Edit tour

Windows Analysis Report
solara-executor.exe

Overview

General Information

Sample name:	solara-executor.exe
Analysis ID:	1581485
MD5:	eeece03585aaed37f6a7d7d32e9aaa96
SHA1:	b0dfef08d8c15e07328bb5d93ef751d87065cfc4
SHA256:	b51c6a29609f4796ccd6e11aa4d019b3b00f4de9a33aef9aad282dfd039b36c5
Tags:	exeuser-aachum
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Contain functionality to detect virtual machines

Found direct / indirect Syscall (likely to bypass EDR)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Potential thread-based time evasion detected

Query firmware table information (likely to detect VMs)

Tries to detect debuggers (CloseHandle check)

Tries to detect virtualization through RDTSC time measurements

Tries to evade analysis by execution special instruction (VM detection)

Tries to harvest and steal browser information (history, passwords, etc)

Abnormal high CPU Usage

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Detected potential crypto function

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Suricata IDS alerts with low severity for network traffic

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

solara-executor.exe (PID: 5628 cmdline: "C:\Users\user\Desktop\solara-executor.exe" MD5: EEECE03585AAED37F6A7D7D32E9AAA96)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2761532245.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2056776668.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2420217075.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2739690961.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2196586491.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2213922376.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2423302535.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2415984426.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2150461752.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2759173267.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2160548698.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2238530225.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2273256199.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2224476182.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2066825845.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2109491663.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2129395801.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2448092011.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2266396067.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2258876051.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2189727230.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2250896575.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2755972358.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2229406171.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2125885837.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000003.2173256789.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: solara-executor.exe PID: 5628	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 23 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.solara-executor.exe.222f2e581d0.0.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern UH

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-27T21:48:58.016771+0100	2803274	2	Potentially Bad Traffic	192.168.2.5	49704	172.67.75.163	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: solara-executor.exe

ReversingLabs: Detection: 55%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_00000222F2DD7740 Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock,CryptUnprotectData,

0_2_00000222F2DD7740

Source: unknown

HTTPS traffic detected: 172.67.75.163:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: solara-executor.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_00000222F2D3F46A Concurrency::details::WorkQueue::IsStructuredEmpty,FindFirstFileA,type_info::_name_internal_method,type_info::_name_internal_method,type_info::_name_internal_method,

0_2_00000222F2D3F46A

Source: Joe Sandbox View

IP Address: 172.67.75.163 172.67.75.163

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Network traffic

Suricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49704 -> 172.67.75.163:443

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43Host: api.myip.com

Source: global traffic

DNS traffic detected: DNS query: api.myip.com

Source: solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://https://https/:://websocketpp.processorGeneric
Source: solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: solara-executor.exe, solara-executor.exe, 00000000.00000003.2232020317.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2074279633.00000222F319A000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2199653922.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2227059974.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2082613170.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2072756351.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2145303034.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2178686050.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2067030788.00000222F319A000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2184889497.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2219899723.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2074279633.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2166260271.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2080366895.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2156057324.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2175367925.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2100840137.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2071892141.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2137868973.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/
Source: solara-executor.exe, 00000000.00000003.2232020317.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2199653922.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2227059974.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2082613170.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2072756351.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2145303034.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2178686050.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2184889497.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2219899723.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2074279633.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2166260271.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2080366895.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2156057324.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2175367925.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2100840137.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2071892141.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2137868973.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2060606863.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2117905861.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2097898815.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2067030788.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/#
Source: solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.myip.com/Russia
Source: solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: solara-executor.exe	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage
Source: solara-executor.exe	String found in binary or memory: https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold
Source: solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 172.67.75.163:443 -> 192.168.2.5:49704 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: solara-executor.exe

Static PE information: section name: .Q\H

Source: C:\Users\user\Desktop\solara-executor.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_00007FF6E4A33508 NtDelayExecution,

0_2_00007FF6E4A33508

Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E48905C4	0_2_00007FF6E48905C4
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E48905BC	0_2_00007FF6E48905BC
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E45897AC	0_2_00007FF6E45897AC
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E4573F78	0_2_00007FF6E4573F78
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E459A920	0_2_00007FF6E459A920
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E458A110	0_2_00007FF6E458A110
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E45A121C	0_2_00007FF6E45A121C
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E45AC1D0	0_2_00007FF6E45AC1D0
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E457AB6C	0_2_00007FF6E457AB6C
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E45A2C90	0_2_00007FF6E45A2C90
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E45A251C	0_2_00007FF6E45A251C
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E45AACE4	0_2_00007FF6E45AACE4
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00000222F2D63841	0_2_00000222F2D63841
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00000222F2D2BA30	0_2_00000222F2D2BA30
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00000222F2E00FD0	0_2_00000222F2E00FD0

Source: classification engine

Classification label: mal100.spyw.evad.winEXE@1/1@1/1

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: 0_2_00000222F2D16FE0 std::_Fac_node::_Fac_node,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,

0_2_00000222F2D16FE0

Source: C:\Users\user\Desktop\solara-executor.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\TGZLHECZ.htm

Jump to behavior

Source: C:\Users\user\Desktop\solara-executor.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: solara-executor.exe, 00000000.00000003.3388060075.00000222F4BEF000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2156197563.00000222F4BEF000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2166761806.00000222F4BEF000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2118627342.00000222F4BEF000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2109491663.00000222F4BEF000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2549868778.00000222F4BEF000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2755972358.00000222F4BEF000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.3030464268.00000222F4BEF000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.4114104576.00000222F4BEF000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2273256199.00000222F4BEF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE server_addresses (id VARCHAR, company_name VARCHAR, street_address VARCHAR, address_1 VARCHAR, address_2 VARCHAR, address_3 VARCHAR, address_4 VARCHAR, postal_code VARCHAR, sorting_code VARCHAR, country_code VARCHAR, language_code VARCHAR, recipient_name VARCHAR, phone_number VARCHAR)LGB@;8
Source: solara-executor.exe, 00000000.00000002.4465244474.00000222EE591000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE web_app_manifest_section ( expire_date INTEGER NOT NULL DEFAULT 0, id VARCHAR, min_version INTEGER NOT NULL DEFAULT 0, fingerprints BLOB)taEM32;
Source: solara-executor.exe, 00000000.00000003.2882854120.00000222F4BA7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2238530225.00000222F4BA7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.4114104576.00000222F4BA7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4468931771.00000222F4BA7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE clusters_and_visits(cluster_id INTEGER NOT NULL,visit_id INTEGER NOT NULL,score NUMERIC DEFAULT 0 NOT NULL,engagement_score NUMERIC DEFAULT 0 NOT NULL,url_for_deduping LONGVARCHAR NOT NULL,normalized_url LONGVARCHAR NOT NULL,url_for_display LONGVARCHAR NOT NULL,interaction_state INTEGER DEFAULT 0 NOT NULL,PRIMARY KEY(cluster_id,visit_id))WITHOUT ROWIDGER DEFAU;
Source: solara-executor.exe, 00000000.00000003.2266396067.00000222F4C11000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2415984426.00000222F4C01000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: solara-executor.exe

