Size
API String ID: 1829533921-961183113
Opcode ID: e5856efc6648feed069a7f4fa4104e2495d66da8282e5a9a8bc57b6e285aa6dd
Instruction ID: 24326ce47234f1757de085635650b85d7fad135e1f8d4ee4efce23db1d16683e
Opcode Fuzzy Hash: e5856efc6648feed069a7f4fa4104e2495d66da8282e5a9a8bc57b6e285aa6dd
Instruction Fuzzy Hash: 29B2C332A09A8586E751CF36C180179B7A0FF59788F158735DA4EE37A4EF39E486E700

Function 00007FF634203D40 Relevance: 17.6, Strings: 14, Instructions: 80COMMON

Download Yara Rule

Strings

SOFTWARE\VMware, Inc.\VMware Tools, xrefs: 00007FF634203E42, 00007FF634203E80, 00007FF634203EBD
), xrefs: 00007FF634203DB6
', xrefs: 00007FF634203DFC
-, xrefs: 00007FF634203D9D
., xrefs: 00007FF634203E01
2, xrefs: 00007FF634203D93
, xrefs: 00007FF634203DA2
, xrefs: 00007FF634203DE3
-, xrefs: 00007FF634203DDE
*, xrefs: 00007FF634203DF2
#, xrefs: 00007FF634203E65
*, xrefs: 00007FF634203DF7
#, xrefs: 00007FF634203D49
2, xrefs: 00007FF634203DD4

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: AcquireExclusiveLock
String ID: $ $#$#$'$)$*$*$-$-$.$2$2$SOFTWARE\VMware, Inc.\VMware Tools
API String ID: 4021432409-1915594051
Opcode ID: 4e38b839c97e853e088b89e59f31bd11186dc15767536bcab97c3b54645444db
Instruction ID: 21e19d77e0a668229f28e892f0ab5d6b526a756a50029e04a4871816711c0be1
Opcode Fuzzy Hash: 4e38b839c97e853e088b89e59f31bd11186dc15767536bcab97c3b54645444db
Instruction Fuzzy Hash: F741102250C6C1C9E721C728F49835AFFA0E793358F540269E7D987B9ACBBEC148DB11

Function 00007FF6341D1D70 Relevance: 15.0, APIs: 10, Instructions: 50clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00007FF6341D1D7B
MultiByteToWideChar.KERNEL32 ref: 00007FF6341D1DAE
GlobalAlloc.KERNEL32 ref: 00007FF6341D1DC2
GlobalLock.KERNEL32 ref: 00007FF6341D1DD3
MultiByteToWideChar.KERNEL32 ref: 00007FF6341D1DF2
GlobalUnlock.KERNEL32 ref: 00007FF6341D1DFB
EmptyClipboard.USER32 ref: 00007FF6341D1E01
SetClipboardData.USER32 ref: 00007FF6341D1E0F
GlobalFree.KERNEL32 ref: 00007FF6341D1E1D
CloseClipboard.USER32 ref: 00007FF6341D1E23

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: ClipboardGlobal$ByteCharMultiWide$AllocCloseDataEmptyFreeLockOpenUnlock
String ID:
API String ID: 1965520120-0
Opcode ID: 157459983b14d43045f12caff330d5b23f9d56f10b12b28ab43e68da8f23084f
Instruction ID: b6f28491e77c5afdd4c8cc3c7ced182583ee37489f8e58a0a5ebdcc388464e0b
Opcode Fuzzy Hash: 157459983b14d43045f12caff330d5b23f9d56f10b12b28ab43e68da8f23084f
Instruction Fuzzy Hash: F0118271B09A0247F7585B26B9A4235E2E1FF89BD1F084639DA4ED77A4DE3DD4809700

Function 00007FF6341B6CB0 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 396COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B7227

Strings

n >= 0 && n < BITCOUNT, xrefs: 00007FF6341B7330
Window, xrefs: 00007FF6341B6D06
Table, xrefs: 00007FF6341B6E3E
!g.Initialized && !g.SettingsLoaded, xrefs: 00007FF6341B6CF0
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6341B7329
FindSettingsHandler(handler->TypeName) == 0, xrefs: 00007FF6341B6E20, 00007FF6341B6F4E
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341B6CE9, 00007FF6341B6E19, 00007FF6341B6F47

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: !g.Initialized && !g.SettingsLoaded$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$FindSettingsHandler(handler->TypeName) == 0$Table$Window$n >= 0 && n < BITCOUNT
API String ID: 2168931217-416841283
Opcode ID: e75552faf6cb6818e37edf4e1281e6ae4e037dc8bb7990498778a7386c11f76a
Instruction ID: 1145527338f5fe7696183ce84e1329e3cda21e2e73e7547ae7b4c3e068995063
Opcode Fuzzy Hash: e75552faf6cb6818e37edf4e1281e6ae4e037dc8bb7990498778a7386c11f76a
Instruction Fuzzy Hash: 16128C76A09F8686EB10CF24E9942B9B7A5FB54B84F444236CA9DC33A4DF3DE055D300

Function 00007FF6341C6EC0 Relevance: 14.3, Strings: 11, Instructions: 524COMMON

Download Yara Rule

Strings

n >= 0 && n < BITCOUNT, xrefs: 00007FF6341C7193, 00007FF6341C7277
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341C6F74, 00007FF6341C733E, 00007FF6341C750E, 00007FF6341C75C1
i >= 0 && i < Size, xrefs: 00007FF6341C6F7B, 00007FF6341C7345, 00007FF6341C7515
it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size, xrefs: 00007FF6341C75C8
Processed, xrefs: 00007FF6341C74F9
0 && "Unknown event!", xrefs: 00007FF6341C746A
Remaining, xrefs: 00007FF6341C7525
key != ImGuiKey_None, xrefs: 00007FF6341C713B
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF6341C704A
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6341C718C, 00007FF6341C7270
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341C7043, 00007FF6341C7134, 00007FF6341C7463

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: 0 && "Unknown event!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Processed$Remaining$button >= 0 && button < ImGuiMouseButton_COUNT$i >= 0 && i < Size$it >= Data && it < Data + Size && it_last >= it && it_last <= Data + Size$key != ImGuiKey_None$n >= 0 && n < BITCOUNT
API String ID: 0-1923509833
Opcode ID: 1ed67802044e51be6d7839670f05d2371b5f64d9626a24ad05dad900cbb79e92
Instruction ID: ca8cad777d642e7e52d9c8206c35713026df6b297b1e874dc28d49a6470a11b7
Opcode Fuzzy Hash: 1ed67802044e51be6d7839670f05d2371b5f64d9626a24ad05dad900cbb79e92
Instruction Fuzzy Hash: 1A42D1A3F08AC246EB288B2599903B9FB90FB52744F045135DAA9C7795CF7DE854EB00

Function 00007FF63420C628 Relevance: 13.6, APIs: 9, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF63420C644
00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF63420C668
RtlCaptureContext.KERNEL32 ref: 00007FF63420C671
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF63420C68B
RtlVirtualUnwind.KERNEL32 ref: 00007FF63420C6CC
00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF63420C6FF
IsDebuggerPresent.KERNEL32 ref: 00007FF63420C720
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF63420C73D
UnhandledExceptionFilter.KERNEL32 ref: 00007FF63420C748

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3558122275-0
Opcode ID: c688bddeaeefac873e56668a93d44276559217fb76c9b2df63bf723872700d1b
Instruction ID: f6e4c1127d935251cd42a1712fb932369703b0c435d135f4a36f1da73a612c89
Opcode Fuzzy Hash: c688bddeaeefac873e56668a93d44276559217fb76c9b2df63bf723872700d1b
Instruction Fuzzy Hash: EE318172608B8186EB648F61E8A03EDB3A5FB84744F00443ADA4EE7B98DF3DD548C710

Function 00007FF6341D1C20 Relevance: 12.1, APIs: 8, Instructions: 87clipboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6341B10A0: 00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B112E

OpenClipboard.USER32 ref: 00007FF6341D1C38
GetClipboardData.USER32 ref: 00007FF6341D1C55
CloseClipboard.USER32 ref: 00007FF6341D1C63

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: Clipboard$00007B222CloseDataF020Open
String ID:
API String ID: 1678172667-0
Opcode ID: 4f80a7dd8e70029c47bd5bee4d5a62c6acc5d586712dd20aedd815bcf88934c7
Instruction ID: 031c6b314514f7245aa0600a8e5f5eba5419be0728acaf7a75dd9612241f6d72
Opcode Fuzzy Hash: 4f80a7dd8e70029c47bd5bee4d5a62c6acc5d586712dd20aedd815bcf88934c7
Instruction Fuzzy Hash: AC31C272708B8187E7589F25B99416AA6E4FF89B90F180538DF8ED3794DF3CE4909600

Function 00007FF6341CE1C0 Relevance: 10.5, Strings: 8, Instructions: 475COMMON

Download Yara Rule

Strings

[nav] NavMoveRequest: clamp NavRectRel for gamepad move, xrefs: 00007FF6341CE6AF
[nav] NavMoveRequestForward %d, xrefs: 00007FF6341CE2A9
[nav] NavInitRequest: from move, window "%s", layer=%d, xrefs: 00007FF6341CE530
<NULL>, xrefs: 00007FF6341CE522
!scoring_rect.IsInverted(), xrefs: 00007FF6341CE9E4
g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded, xrefs: 00007FF6341CE28D
g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None, xrefs: 00007FF6341CE264
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341CE25D, 00007FF6341CE286, 00007FF6341CE9DD

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: !scoring_rect.IsInverted()$<NULL>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: from move, window "%s", layer=%d$[nav] NavMoveRequest: clamp NavRectRel for gamepad move$[nav] NavMoveRequestForward %d$g.NavMoveDir != ImGuiDir_None && g.NavMoveClipDir != ImGuiDir_None$g.NavMoveFlags & ImGuiNavMoveFlags_Forwarded
API String ID: 0-1751011103
Opcode ID: 616e74a7204e9dce75e279fc66c1a8e3481e8fb7dc9d7603612969489961d151
Instruction ID: 861ba0a078a79924572c056542274bd262578ecb58b6c2425687c25ab26b5c4c
Opcode Fuzzy Hash: 616e74a7204e9dce75e279fc66c1a8e3481e8fb7dc9d7603612969489961d151
Instruction Fuzzy Hash: E332F832D18FCA42E3629B3685812F9F350EF69794F188332DE58F63E5DF2979919600

Function 00007FF6341D96B0 Relevance: 10.4, Strings: 8, Instructions: 438COMMON

Download Yara Rule

Strings

e->ey >= y_top, xrefs: 00007FF6341D9749
fabsf(area) <= 1.01f, xrefs: 00007FF6341D9B4A
sy1 > y_final-0.01f, xrefs: 00007FF6341D9B76
dy >= 0, xrefs: 00007FF6341D9977
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF6341D9742, 00007FF6341D9808, 00007FF6341D98C7, 00007FF6341D9970, 00007FF6341D9993, 00007FF6341D9B43, 00007FF6341D9B6F
dx >= 0, xrefs: 00007FF6341D999A
x >= 0 && x < len, xrefs: 00007FF6341D98CE
e->sy <= y_bottom && e->ey >= y_top, xrefs: 00007FF6341D980F

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$dx >= 0$dy >= 0$e->ey >= y_top$e->sy <= y_bottom && e->ey >= y_top$fabsf(area) <= 1.01f$sy1 > y_final-0.01f$x >= 0 && x < len
API String ID: 0-3568222241
Opcode ID: a88b8822a652a6a58d3c13b7e93a3326d83c4615cbc288f37a7b030f3c75b75f
Instruction ID: 58e704b019e2a55a33562be5cd400f7a2e60618d0ce7a3f83751c7487c219062
Opcode Fuzzy Hash: a88b8822a652a6a58d3c13b7e93a3326d83c4615cbc288f37a7b030f3c75b75f
Instruction Fuzzy Hash: 2412CA62D28F8D85E212973754C20B5F250AFBF3C4F199732F949F66B2DF297191AA00

Function 00007FF6341D6C90 Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 830COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF6341D71E5

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2705777111
Opcode ID: 1ccc99fee43b973791133fe24f6ef74df9fec7d3652f4cac8b59883f21637887
Instruction ID: 0c45726a9b37b6a0aab75541efdae66e6779e2ee2596e29c78892124aa4e4f0a
Opcode Fuzzy Hash: 1ccc99fee43b973791133fe24f6ef74df9fec7d3652f4cac8b59883f21637887
Instruction Fuzzy Hash: 2E727A63A28EE845D312CB3690822B9B7A1EF6F784F19C723ED45E2761EF38D5419700

Function 00007FF6341ECDD0 Relevance: 9.0, Strings: 7, Instructions: 237COMMON

Download Yara Rule

Strings

*Missing Text*, xrefs: 00007FF6341ECE76
(0) && "Calling PopItemFlag() too many times!", xrefs: 00007FF6341ED13A
p >= Data && p < DataEnd, xrefs: 00007FF6341ECE53, 00007FF6341ECEE5, 00007FF6341ECF83, 00007FF6341ED090
Calling PopItemFlag() too many times!, xrefs: 00007FF6341ED11D
<Unknown>, xrefs: 00007FF6341ED0B9
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6341ECE4C, 00007FF6341ECEDE, 00007FF6341ECF7C, 00007FF6341ED089
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341ED133

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: (0) && "Calling PopItemFlag() too many times!"$*Missing Text*$<Unknown>$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$Calling PopItemFlag() too many times!$p >= Data && p < DataEnd
API String ID: 0-3275063505
Opcode ID: e4eb3a359b1981c674d1e108ddc2ebf9e4a2e7cc717a12fab28e3b0eef34b5ea
Instruction ID: 760d54c3ef75fcc3ef8708846c02b93eedeb06e466d642cf23f0185a236961b6
Opcode Fuzzy Hash: e4eb3a359b1981c674d1e108ddc2ebf9e4a2e7cc717a12fab28e3b0eef34b5ea
Instruction Fuzzy Hash: 32B1E676A08A4381EB608B14D5D02B9A7A1FB45B88F081136DE4DD3F95DF3EE8D5E300

Function 00007FF6341CD620 Relevance: 8.1, Strings: 6, Instructions: 635COMMON

Download Yara Rule

Strings

g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu, xrefs: 00007FF6341CD94C
g.NavMoveDir == ImGuiDir_None, xrefs: 00007FF6341CDDE0
[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s", xrefs: 00007FF6341CD837
g.NavWindow != 0, xrefs: 00007FF6341CDF11
g.NavActivateDownId == g.NavActivateId, xrefs: 00007FF6341CDD3B
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341CD945, 00007FF6341CDD34, 00007FF6341CDDD9, 00007FF6341CDF0A

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: ApplyResult: NavID 0x%08X in Layer %d Window "%s"$g.NavActivateDownId == g.NavActivateId$g.NavLayer == ImGuiNavLayer_Main || g.NavLayer == ImGuiNavLayer_Menu$g.NavMoveDir == ImGuiDir_None$g.NavWindow != 0
API String ID: 0-2167808928
Opcode ID: 50a410fa7a85a90cac139f97951d64da551fdd238b8ea691b949dc80aa3e0e2c
Instruction ID: be15526bb63346850228e669ffcfd5327e2757925a310f33fbd4637690ae571c
Opcode Fuzzy Hash: 50a410fa7a85a90cac139f97951d64da551fdd238b8ea691b949dc80aa3e0e2c
Instruction Fuzzy Hash: 55729E32E08AC289E7658B35C8843F9B791EF45B58F184235DA58D73E6CFB96881E701

Function 00007FF6341EF9E0 Relevance: 8.0, Strings: 6, Instructions: 493COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF6341EFB94
id != 0, xrefs: 00007FF6341EFB9B
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF6341EFD06, 00007FF6341F0058, 00007FF6341F0100
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6341EFCFF, 00007FF6341F0051, 00007FF6341F00F9
button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown)))), xrefs: 00007FF6341F002F
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341F0028

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown))))$button >= 0 && button < ImGuiMouseButton_COUNT$id != 0
API String ID: 0-2768765550
Opcode ID: c83ec724d9ec7e2db4255f0bedf28826b5c2049c68488d60edb634a86f50e9d0
Instruction ID: be48f9ca095078f3dca4178178b12866b1366bee1ea65fe8561a0a06d85b38c9
Opcode Fuzzy Hash: c83ec724d9ec7e2db4255f0bedf28826b5c2049c68488d60edb634a86f50e9d0
Instruction Fuzzy Hash: 43220F36E0CA8666FB688B2585C03BAEA91BF45784F045234CE5DD77D2CF3DB895A700

Function 00007FF6341BDFB0 Relevance: 7.2, Strings: 5, Instructions: 977COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341BE70D, 00007FF6341BE77B, 00007FF6341BE903, 00007FF6341BE944, 00007FF6341BE986, 00007FF6341BE9C0, 00007FF6341BEA27, 00007FF6341BEA5C, 00007FF6341BEA87, 00007FF6341BEAB9
idx == 0 || idx == 1, xrefs: 00007FF6341BE714, 00007FF6341BE782, 00007FF6341BE90A, 00007FF6341BE94B, 00007FF6341BE98D, 00007FF6341BE9C7, 00007FF6341BEA2E, 00007FF6341BEA63, 00007FF6341BEA8E, 00007FF6341BEAC0
6, xrefs: 00007FF6341BE607
5, xrefs: 00007FF6341BE62E
#RESIZE, xrefs: 00007FF6341BE142

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: #RESIZE$5$6$C:\Users\55yar\Desktop\imgui-master\imgui.h$idx == 0 || idx == 1
API String ID: 0-650503096
Opcode ID: 240daf669a9bafcbcedf6166f787f1416c004a1cd6fa2f3e4bb0a79944367b7c
Instruction ID: 357c83c532bc04fc82fcb7b7fb288679141ec0231a7ee17106181bf9d2face3c
Opcode Fuzzy Hash: 240daf669a9bafcbcedf6166f787f1416c004a1cd6fa2f3e4bb0a79944367b7c
Instruction Fuzzy Hash: DEB20732D18B8985E766CB3694852B9B760EF59344F188731EA48F77A1DF39B484EB00

Function 00007FF6341ED530 Relevance: 6.4, Strings: 5, Instructions: 140COMMON

Download Yara Rule

Strings

p >= begin() && p < end(), xrefs: 00007FF6341ED5B6
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF6341ED5E7, 00007FF6341ED610
settings->ID == table->ID, xrefs: 00007FF6341ED5EE
settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount, xrefs: 00007FF6341ED617
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6341ED5AF

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$p >= begin() && p < end()$settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount$settings->ID == table->ID
API String ID: 0-2168725360
Opcode ID: ee471b1d82bd3160a00610b93ddc27c37a03770945cf0a57a55015e5da5f3d14
Instruction ID: 177621a5ada41ca8d10c911337c756cb80831fed63eede988ef3e836335b0022
Opcode Fuzzy Hash: ee471b1d82bd3160a00610b93ddc27c37a03770945cf0a57a55015e5da5f3d14
Instruction Fuzzy Hash: 6961EF37908A8286EB51CF25E5C42B9BBA0FB45748F049436DA89C77A1DF3CE589D700

Function 00007FF63420C8B8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF63420C8E4
GetCurrentThreadId.KERNEL32 ref: 00007FF63420C8F2
GetCurrentProcessId.KERNEL32 ref: 00007FF63420C8FE
QueryPerformanceCounter.KERNEL32 ref: 00007FF63420C90E

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: ea28d440da4e979608dc7e616e30e56526e81ae9f67b9b208852c015bdb344e1
Instruction ID: 55d22a35653f4c999097a03e14a5023aeafd22956d040d63e306757f2009bb2b
Opcode Fuzzy Hash: ea28d440da4e979608dc7e616e30e56526e81ae9f67b9b208852c015bdb344e1
Instruction Fuzzy Hash: 53113022B14F028AEB40CF60E9942B873A4F719758F440E31DA6DE6BA4DF7CD1949340

Function 00007FF6341CFA00 Relevance: 5.6, Strings: 4, Instructions: 628COMMON

Download Yara Rule

Strings

shared_mods != 0, xrefs: 00007FF6341CFEB3
GImGui != 0, xrefs: 00007FF6341D00D7, 00007FF6341D0133
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341CFEAC, 00007FF6341D00D0, 00007FF6341D012C
##NavUpdateWindowing, xrefs: 00007FF6341CFAE6

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: ##NavUpdateWindowing$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0$shared_mods != 0
API String ID: 0-1670481530
Opcode ID: 360b769d1a2fdec6627b6b08fcd4e9414ce7f2e576724d62d04151109e8b5536
Instruction ID: 372da24f035419151e54128d3db63c6ee4b86e0461a14aaa708d1658fc4d358a
Opcode Fuzzy Hash: 360b769d1a2fdec6627b6b08fcd4e9414ce7f2e576724d62d04151109e8b5536
Instruction Fuzzy Hash: 1E62C232E08B8696E7698B3585843B9A791FF46748F088235CA5CD33D6CF7DB894E701

Function 00007FF6341DBFC0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 203COMMON

Download Yara Rule

APIs

00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341DC01A

Strings

pixels[i*stride_in_bytes] == 0, xrefs: 00007FF6341DC1F5
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF6341DC1EE

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i*stride_in_bytes] == 0
API String ID: 3568877910-15633718
Opcode ID: fc9bdb31b49db41d9048269f0056432805a2286ecc5246c3cfab3adad49f64b9
Instruction ID: a9484f1831237d1b57f26fbe036538a7a14381c112b4631f6c6839165cf92456
Opcode Fuzzy Hash: fc9bdb31b49db41d9048269f0056432805a2286ecc5246c3cfab3adad49f64b9
Instruction Fuzzy Hash: 9E71FAB360C6E297D3254B2CA98137EEED1BB8A344F1C4235EAC9C2B45DE3CD511EA40

Function 00007FF6341DBD10 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341DBD7A

Strings

pixels[i] == 0, xrefs: 00007FF6341DBF54
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF6341DBF4D

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$pixels[i] == 0
API String ID: 3568877910-2060079458
Opcode ID: c264afed42174643e985218cfa408d0faf0002bce259567f4b919d414c4abda1
Instruction ID: 6fb42682b9c647cd9749fd9baaeab5b142272dcac8742b2f5dacad8eb95372e1
Opcode Fuzzy Hash: c264afed42174643e985218cfa408d0faf0002bce259567f4b919d414c4abda1
Instruction Fuzzy Hash: A571D7A362CAE586D7158B79998467AFFD1EB86344F084239EA8DC3B45CE3DE114DB00

Function 00007FF6341F0DE0 Relevance: 5.4, Strings: 4, Instructions: 420COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341F111A, 00007FF6341F1152
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF6341F0FF9
idx == 0 || idx == 1, xrefs: 00007FF6341F1121, 00007FF6341F1159
ImMax(size_contents_v, size_visible_v) > 0.0f, xrefs: 00007FF6341F1000

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$ImMax(size_contents_v, size_visible_v) > 0.0f$idx == 0 || idx == 1
API String ID: 0-3128625980
Opcode ID: b79e59873a2d6d86e0f324a7f6a030a3696cd852f2a3f58e1130bf7054de911f
Instruction ID: 42cb7af9ebe00cafaab3c4c5b4d003636c0b7871c895901d2ff8c109ceffb77f
Opcode Fuzzy Hash: b79e59873a2d6d86e0f324a7f6a030a3696cd852f2a3f58e1130bf7054de911f
Instruction Fuzzy Hash: BF12FB22D19BDD85E353C63794812B9E790AF6E384F1CCB32FD58B2662DF29B4C19600

Function 00007FF6341BFBB0 Relevance: 5.4, Strings: 4, Instructions: 420COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341BFD32, 00007FF6341BFF5F
#CLOSE, xrefs: 00007FF6341BFFDA
Size > 0, xrefs: 00007FF6341BFD39, 00007FF6341BFF66
#COLLAPSE, xrefs: 00007FF6341BFDAE

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: #CLOSE$#COLLAPSE$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-766050946
Opcode ID: 1126328c5b21c693ac038cd1df2188b2ff28e9b00e29aeb85db486171dcffa84
Instruction ID: d767e97b55df3b2995223b24aa9da0a78614bf67d4961880ae3d653baf315fd7
Opcode Fuzzy Hash: 1126328c5b21c693ac038cd1df2188b2ff28e9b00e29aeb85db486171dcffa84
Instruction Fuzzy Hash: B2121E32E18B8985E311CB7694816F9F790EF6A388F159732EE4CE3791DF29A485D700

Function 00007FF6341F2A00 Relevance: 5.3, Strings: 4, Instructions: 302COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341F2CA3
i >= 0 && i < Size, xrefs: 00007FF6341F2CAA
##v, xrefs: 00007FF6341F2A6E, 00007FF6341F2ECF
#ComboPopup, xrefs: 00007FF6341F2C31

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: ##v$#ComboPopup$C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 0-2429816084
Opcode ID: 896d9a7eb4ff265f7d9a372d651be776c216d9fd4f77bbaffeda6aa337f1ec2a
Instruction ID: ab6ddd27332e81caa982292c307ca9222fff869f850e7120bc612c39c9a05aa0
Opcode Fuzzy Hash: 896d9a7eb4ff265f7d9a372d651be776c216d9fd4f77bbaffeda6aa337f1ec2a
Instruction Fuzzy Hash: C8E1D732E15B8989E711CB3694812FDF3A0FF59348F149722EE08B76A5DF39A155E700

Function 00007FF6341FC310 Relevance: 4.1, Strings: 3, Instructions: 301COMMON

Download Yara Rule

Strings

(0) && "Calling PopItemFlag() too many times!", xrefs: 00007FF6341FC8CB
Calling PopItemFlag() too many times!, xrefs: 00007FF6341FC8AE
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341FC8C4

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: (0) && "Calling PopItemFlag() too many times!"$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Calling PopItemFlag() too many times!
API String ID: 0-102052167
Opcode ID: d533dedf91d6cb1dc57bdba6c40da6b5cd47abdc815c8fb68137785444874cbe
Instruction ID: d75ebdd03231c3d8fe0fc2ff63517ce649afb814540830e88503a8528e9994e2
Opcode Fuzzy Hash: d533dedf91d6cb1dc57bdba6c40da6b5cd47abdc815c8fb68137785444874cbe
Instruction Fuzzy Hash: F7E1C931918AC985E3268B3594813F9F3A0FF59744F049332EA49E76A5EF7DB095E700

Function 00007FF6341B5D90 Relevance: 3.6, APIs: 2, Instructions: 579COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6341DCE80: 00007FFDA46F19C0.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000019847893340,00007FF6341B5C91), ref: 00007FF6341DCFE7
Part of subcall function 00007FF6341DCE80: 00007FFDB224A0D0.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0000019847893340,00007FF6341B5C91), ref: 00007FF6341DD044

00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341B640C
00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341B6BAF

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007$B224
String ID:
API String ID: 2146329582-0
Opcode ID: 9e4317997261937fea7a7ee8b6c161e0b27ad81cbb1ca3eaf5bda0d117835ba9
Instruction ID: 0b3387b8be28e3fb563c86b466103d1fcdb93e0ab6ed68aebbc01149de2a93a5
Opcode Fuzzy Hash: 9e4317997261937fea7a7ee8b6c161e0b27ad81cbb1ca3eaf5bda0d117835ba9
Instruction Fuzzy Hash: E3829173815BC187D328CF30B9981DAB7A8FB55340F105219DBF663A61DB78E1A6E708

Function 00007FF6341DB1E0 Relevance: 3.3, APIs: 2, Instructions: 255COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341DB53F
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341DB5C0

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID:
API String ID: 2168931217-0
Opcode ID: 05587f67d337416b8a16d78d83fffdb57dfa4c56496a1e3019a66dd91fbf2a84
Instruction ID: 5f0cef5955d810e26fae1c2abd717732d62b43e208b6b1b50e84d5820da69d73
Opcode Fuzzy Hash: 05587f67d337416b8a16d78d83fffdb57dfa4c56496a1e3019a66dd91fbf2a84
Instruction Fuzzy Hash: 51B1B573A18E9585E721DF3590842BEF7A4FF59B84F148326EB8692754EF38E482D700

Function 00007FF63420105B Relevance: 3.0, APIs: 2, Instructions: 26COMMON

Download Yara Rule

APIs

GetKeyboardLayout.USER32 ref: 00007FF63420105D
GetLocaleInfoA.KERNEL32 ref: 00007FF634201079

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: InfoKeyboardLayoutLocale
String ID:
API String ID: 1218629382-0
Opcode ID: f283ab7825a6475dc086a71a2a168ceadd91aec4ad0de022f7e24bf4c51d4291
Instruction ID: db40811b56f0c181036e990881c52bc2398dfe4935738298bfc6691f3a329f8a
Opcode Fuzzy Hash: f283ab7825a6475dc086a71a2a168ceadd91aec4ad0de022f7e24bf4c51d4291
Instruction Fuzzy Hash: 7CF0A022B14A8586E7668B26A5402BAB3D5FB48754F184037CF8DE3750DE3FD883D700

Function 00007FF6341CC250 Relevance: 2.8, Strings: 2, Instructions: 281COMMON

Download Yara Rule

Strings

(window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened, xrefs: 00007FF6341CC2E4
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341CC2DD

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: (window->ChildFlags | g.NavWindow->ChildFlags) & ImGuiChildFlags_NavFlattened$C:\Users\55yar\Desktop\imgui-master\imgui.cpp
API String ID: 0-3836044477
Opcode ID: 59a3e0b9d0ed32fc26bab3bb040e05495808e826a9946ae6e3f556fdb2d6b851
Instruction ID: 05b7a8bccbe60f37c6082dfef06dfd73b3fe8a98b03ebe79b40cc6e2b18737f7
Opcode Fuzzy Hash: 59a3e0b9d0ed32fc26bab3bb040e05495808e826a9946ae6e3f556fdb2d6b851
Instruction Fuzzy Hash: D2D1E823E08E9E81E222563785C20B9E3909F7EB85F1C9732ED48F27A1EF197D856540

Function 00007FF6341D7EF0 Relevance: 2.7, Strings: 2, Instructions: 225COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF6341D8FAD
!(o > b->size || o < 0), xrefs: 00007FF6341D8FB4