ReversingLabs: Detection: 55%

Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: xinput1_4.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\solara-executor.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: solara-executor.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: solara-executor.exe

Static file information: File size 5029376 > 1048576

Source: solara-executor.exe	Static PE information: Raw size of .data is bigger than: 0x100000 < 0x2a6400
Source: solara-executor.exe	Static PE information: Raw size of .sy_ is bigger than: 0x100000 < 0x127e00

Source: solara-executor.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: initial sample

Static PE information: section where entry point is pointing to: .Q\H

Source: solara-executor.exe	Static PE information: section name: .sy_
Source: solara-executor.exe	Static PE information: section name: .rsZ
Source: solara-executor.exe	Static PE information: section name: .Q\H

Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00007FF6E45B517E push rsi; retf	0_2_00007FF6E45B5193
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00000222F2EA25B1 push esi; ret	0_2_00000222F2EA25DE
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00000222F2DE4E8B push ss; retf	0_2_00000222F2DE4E97
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00000222F2DE4E60 push ss; retf	0_2_00000222F2DE4E97
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00000222F2E85A95 push esp; iretd	0_2_00000222F2E85C39
Source: C:\Users\user\Desktop\solara-executor.exe	Code function: 0_2_00000222F2D54970 push es; ret	0_2_00000222F2D5497F

Source: solara-executor.exe	Static PE information: section name: .sy_ entropy: 7.466048879991577
Source: solara-executor.exe	Static PE information: section name: .Q\H entropy: 7.75313487564793

Hooking and other Techniques for Hiding and Protection

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\Desktop\solara-executor.exe	Memory written: PID: 5628 base: 7FF8C8A5000D value: E9 BB CB EC FF			Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Memory written: PID: 5628 base: 7FF8C891CBC0 value: E9 5A 34 13 00			Jump to behavior

Source: C:\Users\user\Desktop\solara-executor.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Malware Analysis System Evasion

Contain functionality to detect virtual machines

Source: C:\Users\user\Desktop\solara-executor.exe

Code function: \\.\VBoxMiniRdrDN \\.\VBoxMiniRdrDN \\.\VBoxMiniRdrDN

0_2_00007FF6E45B32EC

Potential thread-based time evasion detected

Source: Initial file

Signature Results: Thread-based counter

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\solara-executor.exe	System information queried: FirmwareTableInformation			Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	System information queried: FirmwareTableInformation			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\solara-executor.exe

RDTSC instruction interceptor: First address: 7FF6E499E8A4 second address: 7FF6E499E8D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9014C1C185h 0x00000007 dec eax 0x00000008 mov dword ptr [esp+40h], 00000000h 0x00000010 inc ecx 0x00000011 shr cl, cl 0x00000013 mov dword ptr [esp+38h], 00000190h 0x0000001b dec esp 0x0000001c arpl di, ax 0x0000001e ror dh, 00000006h 0x00000021 dec ecx 0x00000022 rol ecx, 1 0x00000024 mov dword ptr [esp+30h], 00000258h 0x0000002c dec esp 0x0000002d sub eax, ebp 0x0000002f rdtsc

Tries to evade analysis by execution special instruction (VM detection)

Source: C:\Users\user\Desktop\solara-executor.exe	Special instruction interceptor: First address: 7FF6E4A32A69 instructions rdtsc caused by: RDTSC with Trap Flag (TF)
Source: C:\Users\user\Desktop\solara-executor.exe	Special instruction interceptor: First address: 7FF6E4A32A82 instructions rdtsc caused by: RDTSC with Trap Flag (TF)

Source: C:\Users\user\Desktop\solara-executor.exe

File opened / queried: VBoxMiniRdrDN

Jump to behavior

Source: C:\Users\user\Desktop\solara-executor.exe	Window / User API: threadDelayed 5855			Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Window / User API: foregroundWindowGot 1667			Jump to behavior

Source: C:\Users\user\Desktop\solara-executor.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\solara-executor.exe

0_2_00000222F2D3F46A

Source: solara-executor.exe, 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware ToolsNOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm0123456789+/LoadLibraryA
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsdvboxserviceu
Source: solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice
Source: solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtrayx64dbgh
Source: solara-executor.exe, 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: Kernel32.dllKernel32.dll\\.\VBoxMiniRdrDN
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareuser
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: solara-executor.exe, solara-executor.exe, 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: \\.\VBoxMiniRdrDN
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: solara-executor.exe, 00000000.00000003.3877800093.00000222F2CD4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2253178530.00000222F2CD4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2162048817.00000222F2CD4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2113628517.00000222F2CD4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.4395331320.00000222F2CD4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2062141274.00000222F2CD4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2072067263.00000222F2CD4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2088520036.00000222F2CD4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2200173257.00000222F2CD4000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000002.4466413673.00000222F2C6F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmwaretray
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-gaVGAuthServicevmwaretrayv
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: solara-executor.exe, solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtray
Source: solara-executor.exe, solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-ga
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: solara-executor.exe, 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: wiresharkvmwareuseri
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: solara-executor.exe, 00000000.00000003.2173256789.00000222F4B6D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\solara-executor.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\solara-executor.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Thread information set: HideFromDebugger			Jump to behavior

Tries to detect debuggers (CloseHandle check)