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: !(o > b->size || o < 0)$C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2013812653
Opcode ID: 0d476810ee24973e4687efe328c80034deff5b45b82e8c1e7edba5a50064980d
Instruction ID: 2c74d1769865960e9769b8939202123a163d8d6c0896ee584cf8906a86c60146
Opcode Fuzzy Hash: 0d476810ee24973e4687efe328c80034deff5b45b82e8c1e7edba5a50064980d
Instruction Fuzzy Hash: 88B1DF73A18AC48AE701CF7A90801BDBBB0FF89385F145325EF8962675DF79A181DB00

Function 00007FF6341E59E0 Relevance: 2.6, Strings: 2, Instructions: 124COMMON

Download Yara Rule

Strings

text_end != 0, xrefs: 00007FF6341E5A2F
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6341E5A28

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$text_end != 0
API String ID: 0-48455972
Opcode ID: 08f38f8f42a20b6ae9d2cfd4b0838849bdb775e757d534d2916361f9775c9024
Instruction ID: 06503e0ee678478347b1feb23b25b7a83a2736beaa9f17999328f82e724a8dcf
Opcode Fuzzy Hash: 08f38f8f42a20b6ae9d2cfd4b0838849bdb775e757d534d2916361f9775c9024
Instruction Fuzzy Hash: DD412825F0DA5986E9A1896390C0179E652AFA5B80F5C9732DD0CD7F98DF3CE4C1A704

Function 00007FF6341C46F0 Relevance: 2.6, Strings: 2, Instructions: 79COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341C470F
Size > 0, xrefs: 00007FF6341C4716

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-1180621679
Opcode ID: 1e37af945958fdbbf9efb019e9e7f485eed15aa847ee9e907e7b1330e220a63a
Instruction ID: 9f9658ca055232a6a85a0052d63ec52a0e05f2238ff1312bb569c4bea323671f
Opcode Fuzzy Hash: 1e37af945958fdbbf9efb019e9e7f485eed15aa847ee9e907e7b1330e220a63a
Instruction Fuzzy Hash: A031E072B141E58FEB98CB62A860F797B60E3D6742B896121EF8057A48C73CD111CB50

Function 00007FF6341C4620 Relevance: 2.6, Strings: 2, Instructions: 52COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341C4648
Size > 0, xrefs: 00007FF6341C464F

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 0-1180621679
Opcode ID: 1692b8b0b4d5c362798770ae27053444f645312b350ac7f61c9bf755d23bb4d4
Instruction ID: 3d5ff8c9a28fdc1a977d7c581c191f629b2ced3ebdf35f196bcc5ab7278c8eee
Opcode Fuzzy Hash: 1692b8b0b4d5c362798770ae27053444f645312b350ac7f61c9bf755d23bb4d4
Instruction Fuzzy Hash: D111DAB1A0869186E708CB61E4E0079B7A0F785B81F451037EBCE87749DE3CD181DB50

Function 000001984C00BA30 Relevance: 1.7, Strings: 1, Instructions: 479COMMON

Download Yara Rule

Strings

P, xrefs: 000001984C00BE43

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction ID: 20bd9414bdb8758cfd3a1decba52db2eb6ac58e8329b89ffd1333bb946f42610
Opcode Fuzzy Hash: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction Fuzzy Hash: 9312D1306187458FD348DF28C4A1AAAB7E2FBCD308F514A6DF48AD7755DA34E941CB42

Function 000001984C0E0FF0 Relevance: 1.7, Strings: 1, Instructions: 412COMMON

Download Yara Rule

Strings

@, xrefs: 000001984C0E1378

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 571b037c833f41477eab1f803613ee28cd15a9307d76852dee75fe241bfed66e
Instruction ID: 283f55ec5659f37ae010a3a3f09a5dc5b6527b8d51ddf14ebb4eefc4ec765366
Opcode Fuzzy Hash: 571b037c833f41477eab1f803613ee28cd15a9307d76852dee75fe241bfed66e
Instruction Fuzzy Hash: 2CE1FB7461CB888FE7A4DF18C4587AAB7E1FB99301F10591DE58EC32A1DB78D885CB06

Function 00007FF6341D54F0 Relevance: 1.4, Strings: 1, Instructions: 183COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF6341D5726

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h
API String ID: 0-2705777111
Opcode ID: 0e547a02c0faae0f31701a54dd046d557730ddebfdeab5f4b8c068a73400c959
Instruction ID: 8ca6094f81621509f1fad8799133f9cbeb93e79a3ffc60b0ff8042539e50a75f
Opcode Fuzzy Hash: 0e547a02c0faae0f31701a54dd046d557730ddebfdeab5f4b8c068a73400c959
Instruction Fuzzy Hash: D85138A6A244B183DB608F2AC8C15BC77D1EB4A782FD48476D25CC2F91C92EC14AAF10

Function 00007FF634203C00 Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

\\.\VBoxMiniRdrDN, xrefs: 00007FF634203CAD, 00007FF634203CEB, 00007FF634203D28

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: AcquireExclusiveLock
String ID: \\.\VBoxMiniRdrDN
API String ID: 4021432409-4073649278
Opcode ID: 4d59e053f126c934bbe87067bd4d078bce445e7bd00d98d7c2fa9bd51dfe6ad4
Instruction ID: 8007e7305513bd9b60ae4049f0082bdcfb3a532f91e0fca8b11c2933fbffe0e0
Opcode Fuzzy Hash: 4d59e053f126c934bbe87067bd4d078bce445e7bd00d98d7c2fa9bd51dfe6ad4
Instruction Fuzzy Hash: A531292251CBC289D721C728A89425AABA0EB97364F540374F6EEC67EADF2DD101DB11

Function 00007FF6341DDB50 Relevance: .9, Instructions: 868COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01177c0944c594afe8d2519272f25f100af435ea639e3592be59496485798271
Instruction ID: 008d344ef009e28a48490d3feac513b33f3d776f012eecbb7e1d6f7e750dfe62
Opcode Fuzzy Hash: 01177c0944c594afe8d2519272f25f100af435ea639e3592be59496485798271
Instruction Fuzzy Hash: 05925C33925B8886C716CF37D481169BB60FFAEB84B19D716DE0863761EB35E494EB00

Function 00007FF6341FA370 Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7056ad41baa53b0861df8fc1b3d75c338a12c52f935646fbc65459307e15986b
Instruction ID: 24c25d2040062c54789e25d22473d1edba45a672c7e3c1beb131e7d370517581
Opcode Fuzzy Hash: 7056ad41baa53b0861df8fc1b3d75c338a12c52f935646fbc65459307e15986b
Instruction Fuzzy Hash: 3E22A632E09A858AE711CA7690803FEF7A0FF59788F144335DE48E6695DF7CA455EB00

Function 00007FF6341DC270 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27504f3df9fe3d2bcbeeb46f454de5265eb1ecadf1d403471eb2c49202ba0498
Instruction ID: 2c3db493752bf3c2e0158defef83a9edf63824102a268d006fba67d2c54f800d
Opcode Fuzzy Hash: 27504f3df9fe3d2bcbeeb46f454de5265eb1ecadf1d403471eb2c49202ba0498
Instruction Fuzzy Hash: CF021872A18AC486D325CB36D081679F7A0FF5E784F148326EB89A3755EB3CE591DB00

Function 00007FF6341E6BC0 Relevance: .4, Instructions: 396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7a4d81e31cc1f335a30e7f1e06cc74edf758b19acc56c80cb797eaa226930cd
Instruction ID: 40a14f684dbac40a0056cfbdf09320a4486e0f9a2dd7b6ded0785799111bf6ab
Opcode Fuzzy Hash: c7a4d81e31cc1f335a30e7f1e06cc74edf758b19acc56c80cb797eaa226930cd
Instruction Fuzzy Hash: 9602CD37E18F8986E211963695C21B9F350FFAF384F546721FE44E2AB1DF29F191A600

Function 00007FF6341FBA80 Relevance: .4, Instructions: 362COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be17f392ea121d90e75c9b272ceadb28d56538019bb9e4878e4f70c653414feb
Instruction ID: 1284e9cab688368c68a9a2e2c7ed0d76d11bcd7dc584300fc78e7665b3161328
Opcode Fuzzy Hash: be17f392ea121d90e75c9b272ceadb28d56538019bb9e4878e4f70c653414feb
Instruction Fuzzy Hash: 4AF1A33290AA828AE7718A2590803BBB7E0EF45758F084235DE99CB7D5DF3DE446E710

Function 00007FF6341B9730 Relevance: .3, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ce395c067b3fab69857288410e128d86538e75d917210ad2953944e45964f92
Instruction ID: da5451ba6284b41bf6dd83936e2795bf82b11c16a9df04c2a66d070dcbe073d5
Opcode Fuzzy Hash: 1ce395c067b3fab69857288410e128d86538e75d917210ad2953944e45964f92
Instruction Fuzzy Hash: 1ED1B66292DAC245EFA58E3541803B9BBD1EF12748F1C4135ED8DDA7C6CF3D6842AB21

Function 00007FF6341FE5B0 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4d84135fe5031b75b4d8ac2960b53fb71714476753b43893bff389ca86a997f9
Instruction ID: dd5046db5ca2fe104c5514bca376ccf39346189a13401bc56c55a0c56fbd8c87
Opcode Fuzzy Hash: 4d84135fe5031b75b4d8ac2960b53fb71714476753b43893bff389ca86a997f9
Instruction Fuzzy Hash: 1EC13B36750B8982E7148F3BD454BAD67A1EB9EF88F09D231CE0A17B68DF3AD1458700

Function 00007FF6341DAD40 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33a42b9f9b29d3832b029c47bcf8cdb7f01e3eef0a0307a1879daa4bfe730252
Instruction ID: d55bc9be688ce588b7d369877e1015e75c8d1875f42546428ac538f7d19a6f17
Opcode Fuzzy Hash: 33a42b9f9b29d3832b029c47bcf8cdb7f01e3eef0a0307a1879daa4bfe730252
Instruction Fuzzy Hash: 83B15262E28FCC41E223963754821F6E250AFBF3C5F2DDB22FD84B56B6AF2561D16500

Function 00007FF6341C5A30 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15ba45cef193519d0e8a2cf2df657ba8e3e1ef1d8cacf801574288a9be6fea2f
Instruction ID: 380ef53b987582cd14da41f9772e19c0276ce9d37531f05a62e93e2a6242cfad
Opcode Fuzzy Hash: 15ba45cef193519d0e8a2cf2df657ba8e3e1ef1d8cacf801574288a9be6fea2f
Instruction Fuzzy Hash: B1D1D532D0A7C285E3918F7548807F8BBD4FB66B48F0D827ACB889774ACF245450AB61

Function 00007FF6341CF250 Relevance: .2, Instructions: 185COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6877bc407da904a33211ddbdad51888c4838a2b73c3e89749f5d9815c1d3e555
Instruction ID: 6624c860575850befe521309f679d0f7cd805b22fefc0985c98670e0d35caa03
Opcode Fuzzy Hash: 6877bc407da904a33211ddbdad51888c4838a2b73c3e89749f5d9815c1d3e555
Instruction Fuzzy Hash: 3E91E532D18A8597E3568F3695803F9B7A0FF08758F188336DB59963D9DF38A981DB00

Function 000001984C043841 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3933692052abbb617f534a10efaa6307047042e1db0389fe2a76f298085f77
Instruction ID: 8f60a195d6f7ff8a9d00f3ef039faeb7920a6cf85c5f7e98934ea5b2fa68ee25
Opcode Fuzzy Hash: 1c3933692052abbb617f534a10efaa6307047042e1db0389fe2a76f298085f77
Instruction Fuzzy Hash: 48410DDFC0DAC51BC7428664ACAA6827F709A2324EBCF58DBD498CA587F048D409D712

Function 00007FF63420E0B0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01a594b747edcffffaa1ebd3641977af083a727af88fb0c9dfb2b6d2f279d9fe
Instruction ID: ffa33fdbc75b867247b33c5ae16f81d24d61c1ccf167887c5bdb256b823a42db
Opcode Fuzzy Hash: 01a594b747edcffffaa1ebd3641977af083a727af88fb0c9dfb2b6d2f279d9fe
Instruction Fuzzy Hash: EA01BF5BA0EAC246F2A24A240DBA06CAFD2FB66A1474D407AD784E7BC3DD4B18549702

Function 00007FF63420E0C0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b6eb35e226d236aeea677bc6a2e138492e8ca463c7a595fb3af6a0231ab27ef
Instruction ID: df62d28707b29f55b5e123308b4d992459d232b7d2c83030ba289834dd6744be
Opcode Fuzzy Hash: 4b6eb35e226d236aeea677bc6a2e138492e8ca463c7a595fb3af6a0231ab27ef
Instruction Fuzzy Hash: 50F0305B90E9C207F2A20A2409F609C6FD2EB62A1470D407AC744E37C3DD4F2C45A702

Function 00007FF63420E0D0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad52af0cbf140e38a339a8a008f0bd915f6df4a0b0c5a287284aee9b6a83c23b
Instruction ID: 727a6973cd8d76af63747c43cd237031672f153aa427336040dd80f6458a2031
Opcode Fuzzy Hash: ad52af0cbf140e38a339a8a008f0bd915f6df4a0b0c5a287284aee9b6a83c23b
Instruction Fuzzy Hash: 7EE0C05B91E9C207F2A149144DBA05CAFD2FB62E1474D407AC785E37C3DD4B2C549706

Function 00007FF63420E278 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df89906bcc78cad0a2aec5ecb7dd77a937296257eb7269d25f3e559f12854137
Instruction ID: 7740c4d37b38f91b871920b00e6d3b07631b8fefcafa3b11a1753d5a7d185b3a
Opcode Fuzzy Hash: df89906bcc78cad0a2aec5ecb7dd77a937296257eb7269d25f3e559f12854137
Instruction Fuzzy Hash: 29E0DF4FE0D4C10EF2A1892846B56E41FC4EB73A10F084326D794EB3C3ED0F18069301

Function 00007FF63420C80C Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 629e4b8bc268abd5ff6f1821ab861a0b50d73f20c8cb0795d9f958efeeda9d3b
Instruction ID: bd6ac0c25673a86984c6805fd0d561f6f9a6d3985af6f25acaae1b9d0a9091c3
Opcode Fuzzy Hash: 629e4b8bc268abd5ff6f1821ab861a0b50d73f20c8cb0795d9f958efeeda9d3b
Instruction Fuzzy Hash: FBA0016194C80290E6198B01AAA0524A2E6AB50340F408471C40DE16609E2EA441A304

Function 000001984BFF4850 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159COMMON

Download Yara Rule

APIs

Part of subcall function 000001984BFF5360: _WChar_traits.LIBCPMTD ref: 000001984BFF538D

Part of subcall function 000001984BFF4AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFF4AD0
Part of subcall function 000001984BFF4AA0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984BFF4B2F
Part of subcall function 000001984BFF4AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFF4B41

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984BFF48B8

Strings

t, xrefs: 000001984BFF492D
a, xrefs: 000001984BFF4928
, xrefs: 000001984BFF4937
, xrefs: 000001984BFF490A
i, xrefs: 000001984BFF4900
y, xrefs: 000001984BFF4919
o, xrefs: 000001984BFF4946
e, xrefs: 000001984BFF4914
a, xrefs: 000001984BFF4932
c, xrefs: 000001984BFF4905
g, xrefs: 000001984BFF48FB
B, xrefs: 000001984BFF493C
K, xrefs: 000001984BFF490F
, xrefs: 000001984BFF491E
KDBM, xrefs: 000001984BFF49A9
a, xrefs: 000001984BFF48F6
l, xrefs: 000001984BFF4941
M, xrefs: 000001984BFF48F1
b, xrefs: 000001984BFF494B
D, xrefs: 000001984BFF4923

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork$Char_traits
String ID: $ $ $B$D$K$KDBM$M$a$a$a$b$c$e$g$i$l$o$t$y
API String ID: 1777712374-1292890139
Opcode ID: b2d997a1cd0057e47c91f10b8e029a4fbb281733a314e99ff4f758cdf7aee981
Instruction ID: 327af5954bb8871c2387286d45eca1d83602f5aa8aedae3a09304fc64dd754c2
Opcode Fuzzy Hash: b2d997a1cd0057e47c91f10b8e029a4fbb281733a314e99ff4f758cdf7aee981
Instruction Fuzzy Hash: 0561E83050CB848FE760EB68C448B9ABBE1FBA5304F04492DA4C9C7261DBB9D499CB57

Function 00007FF6341C7C60 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 76COMMON

Download Yara Rule

APIs

00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6341C7C8F
00007FFDB2245630.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF6341C7CA4

Strings

sz_vec2 == sizeof(ImVec2) && "Mismatched struct layout!", xrefs: 00007FF6341C7D24
sz_io == sizeof(ImGuiIO) && "Mismatched struct layout!", xrefs: 00007FF6341C7CDD
sz_idx == sizeof(ImDrawIdx) && "Mismatched struct layout!", xrefs: 00007FF6341C7D90
strcmp(version, "1.91.6 WIP") == 0 && "Mismatched version string!", xrefs: 00007FF6341C7CBA
1.91.6 WIP, xrefs: 00007FF6341C7C80, 00007FF6341C7C98
sz_vert == sizeof(ImDrawVert) && "Mismatched struct layout!", xrefs: 00007FF6341C7D6C
sz_vec4 == sizeof(ImVec4) && "Mismatched struct layout!", xrefs: 00007FF6341C7D48
sz_style == sizeof(ImGuiStyle) && "Mismatched struct layout!", xrefs: 00007FF6341C7D02
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341C7CB3, 00007FF6341C7CD6, 00007FF6341C7CFB, 00007FF6341C7D1D, 00007FF6341C7D41, 00007FF6341C7D65, 00007FF6341C7D89

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B2245630
String ID: 1.91.6 WIP$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$strcmp(version, "1.91.6 WIP") == 0 && "Mismatched version string!"$sz_idx == sizeof(ImDrawIdx) && "Mismatched struct layout!"$sz_io == sizeof(ImGuiIO) && "Mismatched struct layout!"$sz_style == sizeof(ImGuiStyle) && "Mismatched struct layout!"$sz_vec2 == sizeof(ImVec2) && "Mismatched struct layout!"$sz_vec4 == sizeof(ImVec4) && "Mismatched struct layout!"$sz_vert == sizeof(ImDrawVert) && "Mismatched struct layout!"
API String ID: 1780217008-1295771896
Opcode ID: 73982e209b0fe399edd5979ae14340f42387c4a8ef84f5c8a3e1b2a1a2d52266
Instruction ID: dfaf242db9e307ae7a4d9dcecaae3b17137c057b399db3a07212c1353949e94c
Opcode Fuzzy Hash: 73982e209b0fe399edd5979ae14340f42387c4a8ef84f5c8a3e1b2a1a2d52266
Instruction Fuzzy Hash: AB3156A2A08A4781FB209B05EA942B5B3A2FB55784F884831D90DD37A4CF6EE549E741

Function 00007FF6341E47D0 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 170COMMON

Download Yara Rule

APIs

00007FFDA46F19C0.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FF6341E4ABE), ref: 00007FF6341E48FE
00007FFDA46F19C0.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FF6341E4ABE), ref: 00007FF6341E4911
00007FFDA46F19C0.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FF6341E4ABE), ref: 00007FF6341E4929
00007FFDA46F19C0.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,00000000,00007FF6341E4ABE), ref: 00007FF6341E4971

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341E480E, 00007FF6341E482F
i >= 0 && i < Size, xrefs: 00007FF6341E4836
index >= 0, xrefs: 00007FF6341E4815
r->IsPacked(), xrefs: 00007FF6341E4867
pad_left + line_width + pad_right == r->Width && y < r->Height, xrefs: 00007FF6341E48C4
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6341E4860, 00007FF6341E48BD

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$i >= 0 && i < Size$index >= 0$pad_left + line_width + pad_right == r->Width && y < r->Height$r->IsPacked()
API String ID: 3568877910-458361149
Opcode ID: c8c261c216b1aebd6a1147a5566a9e7cdbbc1a367a531d2b4b0594f3f14ed8bd
Instruction ID: b9ec38365e8d4ef0ac657543d4bf1e3b85304090a6c33c1307a3a25389e9d71e
Opcode Fuzzy Hash: c8c261c216b1aebd6a1147a5566a9e7cdbbc1a367a531d2b4b0594f3f14ed8bd
Instruction Fuzzy Hash: 1B712322B04A5682E710CF2AE5C0279B3A1FF55B80F599235DA5CE3B91EF39E485E740

Function 000001984C076FF0 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C07722D
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C0772AA
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C0772C3
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C077303
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C077362
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C07737B
_Min_value.LIBCPMTD ref: 000001984C0773B2
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C0773CE
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C0773E7
_Max_value.LIBCPMTD ref: 000001984C07741E
_Min_value.LIBCPMTD ref: 000001984C07743B

Part of subcall function 000001984C07F190: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001984C07F1B5

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: 34194c3b2c4dfd965ddaab666ebbea208bd56193119cc555b2f518073ecbe67a
Instruction ID: a92b658dc974302ad7911728d8fbec34eca5aece28030aa2298581cc850d1fcc
Opcode Fuzzy Hash: 34194c3b2c4dfd965ddaab666ebbea208bd56193119cc555b2f518073ecbe67a
Instruction Fuzzy Hash: A202E87051CB898FDBB5EB18C494BEAB7E5FFA9300F40091E958EC3291DE749985CB42

Function 000001984C0769A0 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C076BDD
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C076C5A
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C076C73
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C076CB3
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C076D12
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C076D2B
_Min_value.LIBCPMTD ref: 000001984C076D62
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C076D7E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C076D97
_Max_value.LIBCPMTD ref: 000001984C076DCE
_Min_value.LIBCPMTD ref: 000001984C076DEB

Part of subcall function 000001984C07F140: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001984C07F165

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: e866146c94e960af1540157134187f2a0fce7dbc0c02fbcd93b84c3e2d61bdcf
Instruction ID: 532f0739cc32051cfeab70636ec9396406b12bf01125bcb0094096773f10ebf3
Opcode Fuzzy Hash: e866146c94e960af1540157134187f2a0fce7dbc0c02fbcd93b84c3e2d61bdcf
Instruction Fuzzy Hash: 3002EB7051CB898FDBB5EB18C494BEAB7E5FFA9300F40091E958EC3291DE749985CB42

Function 000001984C062A10 Relevance: 15.2, APIs: 10, Instructions: 190COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001984C062A62

Part of subcall function 000001984C008FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001984C008FFE

std::make_error_code.LIBCPMTD ref: 000001984C062AB6
std::make_error_code.LIBCPMTD ref: 000001984C062AF1

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 71ef438b1bb58b4182dc28e9ffd7d5b29104a32867a1bdd3a258c92d20c36c8b
Instruction ID: 5214d6ed5d54539e82d0f8e7c33b1463a45a708d80a3d2fddedea1854b8e42cc
Opcode Fuzzy Hash: 71ef438b1bb58b4182dc28e9ffd7d5b29104a32867a1bdd3a258c92d20c36c8b
Instruction Fuzzy Hash: 28611B30A186568BE254EB2AD461BFAB7E9BF86384F410469F189C71E2DE68DC41C642

Function 00007FF6341D9E40 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 426COMMON

Download Yara Rule

APIs

00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341D9FBF
00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341D9FD6

Strings

z->direction, xrefs: 00007FF6341DA008
C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h, xrefs: 00007FF6341DA001, 00007FF6341DA0E1, 00007FF6341DA17E
z != 0, xrefs: 00007FF6341DA0E8
z->ey >= scan_y_top, xrefs: 00007FF6341DA185

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007
String ID: C:\Users\55yar\Desktop\imgui-master\imstb_truetype.h$z != 0$z->direction$z->ey >= scan_y_top
API String ID: 3568877910-479673919
Opcode ID: e149610815c08ba00997f1d10d723a0916004b896f75be6b846dc15072a962fc
Instruction ID: b1bb9f1f4c3031c919a54f862b2d7125f69ae7c243c95d4ad2a358360bd8e852
Opcode Fuzzy Hash: e149610815c08ba00997f1d10d723a0916004b896f75be6b846dc15072a962fc
Instruction Fuzzy Hash: 5512C572908BC586D752CF39D1812B9B360FF59784F188322DA49E3764EF39E195DB00

Function 00007FF6341E4020 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 216COMMON

Download Yara Rule

APIs

00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341E40D7

Part of subcall function 00007FF6341D50E0: 00007FFDB22349A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF6341D5139

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341E43A0

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341E4100, 00007FF6341E4128, 00007FF6341E4156, 00007FF6341E417E, 00007FF6341E41C6, 00007FF6341E421A, 00007FF6341E4245, 00007FF6341E4280, 00007FF6341E42AC
i >= 0 && i < Size, xrefs: 00007FF6341E4107, 00007FF6341E412F, 00007FF6341E415D, 00007FF6341E4185, 00007FF6341E41CD, 00007FF6341E4221, 00007FF6341E424C, 00007FF6341E4287, 00007FF6341E42B3
pack_rects[i].w == user_rects[i].Width && pack_rects[i].h == user_rects[i].Height, xrefs: 00007FF6341E42DB
pack_context != 0, xrefs: 00007FF6341E4054
user_rects.Size >= 1, xrefs: 00007FF6341E4074
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6341E404D, 00007FF6341E406D, 00007FF6341E42D4

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007$B222B22349F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$i >= 0 && i < Size$pack_context != 0$pack_rects[i].w == user_rects[i].Width && pack_rects[i].h == user_rects[i].Height$user_rects.Size >= 1
API String ID: 1829533921-766226355
Opcode ID: 99720b481de47cd2e397ca5066b90b715f8ed480d5172829108f3d4bda360445
Instruction ID: 87d2ab8a356bc5e80d63443a26db6073c0ef03c991d934be3486e786df6e2740
Opcode Fuzzy Hash: 99720b481de47cd2e397ca5066b90b715f8ed480d5172829108f3d4bda360445
Instruction Fuzzy Hash: F0A1CF76A08A5282EB14CF15E5D01B8B3A0FB50B88F409136CE4ED7B65DF3EE586E740

Function 00007FF6341EDF40 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 114COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341EE006

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341EE115
p >= Buf.Data && p < Buf.Data + Buf.Size, xrefs: 00007FF6341EE0D1
i >= 0 && i < Size, xrefs: 00007FF6341EE11C
p >= Data && p < DataEnd, xrefs: 00007FF6341EE070
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF6341EDF68
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6341EE069, 00007FF6341EE0CA
table->MemoryCompacted == false, xrefs: 00007FF6341EDF6F

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$i >= 0 && i < Size$p >= Buf.Data && p < Buf.Data + Buf.Size$p >= Data && p < DataEnd$table->MemoryCompacted == false
API String ID: 2168931217-1783795845
Opcode ID: 62f75428c15231a191c8b2183383776eb55f8038cf437fe52e0662faf8159130
Instruction ID: 8d9b55988f9740149798e5bb5dd617330fd2b0437888c394f76cd61a04d4769b
Opcode Fuzzy Hash: 62f75428c15231a191c8b2183383776eb55f8038cf437fe52e0662faf8159130
Instruction Fuzzy Hash: 6C517F72A08A8686DB20CF15E8D42F8B7A5FB59B84F440136CA4DC7B64DF7ED185D340

Function 000001984C03AB60 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001984C03AC65
shared_ptr.LIBCMTD ref: 000001984C03ACD3

Strings

d, xrefs: 000001984C03AC6C

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: c039b2a57ee3c25890e16ac37221422253289d1338e6c294ba37e84ef54042e4
Instruction ID: 32a4033e26e1c98e8d7b1accc9c124d8f772435a82209d5b2ea64ef2380d3c46
Opcode Fuzzy Hash: c039b2a57ee3c25890e16ac37221422253289d1338e6c294ba37e84ef54042e4
Instruction Fuzzy Hash: 01910030518B898FD794EB29C054BDABBE5FFDA340F54496EB089C32A2DF349945CB42

Function 000001984C03A850 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001984C03A955
shared_ptr.LIBCMTD ref: 000001984C03A9C3

Strings

d, xrefs: 000001984C03A95C

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 9472d0e4b889f094a3cab1acffd77fe61c7aaf73f92bde8c9ff228181d57b494
Instruction ID: d5e41288376e7a72406335b3676f51f8a1a2d281fc17e066d9eaca5878e7129c
Opcode Fuzzy Hash: 9472d0e4b889f094a3cab1acffd77fe61c7aaf73f92bde8c9ff228181d57b494
Instruction Fuzzy Hash: BC911F30518B898FD794EB29C055BDABBE5FFDA300F44096EB089C32A2DF349945CB02

Function 000001984C03A540 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 244COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001984C03A647
shared_ptr.LIBCMTD ref: 000001984C03A6B5

Strings

d, xrefs: 000001984C03A64E

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 9036c0c1e63749c3bc76dfb6a94ead1f4178844c3cfab8ee976c09acc3f1cf2d
Instruction ID: ae46ff8152b67613c3fc3a0810ef39ec190a714630552d6f64bf97ad1bdbeb82
Opcode Fuzzy Hash: 9036c0c1e63749c3bc76dfb6a94ead1f4178844c3cfab8ee976c09acc3f1cf2d
Instruction Fuzzy Hash: B39112305187858FE795EB29C4547DABBE5FFDA300F44096EB489C72A2DF349945CB02

Function 000001984C040EC0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150COMMON

Download Yara Rule

APIs

Part of subcall function 000001984BFFA110: char_traits.LIBCPMTD ref: 000001984BFFA13D

type_info::_name_internal_method.LIBCMTD ref: 000001984C040F36
type_info::_name_internal_method.LIBCMTD ref: 000001984C040F55
type_info::_name_internal_method.LIBCMTD ref: 000001984C040FE6
type_info::_name_internal_method.LIBCMTD ref: 000001984C041041
type_info::_name_internal_method.LIBCMTD ref: 000001984C041093

Strings

, xrefs: 000001984C040F08
', xrefs: 000001984C040F6D

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID: $'
API String ID: 2432257368-2481900351
Opcode ID: 80be3a970e3a749e1926a631d758321b903abe1dc6e94d3da15c608f29041d81
Instruction ID: be3456d2f56b31f63125b70028bebec1b3c05e65a01f279f3515bf98e86a1c67
Opcode Fuzzy Hash: 80be3a970e3a749e1926a631d758321b903abe1dc6e94d3da15c608f29041d81
Instruction Fuzzy Hash: ED513F31518B898FD3A5FB14D495BEAB7E5FFA9300F40495EA08DC31A2EF709945CB42