Source: C:\Users\user\Desktop\solara-executor.exe

Handle closed: DEADC0DE

Source: C:\Users\user\Desktop\solara-executor.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Process queried: DebugObjectHandle	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	Process queried: DebugPort	Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\solara-executor.exe	NtQuerySystemInformation: Direct from: 0x7FF6E49F914E	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	NtQuerySystemInformation: Direct from: 0x7FF6E49D97C5	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	NtQuerySystemInformation: Direct from: 0x7FF6E49C6F8F	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	NtQueryInformationProcess: Direct from: 0x7FF6E49D846F	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	NtQuerySystemInformation: Direct from: 0x7FF6E49E0143	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	NtQuerySystemInformation: Direct from: 0x7FF6E4A23BD8	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	NtSetInformationThread: Direct from: 0x7FF6E49FA46E	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E4A1D1F7	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	NtSetInformationThread: Direct from: 0x7FF6E49AD260	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E49B6188	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	NtProtectVirtualMemory: Direct from: 0x7FF6E4A111CC	Jump to behavior

Stealing of Sensitive Information

Found many strings related to Crypto-Wallets (likely being stolen)

Source: solara-executor.exe	String found in binary or memory: Electrum
Source: solara-executor.exe	String found in binary or memory: ElectronCash
Source: solara-executor.exe	String found in binary or memory: \com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb
Source: solara-executor.exe	String found in binary or memory: \Exodus\exodus.wallet
Source: solara-executor.exe	String found in binary or memory: \Ethereum\keystore
Source: solara-executor.exe	String found in binary or memory: \Exodus\exodus.wallet
Source: solara-executor.exe	String found in binary or memory: \Ethereum\keystore
Source: solara-executor.exe	String found in binary or memory: \Coinomi\Coinomi\wallets
Source: solara-executor.exe	String found in binary or memory: \Ethereum\keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\solara-executor.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Source: Yara match	File source: 0.2.solara-executor.exe.222f2e581d0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.2761532245.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2056776668.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2420217075.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2739690961.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2196586491.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2213922376.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2423302535.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2415984426.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2150461752.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2759173267.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2160548698.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2238530225.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2273256199.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2224476182.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2066825845.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2109491663.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2129395801.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2448092011.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2266396067.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2258876051.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2189727230.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2250896575.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2755972358.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2229406171.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2125885837.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2173256789.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: solara-executor.exe PID: 5628, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Masquerading	1 OS Credential Dumping	1 Query Registry	Remote Services	1 Credential API Hooking	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	32 Virtualization/Sandbox Evasion	1 Credential API Hooking	721 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Abuse Elevation Control Mechanism	Security Account Manager	32 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	2 Data from Local System	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	2 Obfuscated Files or Information	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	13 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	31 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
solara-executor.exe	55%	ReversingLabs	Win64.Trojan.Generic

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.myip.com	172.67.75.163	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.myip.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
http://https://https/:://websocketpp.processorGeneric	solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	false	high
https://ac.ecosia.org/autocomplete?q=	solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/chrome_newtab	solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/ac/?q=	solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	false	high
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	false	high
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	false	high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage	solara-executor.exe	false	high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	false	high
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	false	high
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	false	high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	false	high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	false	high
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.myip.com/Russia	solara-executor.exe, 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp	false	high
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage(Hold	solara-executor.exe	false	high
https://www.ecosia.org/newtab/	solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	false	high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	solara-executor.exe, 00000000.00000003.2052513631.00000222F4D23000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2052513631.00000222F4C1E000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2051057335.00000222F4C15000.00000004.00000020.00020000.00000000.sdmp	false	high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	solara-executor.exe, 00000000.00000003.2057269427.00000222F4C49000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2160548698.00000222F4CE7000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2196586491.00000222F4D52000.00000004.00000020.00020000.00000000.sdmp	false	high
https://api.myip.com/#	solara-executor.exe, 00000000.00000003.2232020317.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2199653922.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2227059974.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2082613170.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2072756351.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2145303034.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2178686050.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2184889497.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2219899723.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2074279633.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2166260271.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2080366895.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2156057324.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2175367925.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2100840137.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2071892141.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2137868973.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2060606863.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2117905861.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2097898815.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp, solara-executor.exe, 00000000.00000003.2067030788.00000222F31AC000.00000004.00000020.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.75.163	api.myip.com	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1581485
Start date and time:	2024-12-27 21:48:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	solara-executor.exe
Detection:	MAL
Classification:	mal100.spyw.evad.winEXE@1/1@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: solara-executor.exe

Simulations

Behavior and APIs

Time	Type	Description
15:49:31	API Interceptor	17729050x Sleep call for process: solara-executor.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
172.67.75.163	http://keynstrings.com/qdop/shriejeapd-xtre-czoyj-wux-182-n-ql72-dn6/?c=fg228vRhwgeAXmTlARVFPNkYQLEru1SQGolYq6DI2QO81BQyaFaUvmsyEbo4THF&dx6ywq7xi--6pmvnh36bm-q6ly=LedZebpban&f5W%2bAIcMkGZ9Lp3h7Da%2bJcuQl1mIISCF0%2bsnvlLl1C7JZwlOpPadnHGgzJCg9kkRnhKcM0BjIT2Bh9Pj1vF476j%3d%1d&url=htths%2a%0v%0wfr-tr.fazeboak.bon%2fUrbanZoccer%7c	Get hash	malicious	GRQ Scam	Browse	trk.adtrk18.com/aff_c?offer_id=15108&aff_id=1850&url_id=14904&aff_sub=ee27fca9-b066-4ae9-9cbc-def0df49be21&aff_sub5=cm3l19374

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.myip.com	LightSpoofer.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	solara-executor.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	solara-executor.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	WaveExecutor.exe	Get hash	malicious	Unknown	Browse	104.26.8.59
	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	WaveExecutor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Nexus-Executor.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	104.26.9.59
	Fortexternal.exe	Get hash	malicious	Unknown	Browse	104.26.9.59