Function 00007FF634200C30 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

TrackMouseEvent.USER32 ref: 00007FF634200CCE
GetMessageExtraInfo.USER32 ref: 00007FF63420126A
TrackMouseEvent.USER32 ref: 00007FF6342012FB
TrackMouseEvent.USER32 ref: 00007FF634201305
ScreenToClient.USER32 ref: 00007FF634201331

Strings

Ctx != 0, xrefs: 00007FF634201355
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF63420134E

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: EventMouseTrack$ClientExtraInfoMessageScreen
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 3561655495-3890275027
Opcode ID: 56b5d8c4c4cd4702416651cf8138708fd5936cd832d97e54c425377689c9d51c
Instruction ID: 04e29f4708ce241e3760f102171073d9b99c2a2c4fb6cf24a75d7090b910b99e
Opcode Fuzzy Hash: 56b5d8c4c4cd4702416651cf8138708fd5936cd832d97e54c425377689c9d51c
Instruction Fuzzy Hash: 0161BE72E086428AF725CB65D9902BDB7E1FB44744F184136DE4AE3BA4CF7AE485D700

Function 00007FF6341BCB20 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 130COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF6341BCC55
__swprintf_l.LIBCMT ref: 00007FF6341BCC67

Strings

id != 0, xrefs: 00007FF6341BCB61
%s/%08X, xrefs: 00007FF6341BCC5C
#Child, xrefs: 00007FF6341BCCB9
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341BCB5A
%s/%s_%08X, xrefs: 00007FF6341BCC49

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: __swprintf_l
String ID: #Child$%s/%08X$%s/%s_%08X$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$id != 0
API String ID: 1488884202-1586801193
Opcode ID: 46a1a0c6a0e47ec31a009c470b2dafd8de949c046316960332f141e314256c12
Instruction ID: 8a11ad80e6b24613e5c4666e0e8bacafeead8eb378079c5e316bdf84eb77ccd7
Opcode Fuzzy Hash: 46a1a0c6a0e47ec31a009c470b2dafd8de949c046316960332f141e314256c12
Instruction Fuzzy Hash: 2051BF32A08B8A96E755DF26D5802F9F7A0FB98784F04813ADA4DD3791DF3CA095E740

Function 00007FF6341D43E0 Relevance: 12.4, APIs: 8, Instructions: 350COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D446E
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D455A
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D45DA
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D46F6
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D4806
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D48E6
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D4966
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D49E7

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID:
API String ID: 2168931217-0
Opcode ID: f94a614454fe2cb526baa10b2cce888be569503d75c325dc1dce0eb86242048f
Instruction ID: 2dcaa204daa70c6713653922efd78f07272a4527ab6367c4e401dc928e795696
Opcode Fuzzy Hash: f94a614454fe2cb526baa10b2cce888be569503d75c325dc1dce0eb86242048f
Instruction Fuzzy Hash: 5002387261999292DB4DEF64C5D50FCA375FB54B84B904232D60EC33A2EF28E66AD340

Function 00007FF6341B8380 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 164COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B8442
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B84FA
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B858A

Part of subcall function 00007FF6341B81E0: 00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B8269
Part of subcall function 00007FF6341B81E0: 00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B82E9
Part of subcall function 00007FF6341B81E0: 00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B836A

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B8624

Strings

DrawList == &DrawListInst, xrefs: 00007FF6341B83BA
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341B83B3

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$DrawList == &DrawListInst
API String ID: 2168931217-20161693
Opcode ID: 2d8ea6574ee6b8056d063ee5808aa292970097db89a4d7c438daa540352c4861
Instruction ID: c460f0ff34f8bfcd9c1a8376735a1f8b9f317906054853e142b1bace0ccc1a30
Opcode Fuzzy Hash: 2d8ea6574ee6b8056d063ee5808aa292970097db89a4d7c438daa540352c4861
Instruction Fuzzy Hash: C671AD72609A9286C749EF24D4951FCB3B5FB08F84B588236CA0EC7365DF39D19AC340

Function 000001984C02FBC0 Relevance: 9.4, APIs: 6, Instructions: 410COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001984C02FC91

Part of subcall function 000001984C030350: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C03035E

Part of subcall function 000001984C033150: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C033163

bool_.LIBCPMTD ref: 000001984C02FDA3
shared_ptr.LIBCMTD ref: 000001984C02FDB0
UnDecorator::getVbTableType.LIBCMTD ref: 000001984C02FE53
bool_.LIBCPMTD ref: 000001984C02FF3B
shared_ptr.LIBCMTD ref: 000001984C02FF48

Part of subcall function 000001984C033080: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C03308E
Part of subcall function 000001984C033080: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C0330C4

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Decorator::getTableTypebool_shared_ptr
String ID:
API String ID: 2413108386-0
Opcode ID: 09bb8693cdd345d70ffcf971e1c493b358d70803e10c2bb5853e910151989129
Instruction ID: 55c3e1005b138bf2e5aeed5cfda2a9d9cffd0a8e9627a1df64a3dad5fa41c7fc
Opcode Fuzzy Hash: 09bb8693cdd345d70ffcf971e1c493b358d70803e10c2bb5853e910151989129
Instruction Fuzzy Hash: 01F1133151CA898FE7A5EB18C4A4BDBB7E4FF9A340F50495AA08EC71A2DF70D944C742

Function 000001984C05E080 Relevance: 9.4, APIs: 6, Instructions: 408COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001984C05E0A3
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001984C05E0B7
std::make_error_code.LIBCPMTD ref: 000001984C05E0D0
std::make_error_code.LIBCPMTD ref: 000001984C05E132
std::make_error_code.LIBCPMTD ref: 000001984C05E300

Part of subcall function 000001984C006020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 000001984C00602E

std::make_error_code.LIBCPMTD ref: 000001984C05E1B7

Part of subcall function 000001984C008FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001984C008FFE

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
Instruction ID: 4404ca3fc39c301c9e46b5d764b6871d6ab8f5cef2b0f0623f5bcc72e8b7bcfe
Opcode Fuzzy Hash: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
Instruction Fuzzy Hash: FAF1DC306187898FE7A4EB29C465BEAB7E5FFDA340F40485DA18DC3292DE749845CB42

Function 000001984C02BB60 Relevance: 9.1, APIs: 6, Instructions: 129COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C02BBA6
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001984C02BBC9
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001984C02BBEF
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001984C02BC62
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 000001984C02BC88
List.LIBCMTD ref: 000001984C02BC94

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::ContextIdentityQueueWork$Affinity::operator!=HardwareList
String ID:
API String ID: 2242293343-0
Opcode ID: 0f09c845dda9b562757045dec8ee4d3361f5b6171332ab6d94f79fbde5fb3f63
Instruction ID: cf5e75fd8a22b1c7fa1ddd69e7dce156fe095a934218e7c2b612541a625f91f6
Opcode Fuzzy Hash: 0f09c845dda9b562757045dec8ee4d3361f5b6171332ab6d94f79fbde5fb3f63
Instruction Fuzzy Hash: 19413030518A498FDB94EB68D465BDAB7E4FF99310F80491EA08AD3292DF74DD44CB42

Function 000001984C071A30 Relevance: 9.1, APIs: 6, Instructions: 93COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001984C071A5E

Part of subcall function 000001984C0476A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001984C0476B8

type_info::_name_internal_method.LIBCMTD ref: 000001984C071A80

Part of subcall function 000001984C070D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001984C070D48

type_info::_name_internal_method.LIBCMTD ref: 000001984C071AA2
type_info::_name_internal_method.LIBCMTD ref: 000001984C071AC4
type_info::_name_internal_method.LIBCMTD ref: 000001984C071AE6
type_info::_name_internal_method.LIBCMTD ref: 000001984C071B08

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction ID: fbfff5c8f85bae3a743250197b66c3d9eef4a74773c576baae3bbd13b4d6b559
Opcode Fuzzy Hash: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction Fuzzy Hash: D5317B30A18B898FDA94EF6CC4657DAB7E6FFDA340F50495DA48DC3252DE309841C746

Function 00007FF6341B7D10 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 246COMMON

Download Yara Rule

APIs

00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341B7F1B
00007FFDA46F19C0.VCRUNTIME140 ref: 00007FF6341B7F59

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341B8054
#MOVE, xrefs: 00007FF6341B80C0
Size > 0, xrefs: 00007FF6341B805B

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007
String ID: #MOVE$C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0
API String ID: 3568877910-319756798
Opcode ID: 1a6d229fed04ae4d5dda714486ca1b30204d476d261d5c16fdb784a5624f0de9
Instruction ID: 2eff481ff7036602789a1c26a720a77a9dac73675d23788870d094c0c049a847
Opcode Fuzzy Hash: 1a6d229fed04ae4d5dda714486ca1b30204d476d261d5c16fdb784a5624f0de9
Instruction Fuzzy Hash: B8D14E32606BC19AD354CF29E9887ADB7A8F705F54FA94238C7A887390DF35E062C704

Function 00007FF6341E13B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 152COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341E1484
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341E1567
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341E15F0

Strings

!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF6341E13DA
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6341E13D3

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 2168931217-3599239301
Opcode ID: 25f72e3c8c282048cd647ec2fff06e31e0aedba023ac7ffc24038e7a7775b1cc
Instruction ID: dd35b66c5405715baaa38cd899006a569ff798d1683f3abdf8ff7658ffcb729e
Opcode Fuzzy Hash: 25f72e3c8c282048cd647ec2fff06e31e0aedba023ac7ffc24038e7a7775b1cc
Instruction Fuzzy Hash: DE61A072A09A4682DB85DF24D1952BCF3B1FB14B84F548226DB0EC3764DF38D5AAC340

Function 00007FF6341ECA90 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 147COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341ECBC0

Strings

p >= Data && p < DataEnd, xrefs: 00007FF6341ECC55
column->SortOrder < table->SortSpecsCount, xrefs: 00007FF6341ECC7F
C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF6341ECC78
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6341ECC4E

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$column->SortOrder < table->SortSpecsCount$p >= Data && p < DataEnd
API String ID: 2168931217-2291414753
Opcode ID: d1a58ff65e67fce8a15b774c6dd96d30571278a3c59e6d05705c6449fc4a45af
Instruction ID: 5966bfba062910958488bce5fa2bead9899d14c8404e083d5636be2eb8462eea
Opcode Fuzzy Hash: d1a58ff65e67fce8a15b774c6dd96d30571278a3c59e6d05705c6449fc4a45af
Instruction Fuzzy Hash: 8261CA36608A9296DB18CF29D9C42BCB7A0FB48B80F445136DB5DC3794EF39E5A6D340

Function 00007FF6341B2E30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 112COMMON

Download Yara Rule

APIs

00007FFDB2238950.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6341B2EC1
00007FFDB2238950.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF6341B2EEC
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B2FA9

Strings

filename && mode, xrefs: 00007FF6341B2E58
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341B2E51

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007$B2238950$B222F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$filename && mode
API String ID: 3196635630-1878659873
Opcode ID: dfd827a4de5531acd64816ff24ecc87e1052e56cf3c43d14e41e907871dee9f7
Instruction ID: 517a01f5bb82f85a0088cf20dc13df5b25ab3fad8aa8bbf5caf5a9e52e6ecb1b
Opcode Fuzzy Hash: dfd827a4de5531acd64816ff24ecc87e1052e56cf3c43d14e41e907871dee9f7
Instruction Fuzzy Hash: 8C41B121B09E5282EB58DF15A9D8179E3A0FF49B94F180235DA0ED77D4DF3DE48A9340

Function 00007FF6342013F9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71windowCOMMON

Download Yara Rule

APIs

GetMessageExtraInfo.USER32 ref: 00007FF6342013F9
GetCapture.USER32 ref: 00007FF634201491
SetCapture.USER32 ref: 00007FF63420149F

Strings

Ctx != 0, xrefs: 00007FF6342014C5
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6342014BE

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: Capture$ExtraInfoMessage
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 2172523684-3890275027
Opcode ID: e5ed3c2d33467ee866650776db45dde0e5327c93dae5451d5cdba795c5f28f26
Instruction ID: 5a7c1b9f866f8b79516db245bb2d4e6c393ed8f7bc517554df264b0a071e56f7
Opcode Fuzzy Hash: e5ed3c2d33467ee866650776db45dde0e5327c93dae5451d5cdba795c5f28f26
Instruction Fuzzy Hash: 56210A76605A4286E711CF25D5542B9B3E0FB44BA8F800131DE1DD77A4DF3AE586D740

Function 00007FF6341D1F40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

APIs

printf.MSPDB140-MSVCRT ref: 00007FF6341D203E

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341D2019
[%05d] , xrefs: 00007FF6341D1FAF
[%s] [%05d] , xrefs: 00007FF6341D1F9A
Size > 0, xrefs: 00007FF6341D2020

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: printf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$Size > 0$[%05d] $[%s] [%05d]
API String ID: 3524737521-3476604433
Opcode ID: 1f05ae7bfb494f84aad7026fd753fc4d603e48b965f2e09f5000b0581db317b5
Instruction ID: 0670a03fb5f259a9b3c09cbbc214c71bcaacc5504869c0514d2eb9c04701bddc
Opcode Fuzzy Hash: 1f05ae7bfb494f84aad7026fd753fc4d603e48b965f2e09f5000b0581db317b5
Instruction Fuzzy Hash: F521DA72B08A4685EA209F12F8845BAE7A0FF45B84F444031EE4DE3326DF3CE584D740

Function 00007FF6341FFA50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF6341FFAD2

Strings

C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp, xrefs: 00007FF6341FFA84
bd != nullptr && "No platform backend to shutdown, or already shutdown?", xrefs: 00007FF6341FFA8B
GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?", xrefs: 00007FF6341FFAB1
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341FFAAA

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: FreeLibrary
String ID: C:\Users\55yar\Desktop\imgui-master\backends\imgui_impl_win32.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$GImGui != 0 && "No current context. Did you call ImGui::CreateContext() and ImGui::SetCurrentContext() ?"$bd != nullptr && "No platform backend to shutdown, or already shutdown?"
API String ID: 3664257935-1332676508
Opcode ID: bb86a6f7c7364d40ceef79f0e52fd7b12f9ff1b9120e67842a6bdd4e3ffcc0a4
Instruction ID: 0db1226d12db69bd1ae94b49537be1a0549bcc7f0dc1661328d1f6d3c9ab038b
Opcode Fuzzy Hash: bb86a6f7c7364d40ceef79f0e52fd7b12f9ff1b9120e67842a6bdd4e3ffcc0a4
Instruction Fuzzy Hash: 83317E72A1AA52C2EB148F14E9D0678B3A0FF58B89F488136DA0DD37A5DF3DE456D340

Function 00007FF6342014F3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetMessageExtraInfo.USER32 ref: 00007FF6342014F3
GetCapture.USER32 ref: 00007FF634201573
ReleaseCapture.USER32 ref: 00007FF63420157E

Strings

Ctx != 0, xrefs: 00007FF63420159A
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF634201593