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Setup.exe	Get hash	malicious	Unknown	Browse	104.21.2.114
	Setup.exe	Get hash	malicious	Unknown	Browse	104.21.2.114
	http://proxyium.com	Get hash	malicious	Unknown	Browse	104.21.80.92
	https://cbhc9.anguatiab.ru/RpweC/	Get hash	malicious	Unknown	Browse	1.1.1.1
	setup.msi	Get hash	malicious	Unknown	Browse	172.67.148.171
	search.hta	Get hash	malicious	Unknown	Browse	172.67.153.170
	http://bitstampweb.0532tg.com	Get hash	malicious	Unknown	Browse	172.67.133.12
	https://fin.hiringplatform.ca/processes/197662-tax-legislation-officer-ec-06-ec-07?locale=en	Get hash	malicious	Unknown	Browse	172.66.0.145
	SET_UP.exe	Get hash	malicious	LummaC	Browse	172.67.152.152
	!Setup.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.89.250

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	Setup.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	Setup.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	setup.msi	Get hash	malicious	Unknown	Browse	172.67.75.163
	search.hta	Get hash	malicious	Unknown	Browse	172.67.75.163
	TrdIE26br9.msi	Get hash	malicious	Unknown	Browse	172.67.75.163
	JA7cOAGHym.exe	Get hash	malicious	Vidar	Browse	172.67.75.163
	T4qO1i2Jav.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.75.163
	EB2UOXRNsE.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	gshv2.exe	Get hash	malicious	Unknown	Browse	172.67.75.163
	DOTA2#U89c6#U8ddd#U63d2#U4ef6.exe	Get hash	malicious	Unknown	Browse	172.67.75.163

Process:	C:\Users\user\Desktop\solara-executor.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	57
Entropy (8bit):	4.406851198109578
Encrypted:	false
SSDEEP:	3:YMb1gXME2OMfQxaNmGGL4:YMeX32uxaNmRL4
MD5:	720F698997A1D19594ED650E32E02974
SHA1:	A4F89E711434820EAA2250F0421904468ED9D13F
SHA-256:	0949A3EF0FE90F28780ADDE31202E2DC9C5FA57123355DF9C9FAA89A6EECCC04
SHA-512:	32D94C8297E64041F851F62D168A7AB8418ABEFB97B1AD0B33D2D801DDF204AF2228D29470AEF18F3A9309FF3E9A8C78CC657D7D5DFC40F70F27EE34100812FA
Malicious:	false
Reputation:	low
Preview:	{"ip":"8.46.123.189","country":"United States","cc":"US"}

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.140860834004168
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	solara-executor.exe
File size:	5'029'376 bytes
MD5:	eeece03585aaed37f6a7d7d32e9aaa96
SHA1:	b0dfef08d8c15e07328bb5d93ef751d87065cfc4
SHA256:	b51c6a29609f4796ccd6e11aa4d019b3b00f4de9a33aef9aad282dfd039b36c5
SHA512:	863dec9f04f5bbd73a019b1e607c9aa3dda74c634235d67a249bfd0855637365c93456d7737e2b0d96fe4d363317e2571be476055f79b1136eb801e2b65229d7
SSDEEP:	98304:CveubIwlqrdvqofMNGAPpPNmRuh5tqdXZ4VKeYFFp2wBF:BubIwlqLfVAxPRPt4ZsK1CC
TLSH:	5B369DE49B828644DAE14D78E5E87FD470B17AE3FD544AE3C8B6D50004987E0E14EAEF
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....jg.........."....)......+.......H........@..............................M...........`................................

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x14048a0ea
Entrypoint Section:	.Q\H
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x676A97FE [Tue Dec 24 11:16:14 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	72580ba63cb613cbe6fa975818c06da5

Entrypoint Preview

Instruction
inc ecx
push esi
dec ecx
mov esi, 9C96D23Eh
stosb
jc 00007F9014AB5301h
dec esp
pushfd
inc bp
sub esi, esi
dec ebp
lea esi, dword ptr [esi+2403ECB7h]
inc ecx
or dh, FFFFFF9Bh
dec esp
mov esi, dword ptr [esp+08h]
dec eax
mov dword ptr [esp+08h], 03368521h
push dword ptr [esp+00h]
popfd
dec eax
lea esp, dword ptr [esp+08h]
call 00007F9014AEE46Eh
dec ebp
imul edi, dword ptr [ebx], 62h
popfd
dec ecx
insd
xor eax, 3D6A234Ah
mul byte ptr [ecx+539B2595h]
cmp bh, ch
adc dword ptr [A2FBBB35h], esp
in eax, dx
push ss
pop ecx
insd
lodsd
and esp, dword ptr [ebx]
jp 00007F9014AB53A7h
pop edi
int1
xor al, 5Dh
pop eax
mov esi, E283C32Ah
mov eax, dword ptr [00014048h]
add byte ptr [eax], al
and edx, dword ptr [ecx-28h]
je 00007F9014AB53A2h
push eax
push ecx
or bl, ah
sub bl, bl
push edi
jnp 00007F9014AB536Dh
sbb al, cl
xlatb
rol dword ptr [eax], 2Ch
clc
mov byte ptr [ecx], ah
ficom dword ptr [edx+eax+23h]
out dx, eax
stosd
sti
retn D7F9h
mov eax, dword ptr [E8989458h]
dec ecx
sahf
mov byte ptr [edi], cl
aam 8Bh
mov edi, 207961FFh
outsd
xchg eax, esp
wait
lahf
pop ss
cdq
sub dword ptr [eax+57h], esp
pushfd
jnp 00007F9014AB5391h
dec edi
rcl ecx, FFFFFF88h
xchg dword ptr [ebx+edi*8-31h], ecx
outsd
adc ecx, edi
mov al, byte ptr [6F6B843Fh]
fst dword ptr [bx+di]
add ecx, dword ptr [F1020D46h]
mov eax, dword ptr [00000048h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x43b6a8	0x190	.Q\H
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4d0000	0x1d5	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x4c9ce0	0x4ad0	.Q\H
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4cf000	0x8a8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x5d300	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x4c9ba0	0x140	.Q\H
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x433000	0x158	.rsZ
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x4b27a	0x4b400	6d92c8ce9358a51f71040b33e6e76c7f	False	0.5803376764950167	data	6.574789995461824	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x4d000	0x13f98	0x14000	c82f73be815406af2898c18230f46ecb	False	0.47445068359375	data	5.635318220336803	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x61000	0x2a6860	0x2a6400	e1984f94a82c06ef86c8ed2dfe8ed2c0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x308000	0x2130	0x2200	78201aaed13826ece4b5714c2523f28e	False	0.8934972426470589	data	7.55738319767532	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.sy_	0x30b000	0x127c3a	0x127e00	bd0f15f9dfa43c6da2516c794999c168	False	0.8313042947296155	data	7.466048879991577	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsZ	0x433000	0xc38	0xe00	4f8803679ef457ff6287cd41dfb08a71	False	0.038783482142857144	OpenPGP Public Key	0.2512064651906209	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.Q\H	0x434000	0x9a7b0	0x9a800	f07afeb9339e45d51cbe27547224e474	False	0.9063606138754046	data	7.75313487564793	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.reloc	0x4cf000	0x8a8	0xa00	1e6c683221ad65142e4e7126500d0319	False	0.437109375	data	5.13406319288314	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x4d0000	0x1d5	0x200	e008588dc46d12450b48618363fa05b2	False	0.5234375	data	4.701503258251789	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x4d0058	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
d3d9.dll	Direct3DCreate9
KERNEL32.dll	QueryPerformanceFrequency
USER32.dll	UnregisterClassA
ADVAPI32.dll	RegOpenKeyExA
SHELL32.dll	SHBrowseForFolderA
ole32.dll	CoTaskMemFree
IMM32.dll	ImmSetCompositionWindow
MSVCP140.dll	_Cnd_do_broadcast_at_thread_exit
VCRUNTIME140_1.dll	__CxxFrameHandler4
VCRUNTIME140.dll	memset
api-ms-win-crt-stdio-l1-1-0.dll	__stdio_common_vsprintf
api-ms-win-crt-utility-l1-1-0.dll	qsort
api-ms-win-crt-string-l1-1-0.dll	strcmp
api-ms-win-crt-heap-l1-1-0.dll	free
api-ms-win-crt-runtime-l1-1-0.dll	_set_app_type
api-ms-win-crt-math-l1-1-0.dll	ceilf
api-ms-win-crt-locale-l1-1-0.dll	_configthreadlocale
KERNEL32.dll	GetSystemTimeAsFileTime
KERNEL32.dll	HeapAlloc, HeapFree, ExitProcess, LoadLibraryA, GetModuleHandleA, GetProcAddress

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-27T21:48:58.016771+0100	2803274	ETPRO MALWARE Common Downloader Header Pattern UH	2	192.168.2.5	49704	172.67.75.163	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 21:48:55.962199926 CET	49704	443	192.168.2.5	172.67.75.163
Dec 27, 2024 21:48:55.962248087 CET	443	49704	172.67.75.163	192.168.2.5
Dec 27, 2024 21:48:55.962359905 CET	49704	443	192.168.2.5	172.67.75.163
Dec 27, 2024 21:48:55.972608089 CET	49704	443	192.168.2.5	172.67.75.163
Dec 27, 2024 21:48:55.972620964 CET	443	49704	172.67.75.163	192.168.2.5
Dec 27, 2024 21:48:57.284231901 CET	443	49704	172.67.75.163	192.168.2.5
Dec 27, 2024 21:48:57.284411907 CET	49704	443	192.168.2.5	172.67.75.163
Dec 27, 2024 21:48:57.630997896 CET	49704	443	192.168.2.5	172.67.75.163
Dec 27, 2024 21:48:57.631014109 CET	443	49704	172.67.75.163	192.168.2.5
Dec 27, 2024 21:48:57.631463051 CET	443	49704	172.67.75.163	192.168.2.5
Dec 27, 2024 21:48:57.631506920 CET	49704	443	192.168.2.5	172.67.75.163
Dec 27, 2024 21:48:57.633913040 CET	49704	443	192.168.2.5	172.67.75.163
Dec 27, 2024 21:48:57.679331064 CET	443	49704	172.67.75.163	192.168.2.5
Dec 27, 2024 21:48:58.016793966 CET	443	49704	172.67.75.163	192.168.2.5
Dec 27, 2024 21:48:58.016877890 CET	49704	443	192.168.2.5	172.67.75.163
Dec 27, 2024 21:48:58.016897917 CET	443	49704	172.67.75.163	192.168.2.5
Dec 27, 2024 21:48:58.016910076 CET	443	49704	172.67.75.163	192.168.2.5
Dec 27, 2024 21:48:58.016962051 CET	49704	443	192.168.2.5	172.67.75.163
Dec 27, 2024 21:48:58.016962051 CET	49704	443	192.168.2.5	172.67.75.163
Dec 27, 2024 21:48:58.018657923 CET	49704	443	192.168.2.5	172.67.75.163
Dec 27, 2024 21:48:58.018681049 CET	443	49704	172.67.75.163	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2024 21:48:55.719281912 CET	59698	53	192.168.2.5	1.1.1.1
Dec 27, 2024 21:48:55.956480026 CET	53	59698	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 27, 2024 21:48:55.719281912 CET	192.168.2.5	1.1.1.1	0xc0d3	Standard query (0)	api.myip.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Dec 27, 2024 21:48:55.956480026 CET	1.1.1.1	192.168.2.5	0xc0d3	No error (0)	api.myip.com	172.67.75.163	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:48:55.956480026 CET	1.1.1.1	192.168.2.5	0xc0d3	No error (0)	api.myip.com	104.26.9.59	A (IP address)	IN (0x0001)	false
Dec 27, 2024 21:48:55.956480026 CET	1.1.1.1	192.168.2.5	0xc0d3	No error (0)	api.myip.com	104.26.8.59	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.myip.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	172.67.75.163	443	5628	C:\Users\user\Desktop\solara-executor.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-27 20:48:57 UTC	182	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.74 Safari/537.36 Edg/79.0.309.43 Host: api.myip.com
2024-12-27 20:48:58 UTC	780	IN	HTTP/1.1 200 OK Date: Fri, 27 Dec 2024 20:48:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close vary: Accept-Encoding CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4c7VPQxeny%2BlkD6oac5zsODQs0PwM3cBbSWPxqXaIODKgEM8h7gu%2FqwuAV3aci5igPIrCe4K4sXSTCqVMhNEyTHEBzt6zp48ePNHD3mod8ylX%2BGYa0iIb8zDcg%2FARw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8f8c2ca94a8e5e7f-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1783&min_rtt=1640&rtt_var=717&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2817&recv_bytes=820&delivery_rate=1780487&cwnd=228&unsent_bytes=0&cid=2162c21359460693&ts=746&x=0"
2024-12-27 20:48:58 UTC	63	IN	Data Raw: 33 39 0d 0a 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 63 63 22 3a 22 55 53 22 7d 0d 0a Data Ascii: 39{"ip":"8.46.123.189","country":"United States","cc":"US"}
2024-12-27 20:48:58 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	15:48:53
Start date:	27/12/2024
Path:	C:\Users\user\Desktop\solara-executor.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\solara-executor.exe"
Imagebase:	0x7ff6e4570000
File size:	5'029'376 bytes
MD5 hash:	EEECE03585AAED37F6A7D7D32E9AAA96
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2761532245.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2056776668.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2420217075.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2739690961.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2196586491.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2213922376.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2423302535.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2415984426.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2150461752.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2759173267.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2160548698.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2238530225.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2273256199.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2224476182.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2066825845.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2109491663.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2129395801.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2448092011.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2266396067.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2258876051.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2189727230.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2250896575.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2755972358.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2229406171.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2125885837.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2173256789.00000222F4AF3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.4%
Dynamic/Decrypted Code Coverage:	97%
Signature Coverage:	36.4%
Total number of Nodes:	66
Total number of Limit Nodes:	10