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: Capture$ExtraInfoMessageRelease
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 1767768705-3890275027
Opcode ID: 0527ba3645a25572ded4bfe279cd1dbea92f4c5092a315049e297b2bad3063cb
Instruction ID: 5b8fe33cf252e6d6e3783038bf7758958d63b628ff54614fa97cce05cd369b76
Opcode Fuzzy Hash: 0527ba3645a25572ded4bfe279cd1dbea92f4c5092a315049e297b2bad3063cb
Instruction Fuzzy Hash: 40210462A15A4386F7518B65D5602BAA6E1FB44BD4F440031CE0EEB7A4DF3FE4869700

Function 000001984C045F20 Relevance: 8.0, APIs: 5, Instructions: 479COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001984C046127

Part of subcall function 000001984C01AB90: std::error_condition::error_condition.LIBCPMTD ref: 000001984C01ABAE

Part of subcall function 000001984C0255D0: _Func_class.LIBCONCRTD ref: 000001984C0255E3

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001984C04615A
std::make_error_code.LIBCPMTD ref: 000001984C0461A5

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::Func_classGroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 831135708-0
Opcode ID: 2b019b4e3f526854cc6463bb2731e43c27d4326d5903197f3522d122ad0e4905
Instruction ID: 9bef7b8cf12c6784d0de9215b31879abe34c4272a9c23d8c7935e73313d6de8c
Opcode Fuzzy Hash: 2b019b4e3f526854cc6463bb2731e43c27d4326d5903197f3522d122ad0e4905
Instruction Fuzzy Hash: CEF13530A18B498FE7A5FB28C465BDEB3E5FF99300F90496AA04DC3292DE38D945C741

Function 000001984C042740 Relevance: 7.9, APIs: 5, Instructions: 422COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001984C0427C5
std::make_error_code.LIBCPMTD ref: 000001984C042810
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C042904
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001984C042BB3

Part of subcall function 000001984C04F6A0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001984C04F6CB

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001984C042C8E

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Scheduler$ProcessorProxyRoot::Virtual$Base::ChoresConcurrency::details::_EmptyGroupQueue::ScheduleScheduler::_SegmentStructuredUnrealizedWorkstd::make_error_code
String ID:
API String ID: 1866601945-0
Opcode ID: 78ae9953cbedf62042fc3d33d4decda1cf0a4d0c091af80d0bda17040aa99622
Instruction ID: 1cbbb244766c1bbbdc6c0e0d6c4dd35c744d50cd08a145f8c52368f581b2def9
Opcode Fuzzy Hash: 78ae9953cbedf62042fc3d33d4decda1cf0a4d0c091af80d0bda17040aa99622
Instruction Fuzzy Hash: 4DF1D031618B498FE7A5EB28C455BEAB3E5FF99300F40496EA0CDC3292DE749945CB42

Function 000001984C0313D0 Relevance: 7.8, APIs: 5, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc1c347d2910cc0400b9c5d360fd704ec17404c1c8a9becaaf1b808fa4f3174e
Instruction ID: 555c7ed7da5a11975144e3db38797d0b8f1d96c8da2bd24b6a816d2c314d9dbd
Opcode Fuzzy Hash: cc1c347d2910cc0400b9c5d360fd704ec17404c1c8a9becaaf1b808fa4f3174e
Instruction Fuzzy Hash: B8B1DE3451CA898FDBA4EB18C095FAAB7E5FF9D344F50495EA08EC7261DB70D881CB42

Function 000001984C025960 Relevance: 7.8, APIs: 5, Instructions: 294COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 000001984C025A03
fpos.LIBCPMTD ref: 000001984C025B8E
fpos.LIBCPMTD ref: 000001984C025BC9
fpos.LIBCPMTD ref: 000001984C025C3C

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: 6a66e7cf8dba913559191b32390491cef5c931f42b95be3e289b6306e1102091
Instruction ID: ed6ad82e1ab693808ed57584257f3fef5d180eda13a417afa1d9fc659addde0b
Opcode Fuzzy Hash: 6a66e7cf8dba913559191b32390491cef5c931f42b95be3e289b6306e1102091
Instruction Fuzzy Hash: 85B1FD3061CB898FE7A4EB18C465BAAB7E5FF9A355F54091DE48AC3290DB34DC44CB06

Function 000001984C0699B0 Relevance: 7.8, APIs: 5, Instructions: 277COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001984C0699F1

Part of subcall function 000001984C008FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001984C008FFE

std::make_error_code.LIBCPMTD ref: 000001984C069A94
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C069B96
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C069BBA

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 1851498522-0
Opcode ID: 5030b6f4d4358b935513f3764e1def77f0374254cb11d93097da90f9fbad4d41
Instruction ID: eef9baf64a30feb775bd2c8bf0b7573ff351c801b2627757ea0edc50c55e36e2
Opcode Fuzzy Hash: 5030b6f4d4358b935513f3764e1def77f0374254cb11d93097da90f9fbad4d41
Instruction Fuzzy Hash: 3CA14531618B4A8BE765EF24C461BEFB7E5FF96350F400A19A08AC31E1DE74D945CB82

Function 000001984C05F260 Relevance: 7.7, APIs: 5, Instructions: 229COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001984C05F2A2

Part of subcall function 000001984C008FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001984C008FFE

std::make_error_code.LIBCPMTD ref: 000001984C05F373

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: ebabad4b59d44e2f68d9d46900ea2437acbb56d7763c223535eb91f3e8692582
Instruction ID: 0b7cfaf8c555fcecc96c6441f40706e3bb74be0f17e58da9bd585cd57602bee4
Opcode Fuzzy Hash: ebabad4b59d44e2f68d9d46900ea2437acbb56d7763c223535eb91f3e8692582
Instruction Fuzzy Hash: D4914E31518B898BE365EF24D4A1BEFB7E5FFD5300F80491EA08AC31A2DE749945CB42

Function 000001984C056EA9 Relevance: 7.7, APIs: 5, Instructions: 198COMMON

Download Yara Rule

APIs

Mailbox.LIBCMTD ref: 000001984C056EF2
Mailbox.LIBCMTD ref: 000001984C056F2A
Mailbox.LIBCMTD ref: 000001984C056F95
Mailbox.LIBCMTD ref: 000001984C056FC6
Mailbox.LIBCMTD ref: 000001984C056FF0

Part of subcall function 000001984C01BC30: Mailbox.LIBCMTD ref: 000001984C01BC7E

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Mailbox
String ID:
API String ID: 1763892119-0
Opcode ID: 06a3ff207c22bb6f37366860b149ab3668e7e4d9713726df24d0a8770affc0a8
Instruction ID: 11b1588ccc4e14c8145019b4d1b981bc296bd3ed256d6f2006cdbab47f0ad441
Opcode Fuzzy Hash: 06a3ff207c22bb6f37366860b149ab3668e7e4d9713726df24d0a8770affc0a8
Instruction Fuzzy Hash: A361543151CB8C8FD765EA28C064BEBB7E1FBA9341F440A1EA48AD3291DE71D945C742

Function 000001984C0126B0 Relevance: 7.7, APIs: 5, Instructions: 190COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 000001984C0126D8
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001984C012767

Part of subcall function 000001984C010B80: std::error_condition::error_condition.LIBCPMTD ref: 000001984C010BB2

Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001984C0127FE
std::error_condition::error_condition.LIBCPMTD ref: 000001984C01286F
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001984C0128DC

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_SchedulerScheduler::_$std::error_condition::error_condition$std::bad_exception::bad_exception
String ID:
API String ID: 3801495819-0
Opcode ID: f3d1858459e0af94582484c269b498f47c4f8567e9ef1adb0021aa434c7c7154
Instruction ID: 2de07bf28c473f050dce921444e62d836e21e217a2f718ffd509411fc2f2846c
Opcode Fuzzy Hash: f3d1858459e0af94582484c269b498f47c4f8567e9ef1adb0021aa434c7c7154
Instruction Fuzzy Hash: 2D611534A18B498FD7A4EB68C494BDAB7E1FF99310F408959E089C32A2DF74D845CB42

Function 000001984C08AAA0 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001984C08AAC8

Part of subcall function 000001984C08C040: shared_ptr.LIBCPMTD ref: 000001984C08C061

__crt_scoped_stack_ptr.LIBCPMTD ref: 000001984C08AB47
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C08ABA6
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C08ABBD
__crt_scoped_stack_ptr.LIBCPMTD ref: 000001984C08AC66

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: 91d403a99b0aa0b9c84ca8b623b580e6659b45cf93c11dcecb02eb8a3e2d9174
Instruction ID: 0867081f81cf0a6a95739e4b4a7844fc75fcf6a897d47278547cd7a829e4e963
Opcode Fuzzy Hash: 91d403a99b0aa0b9c84ca8b623b580e6659b45cf93c11dcecb02eb8a3e2d9174
Instruction Fuzzy Hash: 7561D870918B898FE7A4EB68C495B9AB7E1FF99340F50491EA48DC3261DF34D885CB42

Function 000001984C08A5E0 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001984C08A608

Part of subcall function 000001984C08C140: shared_ptr.LIBCPMTD ref: 000001984C08C161

__crt_scoped_stack_ptr.LIBCPMTD ref: 000001984C08A687
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C08A6E6
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C08A6FD
__crt_scoped_stack_ptr.LIBCPMTD ref: 000001984C08A7A6

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
Instruction ID: 049c0331deebb0291ec0b9b9cce1ec8bfb67d446d5ea23b0e0382749445b5022
Opcode Fuzzy Hash: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
Instruction Fuzzy Hash: 4261D870918B498FEBA4EB68C495B9AB7E1FF99340F50491EA48DC3261DF34D885CB42

Function 00007FF6341B2CA0 Relevance: 7.6, APIs: 5, Instructions: 100COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF6341B2CE2
MultiByteToWideChar.KERNEL32 ref: 00007FF6341B2D05
MultiByteToWideChar.KERNEL32 ref: 00007FF6341B2D53
MultiByteToWideChar.KERNEL32 ref: 00007FF6341B2D73
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341B2DFC

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: ByteCharMultiWide$00007B222F020
String ID:
API String ID: 4227552958-0
Opcode ID: 21f894aa74984226e49f1d60ee564dfdb117387d38206500d62480f7b6c39a3b
Instruction ID: 3113656ba8d66083d8f9308a11db0e8cdba6106a0287cd2f4376eeaff4c75fe9
Opcode Fuzzy Hash: 21f894aa74984226e49f1d60ee564dfdb117387d38206500d62480f7b6c39a3b
Instruction Fuzzy Hash: D541D172608E4183D324EF16F9941A9B7A1FB48BD4F088236DE4D93B94DF3CC59A8700

Function 000001984C071C70 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001984C071C9E

Part of subcall function 000001984C070D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001984C070D48

type_info::_name_internal_method.LIBCMTD ref: 000001984C071CC0
type_info::_name_internal_method.LIBCMTD ref: 000001984C071CE2
type_info::_name_internal_method.LIBCMTD ref: 000001984C071D04
type_info::_name_internal_method.LIBCMTD ref: 000001984C071D26

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction ID: d790f6146ab03b7273567d45faba4ea3f1103a9e3aa66867bccccbddc3f29559
Opcode Fuzzy Hash: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction Fuzzy Hash: 4F217830A18B898FDAA4FB6CC46579AB7E5FF99340F90495DA08DC3252DE309845C746

Function 000001984C05FCF0 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C05FD17

Part of subcall function 000001984C0642A0: type_info::_name_internal_method.LIBCMTD ref: 000001984C0642B8

std::make_error_code.LIBCPMTD ref: 000001984C05FD2D

Part of subcall function 000001984C008FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001984C008FFE

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C05FD50
std::make_error_code.LIBCPMTD ref: 000001984C05FD66

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
String ID:
API String ID: 2306575402-0
Opcode ID: a32136fa3a3c95708d011456afc3b85815d78c4fd3309404f318db35ddc1acc6
Instruction ID: 2ff5854ae16048919e47eb845cfde06469bf0e4888906fec4a445b727eef66cf
Opcode Fuzzy Hash: a32136fa3a3c95708d011456afc3b85815d78c4fd3309404f318db35ddc1acc6
Instruction Fuzzy Hash: CE215330A18B4A8BE745EB64D461BEEB7E6FFC5340F404919A085C72E2DE34D941DB91

Function 000001984C0594F0 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C05951A
shared_ptr.LIBCMTD ref: 000001984C05952E

Part of subcall function 000001984C061B90: shared_ptr.LIBCMTD ref: 000001984C061B9E

allocator.LIBCPMTD ref: 000001984C059542
shared_ptr.LIBCMTD ref: 000001984C059554
allocator.LIBCPMTD ref: 000001984C059568

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: shared_ptr$allocator$Affinity::operator!=Concurrency::details::Hardware
String ID:
API String ID: 1053258265-0
Opcode ID: d0542d8c5f8c00544737d49b6b181d538de8c3696277a9840e8cef3017e38d50
Instruction ID: ebc2cf9b6939c0fb775886a5629b28606a78aa0da6b73157dc1f7e376ee3aef4
Opcode Fuzzy Hash: d0542d8c5f8c00544737d49b6b181d538de8c3696277a9840e8cef3017e38d50
Instruction Fuzzy Hash: EF110A30918B498FD6A0EF28C4557EBB7E5FFD9350F404A5EA48DD32A2DF3099458B82

Function 000001984BFFE510 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001984BFFE53C
type_info::_name_internal_method.LIBCMTD ref: 000001984BFFE5F2
type_info::_name_internal_method.LIBCMTD ref: 000001984BFFE6BA

Part of subcall function 000001984BFFA110: char_traits.LIBCPMTD ref: 000001984BFFA13D

Strings

, xrefs: 000001984BFFE734

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID:
API String ID: 2432257368-3916222277
Opcode ID: 484fa9ed5a09ce3c1aba4d5e140585cca91a770afe66fd64d1cb6647b4050987
Instruction ID: 0f71b1744625ff782c502abc0a66591197428f6b8cb0a0223ac81e62544441f0
Opcode Fuzzy Hash: 484fa9ed5a09ce3c1aba4d5e140585cca91a770afe66fd64d1cb6647b4050987
Instruction Fuzzy Hash: 96C1BD32518B498BE765EB28C465BDFB7E1FF99304F404A1AA08EC3191EE34D545CB46

Function 000001984C043328 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C04374F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C0437BB
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C043815

Strings

e, xrefs: 000001984C04340C

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID: e
API String ID: 1865873047-4024072794
Opcode ID: 6d00e0167f8e6f836205d1563a8a38a28a10db6f67d0a951b36e1e151ae0e7ba
Instruction ID: 456138ff2a6eff4bfeca84ceb0d2911dc1a1bd8aac5d2676dc4c539b6ddf0a69
Opcode Fuzzy Hash: 6d00e0167f8e6f836205d1563a8a38a28a10db6f67d0a951b36e1e151ae0e7ba
Instruction Fuzzy Hash: 3161EC30A1CA898FE794EB68C495BDAB7E4FF99301F50191DE18AC72A1DB74D841CB06

Function 00007FF6341EE150 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 187COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341EE432