Executed Functions

Function 00000222F2D3F46A Relevance: 8.0, APIs: 5, Instructions: 519
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D3F47B
FindFirstFileA.KERNEL32 ref: 00000222F2D3F48B

Part of subcall function 00000222F2D15180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D15217

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$FileFindFirst
String ID:
API String ID: 2113789597-0
Opcode ID: 9e5f7ffdee86f083aae028ff9202a0dad064367f7c51f2bdc9baa9051b2abc7a
Instruction ID: 79e612d7d1435c8fc01114c416a954731f76fa95014f58624ae3c64456e07a5c
Opcode Fuzzy Hash: 9e5f7ffdee86f083aae028ff9202a0dad064367f7c51f2bdc9baa9051b2abc7a
Instruction Fuzzy Hash: CA120131118A48EFE765EB54C559BDBB3F1FB99300F504A1FA08EC3991DE719948CB82

Function 00000222F2D16FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00000222F2D1A110: char_traits.LIBCPMTD ref: 00000222F2D1A13D

std::_Fac_node::_Fac_node.LIBCPMTD ref: 00000222F2D1754F
CreateToolhelp32Snapshot.KERNEL32 ref: 00000222F2D175C4
Process32FirstW.KERNEL32 ref: 00000222F2D1764B
Process32NextW.KERNEL32 ref: 00000222F2D177AB

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Process32$CreateFac_nodeFac_node::_FirstNextSnapshotToolhelp32char_traitsstd::_
String ID:
API String ID: 4114415025-0
Opcode ID: d09cc08223590c010001c265fc9cf381c0dcd9f740b417416a20c83c33c02a84
Instruction ID: 4ef6b08916bb1af9c9d1fe373b5812a8f2448e18c07e6ee8fd0ef69e3417efa4
Opcode Fuzzy Hash: d09cc08223590c010001c265fc9cf381c0dcd9f740b417416a20c83c33c02a84
Instruction Fuzzy Hash: 3C328632218958ABF755EB74C5597DBB2E2FB9D304F800A3B704AC39D2ED729948C781

Function 00000222F2DD7740 Relevance: 4.7, APIs: 3, Instructions: 164
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2DD77D6
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2DD7854
CryptUnprotectData.CRYPT32 ref: 00000222F2DD78AD

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$CryptDataUnprotect
String ID:
API String ID: 3418212865-0
Opcode ID: 8104254e8c44712d63b6958348bd2658fd304a5fcd300e274a529b652c25b68b
Instruction ID: c551e2e8acc154203d2a9d855135d0b8c039b2f5a0e279b2016e97c9c108b6eb
Opcode Fuzzy Hash: 8104254e8c44712d63b6958348bd2658fd304a5fcd300e274a529b652c25b68b
Instruction Fuzzy Hash: FD51F170518B88DFE7A4EF68C4587AEB7F1FB99301F50492EA08DC3661DB759488CB42

Function 00007FF6E4A33508 Relevance: 1.5, APIs: 1, Instructions: 10
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDelayExecution.NTDLL(00007FF6E4A37C81,00007FF6E4A3475A,00007FF6E4A38F07,00007FF6E4A37E83,?,?,00007FF6E4A36998,?,00007FF5A4570000,00007FF6E4A374AA), ref: 00007FF6E4A33511

Memory Dump Source

Source File: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: 49ed1eab4af28d5b1b8ad57e811748fa187b9d73549b6da1b16cda3d5993c065
Instruction ID: 0c98ebab7cf5a2ae49c271caeff5024168f6a4ed0fa9dcb2b4995097c7e3a7f5
Opcode Fuzzy Hash: 49ed1eab4af28d5b1b8ad57e811748fa187b9d73549b6da1b16cda3d5993c065
Instruction Fuzzy Hash: C0D0C932F29981EBD2009B25ED0579D6721FB80788F504C22AA681BA9DDE28C5518B00

Function 00000222F2E1CB20 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00000222F2E1CB4D
Process32NextW.KERNEL32 ref: 00000222F2E1CBCF
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2E1CC3C
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2E1CC75
Process32NextW.KERNEL32 ref: 00000222F2E1CD1E

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyNextProcess32Queue::StructuredWork$CreateSnapshotToolhelp32
String ID:
API String ID: 2993956496-0
Opcode ID: 7b9a32e55cbadc2f48e0be57afc4d77c48d705eb1da5dadcfb5b3d144ee8e135
Instruction ID: 22f901543aeed832d72b04e5b41a507150bded10f5391b14275114b9af8a4868
Opcode Fuzzy Hash: 7b9a32e55cbadc2f48e0be57afc4d77c48d705eb1da5dadcfb5b3d144ee8e135
Instruction Fuzzy Hash: EE514331118B48EFF369EB64C559BDAB7F1FBD9300F501A2EA08AC3591DE719944CB82

Function 00000222F2DF8700 Relevance: 4.7, APIs: 3, Instructions: 233
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

type_info::_name_internal_method.LIBCMTD ref: 00000222F2DF87A0

Part of subcall function 00000222F2D46A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D46AAB
Part of subcall function 00000222F2D46A80: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D46ABA

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2DF8806
CreateFileA.KERNEL32 ref: 00000222F2DF8832

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFiletype_info::_name_internal_method
String ID:
API String ID: 645652700-0
Opcode ID: 4e731ca13842446266151ba90cbeb3dc49acdbd79ce0e0cb625fea912b99f654
Instruction ID: f75e6575896b8e5a9b6037d7ea4a5473d2b38da37f78c492bfd1b8f42e56ce49
Opcode Fuzzy Hash: 4e731ca13842446266151ba90cbeb3dc49acdbd79ce0e0cb625fea912b99f654
Instruction Fuzzy Hash: F3817031218A48AFF794EB68C948B9AB2F1FB89310F404B5EF089C36D1DE75D845CB42

Function 00000222F2D14740 Relevance: 4.6, APIs: 3, Instructions: 80
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D1476C
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D1477E

Part of subcall function 00000222F2D153C0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D153DD

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D147BB

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 56f0e97885bd8304239a8f2878fdd14305f6cae0faeb2e433c02dacfefb3af0e
Instruction ID: 789cdec2fab70a959fe3fdf059cdb91ae5fac4e78ab3a55a9ce8c4e5ce7adc24
Opcode Fuzzy Hash: 56f0e97885bd8304239a8f2878fdd14305f6cae0faeb2e433c02dacfefb3af0e
Instruction Fuzzy Hash: 9231F171128798AFE394EF18C459B5AF7F1FB99300F800A2EB0C9C36A1DBB59445CB42

Function 00000222F2DF8D20 Relevance: 4.6, APIs: 3, Instructions: 80
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2DF8D66
CreateFileA.KERNEL32 ref: 00000222F2DF8D95
ReadFile.KERNEL32 ref: 00000222F2DF8DC4

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: 0f53ec1d7225ee0e2e946b78d21a37f59a00d2c42ef312d8ace8f4880d4b2647
Instruction ID: b2de996fb0e8e3485424df162272da6c7010951b18d2050c5e86908773cd7e06
Opcode Fuzzy Hash: 0f53ec1d7225ee0e2e946b78d21a37f59a00d2c42ef312d8ace8f4880d4b2647
Instruction Fuzzy Hash: F721C270658B488FDB94EF5CC498B9ABBF0FB99301F50491DF489C3260DBB5E8448B42

Function 00000222F2DF8C80 Relevance: 4.5, APIs: 3, Instructions: 48
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2DF8CA7
CreateFileA.KERNEL32 ref: 00000222F2DF8CD6
ReadFile.KERNEL32 ref: 00000222F2DF8CFE

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: File$Concurrency::details::CreateEmptyQueue::ReadStructuredWork
String ID:
API String ID: 586831839-0
Opcode ID: 83e8c742d2fb874ca7d4929d0ff673e84aaab17037f01a7788fbea39043c8b49
Instruction ID: 0755ca89c0255e73772ff88f23543061f06f77ede7082ec0a2ad8b5fd14cea27
Opcode Fuzzy Hash: 83e8c742d2fb874ca7d4929d0ff673e84aaab17037f01a7788fbea39043c8b49
Instruction Fuzzy Hash: 82010574618B488FE744EF28C45871ABBF1FB99304F504A1DF089C3260DB79C5458B42

Function 00000222F2DF8BA0 Relevance: 3.1, APIs: 2, Instructions: 56
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2DF8BC0
CreateFileA.KERNEL32 ref: 00000222F2DF8BEF

Part of subcall function 00000222F2D1A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D1A18D

Part of subcall function 00000222F2DF8700: type_info::_name_internal_method.LIBCMTD ref: 00000222F2DF87A0
Part of subcall function 00000222F2DF8700: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2DF8806
Part of subcall function 00000222F2DF8700: CreateFileA.KERNEL32 ref: 00000222F2DF8832

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$CreateFile$type_info::_name_internal_method
String ID:
API String ID: 2627539804-0
Opcode ID: 6b4b1c5cc4193801e4694b2869ddc5c608a951a183309c70e656544d8d130ccd
Instruction ID: c80936c9b01196e58401f6d298f4d547722e8fe6e60ce647f1372d826f1d34de
Opcode Fuzzy Hash: 6b4b1c5cc4193801e4694b2869ddc5c608a951a183309c70e656544d8d130ccd
Instruction Fuzzy Hash: CB115E74618B489FE794EF68C44875AB7E0FBD9341F40492EE08DC3251DB79C8458B42

Function 00000222F2E39D3C Relevance: 1.6, APIs: 1, Instructions: 52
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00000222F2E39D6C

Part of subcall function 00000222F2E3A7F0: std::bad_alloc::bad_alloc.LIBCMTD ref: 00000222F2E3A7F9

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
String ID:
API String ID: 680105476-0
Opcode ID: 5abec39ec51edaf202242925094b47842b321172853483c05863efd8d55047f8
Instruction ID: 40852f5d4e055cd72834eb95e38d673fa26b3ab3b8f83997945b96aef2f40898
Opcode Fuzzy Hash: 5abec39ec51edaf202242925094b47842b321172853483c05863efd8d55047f8
Instruction Fuzzy Hash: 2D016220210909FAFA9873F54B9E3A419F4DB47342FF406149416CAAD2FAA7BC9D82D5

Non-executed Functions

Function 00007FF6E45A2C90 Relevance: 9.2, Strings: 7, Instructions: 481COMMON

Download Yara Rule

Strings

id != 0, xrefs: 00007FF6E45A2E56
Enable Asserts, xrefs: 00007FF6E45A2CA1
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6E45A2F45, 00007FF6E45A2F53, 00007FF6E45A3294, 00007FF6E45A3337
button >= 0 && button < ImGuiMouseButton_COUNT, xrefs: 00007FF6E45A2F4C, 00007FF6E45A329B, 00007FF6E45A333E
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6E45A326A
C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp, xrefs: 00007FF6E45A2E4F
button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown)))), xrefs: 00007FF6E45A3271