Strings

p >= begin() && p < end(), xrefs: 00007FF6341EE1CC, 00007FF6341EE339
p < end(), xrefs: 00007FF6341EE209, 00007FF6341EE376
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6341EE1C5, 00007FF6341EE202, 00007FF6341EE332, 00007FF6341EE36F

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$p < end()$p >= begin() && p < end()
API String ID: 2168931217-1901453082
Opcode ID: 2e13f9060a8b3c594e93300032d554e25245ec9294c29f8af1e03daf2fe537dc
Instruction ID: bfb0f6b6084299cf0f9ae96753387d1045abd09cbf499d399bac2c52582464ba
Opcode Fuzzy Hash: 2e13f9060a8b3c594e93300032d554e25245ec9294c29f8af1e03daf2fe537dc
Instruction Fuzzy Hash: 2C81ADB2B09A4296EB288F14EAD82B8F7A1FB04B85F485135CA0DC7754EF3CE595D304

Function 00007FF634201091 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 119COMMON

Download Yara Rule

APIs

IsWindowUnicode.USER32 ref: 00007FF634201094
MultiByteToWideChar.KERNEL32 ref: 00007FF63420116F

Strings

Ctx != 0, xrefs: 00007FF63420118F
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF634201188

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: ByteCharMultiUnicodeWideWindow
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$Ctx != 0
API String ID: 3417139564-3890275027
Opcode ID: 209bfdbab78ec921e6c6e0e02f910ef59687700a5ea740a5dff3d48987ec466a
Instruction ID: a5b091bc5ed9db7d963948005e56819d12e1f3d0def81301a53c6c7670c4dbdd
Opcode Fuzzy Hash: 209bfdbab78ec921e6c6e0e02f910ef59687700a5ea740a5dff3d48987ec466a
Instruction Fuzzy Hash: E051D522F0865286E765CF24C9A02B9A3E1FF44B48F484136CE4DD7B99DF3ED8429310

Function 00007FF6341D41F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D4304
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D43C6

Strings

!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF6341D4224, 00007FF6341D4255
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6341D421D, 00007FF6341D424E

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 2168931217-3599239301
Opcode ID: 6fb84a0008613fc9e451bc84090f232af98be13056d41ae15d4a5a2dbfb217a0
Instruction ID: c44f676e29d3bf6d752707a677217b05bcfcfa9bbe463d33c6ae9cc13344c71a
Opcode Fuzzy Hash: 6fb84a0008613fc9e451bc84090f232af98be13056d41ae15d4a5a2dbfb217a0
Instruction Fuzzy Hash: BA51BBB2A08A9282EB04EF14E4940BCF3B4FB59B84B554232CA4EC3751DF39D59AD740

Function 00007FF6341E1620 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341E16C6
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341E1744

Strings

!Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!", xrefs: 00007FF6341E1640
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6341E1639

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: !Locked && "Cannot modify a locked ImFontAtlas between NewFrame() and EndFrame/Render()!"$C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp
API String ID: 2168931217-3599239301
Opcode ID: 949da079233bebc451fdb1efe9aea4bc1086646359ae301130959504423949a1
Instruction ID: f15a091551e1ea91ce651a21fa223a5c3cd3d125da585176cf1a9c19a58bf47c
Opcode Fuzzy Hash: 949da079233bebc451fdb1efe9aea4bc1086646359ae301130959504423949a1
Instruction Fuzzy Hash: 94319F73A09A5286D785DF28D5D51B8B3B5FB18B84B545222CA0EC3364DF39D59AC340

Function 000001984C062950 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001984C0629A7

Part of subcall function 000001984C008FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001984C008FFE

std::make_error_code.LIBCPMTD ref: 000001984C0629D2
std::make_error_code.LIBCPMTD ref: 000001984C0629EE

Strings

}, xrefs: 000001984C062996

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID: }
API String ID: 2527301759-4239843852
Opcode ID: be98c45c2635ea1b7c099d9ee1afc8aab728c4e80a3655f5ac3be0dc2360b2bb
Instruction ID: c5342a2e4e4cec0358a6fd439c94d54b5fb0e47da7f7208c8e3d75b2b1639035
Opcode Fuzzy Hash: be98c45c2635ea1b7c099d9ee1afc8aab728c4e80a3655f5ac3be0dc2360b2bb
Instruction Fuzzy Hash: 0C211F30918A868FE354DF69D4607EABBE5FFCA384F50492DF189C31A1DA74C981C742

Function 000001984C0B7990 Relevance: 6.5, APIs: 4, Instructions: 491COMMON

Download Yara Rule

APIs

Part of subcall function 000001984BFFA170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFFA18D

Part of subcall function 000001984BFFA110: char_traits.LIBCPMTD ref: 000001984BFFA13D

type_info::_name_internal_method.LIBCMTD ref: 000001984C0B7A04

Part of subcall function 000001984C0D8720: type_info::_name_internal_method.LIBCMTD ref: 000001984C0D87C0
Part of subcall function 000001984C0D8720: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C0D8826
Part of subcall function 000001984C0D8720: CreateFileA.KERNEL32 ref: 000001984C0D8852

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C0B7AD4

Part of subcall function 000001984BFF5180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFF5217

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$type_info::_name_internal_method$Affinity::operator!=CreateFileHardwarechar_traits
String ID:
API String ID: 2370075206-0
Opcode ID: 1f487b4aeb608b8a4dfac91ae8869fd11e70220961075daf7be05e6e981b2d01
Instruction ID: 139949b1fdaf2612eaffb844ed858380f0e5d79961cc4ce5ca739167983c22b6
Opcode Fuzzy Hash: 1f487b4aeb608b8a4dfac91ae8869fd11e70220961075daf7be05e6e981b2d01
Instruction Fuzzy Hash: EF023631518A498BE365FB64C465BEFB7E1FF95300F50496FA08EC31A2EE30A945CB46

Function 000001984C053900 Relevance: 6.4, APIs: 4, Instructions: 439COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001984C053951

Part of subcall function 000001984C022880: _Ptr_base.LIBCMTD ref: 000001984C022893

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Base::ChoresConcurrency::details::GroupPtr_baseScheduleSegmentUnrealized
String ID:
API String ID: 3333744592-0
Opcode ID: 43246c57ab7ed1ba35076143cb962eb288d03bf794c1c98135cbade81599b407
Instruction ID: 4bdbb0fa466e3f7a3ff13d4a325869fa24e586c3c5fda70675ae5506ef5816da
Opcode Fuzzy Hash: 43246c57ab7ed1ba35076143cb962eb288d03bf794c1c98135cbade81599b407
Instruction Fuzzy Hash: 52F11E31518B8D8FE7B5EB18C495BDBB3E5FF99300F40492AA48EC3291DE749985CB42

Function 000001984C045890 Relevance: 6.4, APIs: 4, Instructions: 359COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001984C045917
std::make_error_code.LIBCPMTD ref: 000001984C045992
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001984C045B1C

Part of subcall function 000001984C04F870: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001984C04F8CD
Part of subcall function 000001984C04F870: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001984C04F8E4

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001984C045CAB

Part of subcall function 000001984C026BC0: char_traits.LIBCPMTD ref: 000001984C026BE0

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::$Concurrency::details::_ProcessorProxyRoot::Scheduler::_Virtual$Base::ChoresGroupScheduleSegmentUnrealizedchar_traitsstd::make_error_code
String ID:
API String ID: 3113402709-0
Opcode ID: e2d3ee74bc8f1c16197933b13d06f8bb0aa28bf4c35c2e9712a17edbc610efea
Instruction ID: 0a095e8f44cb85885369f20e3e73fdb53a744c7b3e39f663a3b2f34a03909b95
Opcode Fuzzy Hash: e2d3ee74bc8f1c16197933b13d06f8bb0aa28bf4c35c2e9712a17edbc610efea
Instruction Fuzzy Hash: CDC1E031518B4D8FE7A5EB28C465BEBB7E5FFA9300F40092E948DC3291DE749945CB42

Function 000001984C002C70 Relevance: 6.4, APIs: 4, Instructions: 351COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C002CA2
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C002E63
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C002E78

Part of subcall function 000001984BFFB170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFFB17E
Part of subcall function 000001984BFFB170: _Max_value.LIBCPMTD ref: 000001984BFFB1A3
Part of subcall function 000001984BFFB170: _Min_value.LIBCPMTD ref: 000001984BFFB1D1

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C002FB7

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
String ID:
API String ID: 348937374-0
Opcode ID: 46c4db4a0ba23410846ec0059871a6f14c2db6919ad8fb743b4dd0f0e277dc33
Instruction ID: 091b1747890d43d62c796363eb4094ac1ffd4ab1ea553357ea2010cd55fc79fc
Opcode Fuzzy Hash: 46c4db4a0ba23410846ec0059871a6f14c2db6919ad8fb743b4dd0f0e277dc33
Instruction Fuzzy Hash: CAD1AD3161CB898FD7A4EB18C455BAEB7E1FFA9341F40495EA08DC3261DA70D981CB42

Function 000001984C013390 Relevance: 6.3, APIs: 4, Instructions: 324COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 000001984C01352B
std::error_condition::error_condition.LIBCPMTD ref: 000001984C013551

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::error_condition::error_condition
String ID:
API String ID: 246976077-0
Opcode ID: a6d0406ee275fc0a278201952968efdbde7828aa1727d589354d824e6bc233d3
Instruction ID: 5095b2ea1de49196e071aa2dc53d6b929be8f34df5075b2a565a0f1bd5372c08
Opcode Fuzzy Hash: a6d0406ee275fc0a278201952968efdbde7828aa1727d589354d824e6bc233d3
Instruction Fuzzy Hash: F8C14830618B498FE7A5EB28C465BDBB7E4FF99350F50092DA08AC32A1DF75D941CB42

Function 000001984C061370 Relevance: 6.3, APIs: 4, Instructions: 304COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 000001984C061564

Part of subcall function 000001984C0350A0: char_traits.LIBCPMTD ref: 000001984C0350C1

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 000001984C0615C1

Part of subcall function 000001984C06A0F0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 000001984C06A112

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::Concurrency::details::_Decorator::getProcessorProxyRoot::Scheduler::_TableTypeVirtualchar_traits
String ID:
API String ID: 1673230147-0
Opcode ID: cfb114ce81b8242a8138127994242184d9f7b02dc7cc79d7158feec11a0593a8
Instruction ID: 92bbc02947d03c96a82a9b1dd6b76e72e7257394ddfa9aab76a12f05e8440fea
Opcode Fuzzy Hash: cfb114ce81b8242a8138127994242184d9f7b02dc7cc79d7158feec11a0593a8
Instruction Fuzzy Hash: D9C1AA70518B898FE7A4EF18C495BDAB7E5FFA9304F50492E908DC3261DF749984CB42

Function 000001984C0624C0 Relevance: 6.3, APIs: 4, Instructions: 266COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 000001984C0624E3
std::make_error_code.LIBCPMTD ref: 000001984C0624FC

Part of subcall function 000001984C008FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001984C008FFE

std::make_error_code.LIBCPMTD ref: 000001984C06253B

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 1046759889-0
Opcode ID: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
Instruction ID: 5826bdb4fa739f6046765235d03fba5648eb95ecc448d95e0fe7aeb4b202fae6
Opcode Fuzzy Hash: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
Instruction Fuzzy Hash: A3B1AA30618B898FD7A4EB28C465BEEB7E5FFD9301F50495EA08DC3292DE709845CB42

Function 000001984C05DCB0 Relevance: 6.2, APIs: 4, Instructions: 212COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 000001984C05DCED

Part of subcall function 000001984C008FE0: std::error_condition::error_condition.LIBCPMTD ref: 000001984C008FFE

std::make_error_code.LIBCPMTD ref: 000001984C05DD3C

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 914871444acda03db8c397575b484ba356f5dbd6d30ab43649a56d47f3854115
Instruction ID: 20cd6539003387f6a77f26d82cbb963bb27623a1f64a5dbac98b480f455817d6
Opcode Fuzzy Hash: 914871444acda03db8c397575b484ba356f5dbd6d30ab43649a56d47f3854115
Instruction Fuzzy Hash: 26810430518B998FE3A5EB18C461BEEB7E5FF95300F50496EE08DC32A2DE709845CB42

Function 000001984C025700 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 000001984C02579A
fpos.LIBCPMTD ref: 000001984C025863
fpos.LIBCPMTD ref: 000001984C0258B2
fpos.LIBCPMTD ref: 000001984C02594F

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: 6482d30fa890008c781780ebb765b1d214955e0675561b79e15b2cde454a484b
Instruction ID: fa19cce217b2adae3f4127e00b0646b8003e7900c3b32d41d9e4b45f053013c4
Opcode Fuzzy Hash: 6482d30fa890008c781780ebb765b1d214955e0675561b79e15b2cde454a484b
Instruction Fuzzy Hash: 64810A3091CB858FE7A4EB28C465BAABBE4FF99341F54091DB499C32A1DB74DC40CB06

Function 000001984C06B2A0 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C06B33B
type_info::_name_internal_method.LIBCMTD ref: 000001984C06B462

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 31633297509520c3cf38a8ab650ddf2738620efd7f833d6bc15245c323a4a252
Instruction ID: 78f7bbb05191b0fe5e53d9cbd8c058f1cccd7a19d833e7a6706d94c716150b1b
Opcode Fuzzy Hash: 31633297509520c3cf38a8ab650ddf2738620efd7f833d6bc15245c323a4a252
Instruction Fuzzy Hash: 9971D37065CB898FE7A5EF28C495BEAB3E5FF99300F804919A08DC3291DE74D842D742

Function 000001984C06B610 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 000001984C06B6AB
type_info::_name_internal_method.LIBCMTD ref: 000001984C06B7D2

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 99a6b33ae6862e60c4063bc95135201a3c42c6b25746548689089e28a85fb9b4
Instruction ID: 7413336a46f02000fb071982588750dfe98b86b3940b4f975d2f29dddd126de6
Opcode Fuzzy Hash: 99a6b33ae6862e60c4063bc95135201a3c42c6b25746548689089e28a85fb9b4
Instruction Fuzzy Hash: A771FF7061CA899FE7A5EF18C4A5BEAB3E5FF99300F404819E08DC3292DE74D945CB42

Function 00007FF6341F59A0 Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341F5A26
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341F5AA3
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341F5B20
00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341F5B9E

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID:
API String ID: 2168931217-0
Opcode ID: e68efa2831d778e4f34f330c17ca88291312f669d56948be7ecc4bde90aff0f3
Instruction ID: 89bb70f02d8b4f4c3f056d712eef1e6c234400ff5a5e1a7a6b4d584d4c9a1115
Opcode Fuzzy Hash: e68efa2831d778e4f34f330c17ca88291312f669d56948be7ecc4bde90aff0f3
Instruction Fuzzy Hash: D0517E7361AA5686CB89DF28D1950BCB3B5FB58B84B548223CA0EC3355DF39D59BC340

Function 000001984C0CE560 Relevance: 6.1, APIs: 4, Instructions: 120COMMON

Download Yara Rule

APIs

Part of subcall function 000001984C0CE760: _Byte_length.LIBCPMTD ref: 000001984C0CE7CE

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C0CE5E5
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C0CE60E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C0CE645
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984C0CE66E

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Byte_length
String ID:
API String ID: 1141060839-0
Opcode ID: 73401877cca2df4d9d6e09be458f0decb97a0093fc0ac4ecf507f84a65ce1821
Instruction ID: 32c6bfa1d8ac9005699b1bdc106ea2a4f5805bd0d26937ad948ad84234ede8c9
Opcode Fuzzy Hash: 73401877cca2df4d9d6e09be458f0decb97a0093fc0ac4ecf507f84a65ce1821
Instruction Fuzzy Hash: A341D031518B498FE754EB18C465BEEB7E1FF99341F50492EA08DC3261DF30A985CB42

Function 000001984C07D460 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001984C07D48B

Part of subcall function 000001984C0476A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001984C0476B8

type_info::_name_internal_method.LIBCMTD ref: 000001984C07D4AA

Part of subcall function 000001984C070D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001984C070D48

type_info::_name_internal_method.LIBCMTD ref: 000001984C07D4C9
type_info::_name_internal_method.LIBCMTD ref: 000001984C07D4E8

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction ID: 0063488a296dbececf094b5a4f3589d55b726dc82cf04368160075d37c1ef2e4
Opcode Fuzzy Hash: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction Fuzzy Hash: FC119E30A18B498FDA94EB6CC4557DEBBE5FFD9340F50495DA089C3262DE30D845CB46

Function 000001984C04F060 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001984C04F08B

Part of subcall function 000001984C0476A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001984C0476B8

type_info::_name_internal_method.LIBCMTD ref: 000001984C04F0AA
type_info::_name_internal_method.LIBCMTD ref: 000001984C04F0C9
type_info::_name_internal_method.LIBCMTD ref: 000001984C04F0E8

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction ID: f26834052f999b02198f4e47abfdd1a8d79e9c0ca5decce1fc80a57a5225686f
Opcode Fuzzy Hash: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction Fuzzy Hash: 5F11BD30A18B498FD694EB2CC4557DABBE5FFD9340F904D5DA089C3262DE30D841CB42

Function 000001984C03B130 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 000001984C03B15B

Part of subcall function 000001984C0476A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 000001984C0476B8

type_info::_name_internal_method.LIBCMTD ref: 000001984C03B17A
type_info::_name_internal_method.LIBCMTD ref: 000001984C03B199
type_info::_name_internal_method.LIBCMTD ref: 000001984C03B1B8

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction ID: 069d2eb9453b70d268a1fae36c91bd48e28963d67c4cec312a920cd58515e41d
Opcode Fuzzy Hash: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction Fuzzy Hash: 3F118830A18B898FE694EB2CC45579ABBE6FFD9340F904D5DA489C3262DE309845CB46

Function 000001984C0333B0 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

_Func_class.LIBCONCRTD ref: 000001984C0333C3
_Func_class.LIBCONCRTD ref: 000001984C03341D

Part of subcall function 000001984C029830: _Func_class.LIBCONCRTD ref: 000001984C02983E
Part of subcall function 000001984C029830: _Func_class.LIBCONCRTD ref: 000001984C02989C

_Func_class.LIBCONCRTD ref: 000001984C033441
_Func_class.LIBCONCRTD ref: 000001984C03344D

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Func_class
String ID:
API String ID: 1670654298-0
Opcode ID: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction ID: cea6e479e913cb8aae0a9edad21045bdb3158b78f44ae5bfddf91e4b13d53a7f
Opcode Fuzzy Hash: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction Fuzzy Hash: BE11CE30A18A094FE684EB1CC4957AAB7E5FF9A341F804969B589C32B1DF21EC41C741

Function 000001984C04EEC0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C04EF0A
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C04EF1E

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction ID: 8bb7868c182b40b9de5dcc723ca2f0293a106db2f72550d9308830db44b0b8ac
Opcode Fuzzy Hash: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction Fuzzy Hash: 26012930935F9A5BE3D4DB29C4A43DAB5DAFF89300F80092DA099C32E1CEB5D8408706

Function 000001984C04EF60 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C04EFAA
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984C04EFBE

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction ID: 56a3be7318a5fcf0468899aa71b4668a782af12899cbd7b366786b8a0eefeb67
Opcode Fuzzy Hash: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction Fuzzy Hash: 3F012930534E6E4BE3D4DB29C4647EAB5D6FF8A340FD0092EB155C32A1CAB5D4408706

Function 000001984BFF3D40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 321COMMON

Download Yara Rule

APIs

Part of subcall function 000001984BFF5360: _WChar_traits.LIBCPMTD ref: 000001984BFF538D

Part of subcall function 000001984BFF4740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFF476C
Part of subcall function 000001984BFF4740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFF477E
Part of subcall function 000001984BFF4740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 000001984BFF47BB

Part of subcall function 000001984BFF4850: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984BFF48B8

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 000001984BFF412A

Strings

X, xrefs: 000001984BFF3EE3
, xrefs: 000001984BFF41B1

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Char_traits
String ID: $X
API String ID: 1626164810-1398056850
Opcode ID: da34108681e6cb996675731457550fc137bc86ebf3564906fc77d927d8b33079
Instruction ID: 062a221e907c59478762e48d768a4e1f4eaac82114901417db2ccb96cb1eb27a
Opcode Fuzzy Hash: da34108681e6cb996675731457550fc137bc86ebf3564906fc77d927d8b33079
Instruction Fuzzy Hash: D6D19871618B888FD7A4EF28C4997DEB7E1FB99301F50492EA48DC3261DF749885CB42

Function 000001984C055560 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON

Download Yara Rule

Strings

", xrefs: 000001984C05574E
", xrefs: 000001984C055636

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID:
String ID: "$"
API String ID: 0-3758156766
Opcode ID: 8fdaf1600544622fd33f728529cb6508d7889566d47cbe218040ba2ee86dacff
Instruction ID: 5b1359b92a389f35e02af4649827b1b1800fa96b40a0a5274c927e03e70ff977
Opcode Fuzzy Hash: 8fdaf1600544622fd33f728529cb6508d7889566d47cbe218040ba2ee86dacff
Instruction Fuzzy Hash: 4271DA3151CB899BD795EB18C4A1FDBB7E5FFA9344F404A19B08AC31A1DE30DA45CB82

Function 000001984C014B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 000001984C014CEA

Part of subcall function 000001984C0101A0: Concurrency::details::VirtualProcessor::ClaimTicket::InitializeTicket.LIBCMTD ref: 000001984C0101BD

Strings

@, xrefs: 000001984C014BED
@, xrefs: 000001984C014B66

Memory Dump Source

Source File: 00000000.00000002.4005142779.000001984BFF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 000001984BFF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1984bff0000_solara-executor.jbxd

Yara matches

Similarity

API ID: ClaimConcurrency::details::InitializeProcessor::TicketTicket::Virtualstd::error_condition::error_condition
String ID: @$@
API String ID: 2004282921-149943524
Opcode ID: 9950cd689140dd32029c8ba334a83ce130f8fc6c6ba909f7c99662a502cc7da8
Instruction ID: bda4c35b91ce28ed4ccb8f46aa67a948448100f8fd5883e73b1663a417552c2b
Opcode Fuzzy Hash: 9950cd689140dd32029c8ba334a83ce130f8fc6c6ba909f7c99662a502cc7da8
Instruction Fuzzy Hash: 3851C270909785CFEBA4EF58C494BDAF7E4FB96305F10092DE18AC3290DF7299448B06

Function 00007FF6341B9BC0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

00007FFDB224A0D0.API-MS-WIN-CRT-MATH-L1-1-0 ref: 00007FF6341B9D80

Strings

max_error > 0.0f, xrefs: 00007FF6341B9CC6
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6341B9CBF

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B224
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$max_error > 0.0f
API String ID: 685457636-3636960062
Opcode ID: a1e7d619fba98255bbb59b74f2aa783b82d974d6421d94029452daf7382b12b9
Instruction ID: 1ba16554de38f0355cae1cfafdd8b7a20618a59cb2b171bb85f8a49c18a0a454
Opcode Fuzzy Hash: a1e7d619fba98255bbb59b74f2aa783b82d974d6421d94029452daf7382b12b9
Instruction Fuzzy Hash: 1C61A872D18BC985E3128F3680812B9F790EF59744F1CC736EA49B6365DF69B4C29B10

Function 00007FF6341D0E40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D0F2F

Strings

g.SettingsWindows.empty(), xrefs: 00007FF6341D0E7A
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6341D0E73

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$g.SettingsWindows.empty()
API String ID: 2168931217-1747592857
Opcode ID: 5fcca6ab54b0025e594ec8bc263e215ec36465dfda948e98fee39a4306cf2aa2
Instruction ID: 670d508f9a3ed9e06fa1b5a162fa693ddbf2ede5f49e415fd727e95cf241c3e3
Opcode Fuzzy Hash: 5fcca6ab54b0025e594ec8bc263e215ec36465dfda948e98fee39a4306cf2aa2
Instruction Fuzzy Hash: B541CE72A09A8282EB44DF21A1981B8B7A1FF49B88F588136EA4DC3749DF3DE045D740

Function 00007FF6341D2A40 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 94COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D2BA4

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341D2A8F, 00007FF6341D2ABF
i >= 0 && i < Size, xrefs: 00007FF6341D2A96, 00007FF6341D2AC6

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 2168931217-1817040388
Opcode ID: 62ab15f237ae12dd1f2f720af39e278684e74126654c7f3b00041a021f926d09
Instruction ID: 83920694f8d5d17f25c7b2db4867b708c12dd0a202edc72a4e28b12303e92fae
Opcode Fuzzy Hash: 62ab15f237ae12dd1f2f720af39e278684e74126654c7f3b00041a021f926d09
Instruction Fuzzy Hash: 8A41DD72A08A8282EB14DF24E5D01B9F3B4FF54B84B544232DA5DC37A0DF39E4A6D340

Function 00007FF6341D2BC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D2D10

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341D2C0F, 00007FF6341D2C3F
i >= 0 && i < Size, xrefs: 00007FF6341D2C16, 00007FF6341D2C46

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 2168931217-1817040388
Opcode ID: 9589bf8728c09f5c901920cbf28053feb88018c1b016dbdcb7ec8812433a96cc
Instruction ID: 33b91f6d78e05f078d7bd981b4aad204d5d5fe5d9068f8d64ec8924d05007786
Opcode Fuzzy Hash: 9589bf8728c09f5c901920cbf28053feb88018c1b016dbdcb7ec8812433a96cc
Instruction Fuzzy Hash: 5141CC72A08E9282D7049F24E4901B8F3B4FB55B88B544232DA5EC33A4DF3DE996D340

Function 00007FF6341D2810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

00007FFDB222F020.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF6341D293C

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341D2851, 00007FF6341D2880
i >= 0 && i < Size, xrefs: 00007FF6341D2858, 00007FF6341D2887

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B222F020
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 2168931217-1817040388
Opcode ID: ab78d67b3827ca981ba7196448e1a9a9ce10ad8f11ce5b15fb4adaa829971505
Instruction ID: 153002aafe84f868bdefe791fcf80e3faf1ff85ab3970648214ef1827968c4ee
Opcode Fuzzy Hash: ab78d67b3827ca981ba7196448e1a9a9ce10ad8f11ce5b15fb4adaa829971505
Instruction Fuzzy Hash: EA31ACB2A08A5682DB08CF24E4D01B8F3A1FF45B88B504136DA4DC37A8DF39E596C700

Function 00007FF6341BB200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

00007FFDB22349A0.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF6341BB28E

Strings

C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6341BB2B5
i >= 0 && i < Size, xrefs: 00007FF6341BB2BC

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B22349
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.h$i >= 0 && i < Size
API String ID: 3967229990-1817040388
Opcode ID: fae55c63b829811270316bffbfd4df00558370b4b6ef951384af4ae9f73947b3
Instruction ID: 227fa1bf3b9b5515bf8b9b6a1905e08663a64a0cab0efd4d0e916ffa95f1df6c
Opcode Fuzzy Hash: fae55c63b829811270316bffbfd4df00558370b4b6ef951384af4ae9f73947b3
Instruction Fuzzy Hash: 14217131B18A9689EB648B55E4806BEA760FB85B84F485135DA8EC7F58CF3DF481D700

Function 00007FF6341D1E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

00007FFDB4322E80.IMM32 ref: 00007FF6341D1EA2

Strings

, xrefs: 00007FF6341D1EB5
@, xrefs: 00007FF6341D1EF3

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: 00007B4322
String ID: $@
API String ID: 3479818561-1077428164
Opcode ID: 53b76e4c7360ced8355a90c1ba8cca2d8cf467df60d04d43bb1f796f4f86dbcd
Instruction ID: 35e20cdfc0a0192d6f56a3f4d43eb54f67b85c2da424a8e7f6f0f86ebfc9e9a1
Opcode Fuzzy Hash: 53b76e4c7360ced8355a90c1ba8cca2d8cf467df60d04d43bb1f796f4f86dbcd
Instruction Fuzzy Hash: 39111CB291878187D725CF21F19416AF3A2FB89B94F144225EB8997B18DF7CE984CF00

Function 00007FF63420BDAC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.NTDLL ref: 00007FF63420BDBC

Strings

0, xrefs: 00007FF63420E1AA

Memory Dump Source

Source File: 00000000.00000002.4009987562.00007FF6341B1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00007FF6341B0000, based on PE: true

Associated: 00000000.00000002.4009951023.00007FF6341B0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344D1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6344DA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF634641000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4009987562.00007FF6347E0000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010475709.00007FF6347E1000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4010509461.00007FF6347E2000.00000004.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6341b0000_solara-executor.jbxd

Similarity

API ID: AcquireExclusiveLock
String ID: 0
API String ID: 4021432409-4108050209
Opcode ID: cf7cbb83cca8a80d1d98c2b66fbe41bdafea271a0637fe929e97ce8d2696cf3d
Instruction ID: 88c7e34cd653f4f4c7aa0bc59f654625399176c122b190f9cbeb6b1729db1d25
Opcode Fuzzy Hash: cf7cbb83cca8a80d1d98c2b66fbe41bdafea271a0637fe929e97ce8d2696cf3d
Instruction Fuzzy Hash: 70014B71A18942C2FB208F65E9E4638B7A0EF19725F401231CA2ED23E6DF3DA585E700

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report solara-executor.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\HJWXIAQ3.htm

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Windows Analysis Report
solara-executor.exe

Function 00007FF634204720 Relevance: 37.6, APIs: 7, Strings: 14, Instructions: 892
windowCOMMON

Function 00007FF6341FF7A0 Relevance: 36.9, APIs: 7, Strings: 14, Instructions: 150
libraryloaderCOMMON

Function 00007FF634200330 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 182
keyboardCOMMON

Function 00007FF634203F90 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126
nativeCOMMON

Function 000001984C01F46A Relevance: 8.0, APIs: 5, Instructions: 519
fileCOMMON

Function 00007FF6341FF2F0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 215
COMMON

Function 000001984BFF6FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Function 00007FF6342026C0 Relevance: 15.5, APIs: 10, Instructions: 516
COMMON

Function 00007FF6342041E0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 59
registryCOMMON

Function 00007FF634206C10 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 151
windowCOMMON

Function 000001984C0FCB40 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Function 000001984C1DA382 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 143
memoryCOMMON

Function 000001984C0D8720 Relevance: 4.7, APIs: 3, Instructions: 233
fileCOMMON