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_widgets.cpp$Enable Asserts$button >= 0 && button < ((int)(sizeof(g.IO.MouseDown) / sizeof(*(g.IO.MouseDown))))$button >= 0 && button < ImGuiMouseButton_COUNT$id != 0
API String ID: 0-4274794215
Opcode ID: 3d082a5b9fdc6d82db82af0fcec73ac3cb55db92a8e37500f3fa1b3c3f6636f6
Instruction ID: 96f327f7669582c99f63ac92b7966f8357afee757abb352f23da305cad692c96
Opcode Fuzzy Hash: 3d082a5b9fdc6d82db82af0fcec73ac3cb55db92a8e37500f3fa1b3c3f6636f6
Instruction Fuzzy Hash: 4D22E52BA0C28746F768CB36A4C13BA7691BF45748F048539DA5A872D1CE3EF444D71A

Function 00007FF6E45897AC Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 140COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6E4589832

Strings

[nav] NavUpdateCancelRequest(), xrefs: 00007FF6E458982B
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6E45898B1
child_window->ChildId != 0, xrefs: 00007FF6E45898B8

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID: _scwprintf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavUpdateCancelRequest()$child_window->ChildId != 0
API String ID: 1992661772-2037531206
Opcode ID: 147bc9acf881e6f604a061ce5f6769e3901235f85bfacc9819ca0a2d90824e74
Instruction ID: f0e81ae55fcb835cb04d85d13e15e6f16aee4c7fd469669f13c0500291d1eedf
Opcode Fuzzy Hash: 147bc9acf881e6f604a061ce5f6769e3901235f85bfacc9819ca0a2d90824e74
Instruction Fuzzy Hash: 9F61A32BE1C6C7C5E725CF3690813BD7751EF89B44F48823ADA4C866D5CF2AE4518B0A

Function 00007FF6E45A121C Relevance: 6.4, Strings: 5, Instructions: 146COMMON

Download Yara Rule

Strings

C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp, xrefs: 00007FF6E45A12CB, 00007FF6E45A12F3
C:\Users\55yar\Desktop\imgui-master\imgui_internal.h, xrefs: 00007FF6E45A1299
settings->ID == table->ID, xrefs: 00007FF6E45A12D2
settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount, xrefs: 00007FF6E45A12FA
p >= begin() && p < end(), xrefs: 00007FF6E45A12A0

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_internal.h$C:\Users\55yar\Desktop\imgui-master\imgui_tables.cpp$p >= begin() && p < end()$settings->ColumnsCount == table->ColumnsCount && settings->ColumnsCountMax >= settings->ColumnsCount$settings->ID == table->ID
API String ID: 0-2168725360
Opcode ID: d67d78d4299e780af1041790e6326c9159d1707e7ccb2a9a46e7215868db1075
Instruction ID: 0c641732283479926273263981173d5d999cc1e39d954158d23d8f43ddc2f904
Opcode Fuzzy Hash: d67d78d4299e780af1041790e6326c9159d1707e7ccb2a9a46e7215868db1075
Instruction Fuzzy Hash: 3561D077A186828AE711CF3AC1843AC7BA0FF05B48F44C436D7888B691DF39E555DB1A

Function 00007FF6E458A110 Relevance: 5.5, Strings: 4, Instructions: 506COMMON

Download Yara Rule

Strings

###NavUpdateWindowing, xrefs: 00007FF6E458A1B6
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6E458A11C
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6E458A46A
shared_mods != 0, xrefs: 00007FF6E458A471

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID: ###NavUpdateWindowing$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$shared_mods != 0
API String ID: 0-2089645622
Opcode ID: b3bb8cfdc5b017c6cdc0fc6fd05d277a0841bcdbd480010b8cc32c3afd8ff224
Instruction ID: 9436ad85758180a9c0fa56c382e191358ddca89489acfecc7184a674de9e5d09
Opcode Fuzzy Hash: b3bb8cfdc5b017c6cdc0fc6fd05d277a0841bcdbd480010b8cc32c3afd8ff224
Instruction Fuzzy Hash: AE32E737A187C796EB29CB3185803B973A1FF59304F084635DB5993A92DF3AB864C706

Function 00007FF6E457AB6C Relevance: 4.6, Strings: 3, Instructions: 850COMMON

Download Yara Rule

Strings

#RESIZE, xrefs: 00007FF6E457ACE0
idx == 0 || idx == 1, xrefs: 00007FF6E457B19E, 00007FF6E457B1D5, 00007FF6E457B33C, 00007FF6E457B36F, 00007FF6E457B376, 00007FF6E457B399, 00007FF6E457B3B5, 00007FF6E457B3F4, 00007FF6E457B425, 00007FF6E457B454, 00007FF6E457B482
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6E457B197, 00007FF6E457B1CE, 00007FF6E457B335, 00007FF6E457B368, 00007FF6E457B37C, 00007FF6E457B3BF, 00007FF6E457B48C

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID: #RESIZE$C:\Users\55yar\Desktop\imgui-master\imgui.h$idx == 0 || idx == 1
API String ID: 0-2721916863
Opcode ID: 01313bf063515705c3bf1a34bd5eb4906cc11673bafa71ce4911a41caf8c2060
Instruction ID: 107720083dea21905fc76352f008589dd2188c64cd31ad8e1ab9a77a26aa3797
Opcode Fuzzy Hash: 01313bf063515705c3bf1a34bd5eb4906cc11673bafa71ce4911a41caf8c2060
Instruction Fuzzy Hash: E292E33790C68A86E722CB36C4853B97760FF59348F08C731EA49665E2DF2AF584CB05

Function 00007FF6E4573F78 Relevance: 3.2, Strings: 2, Instructions: 702COMMON

Download Yara Rule

Strings

imgui.ini, xrefs: 00007FF6E4574001
imgui_log.txt, xrefs: 00007FF6E457400C

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID: imgui.ini$imgui_log.txt
API String ID: 0-3179804127
Opcode ID: 201522daf60c04d855bfb198d8b51a0ac20a46bb70f1a59c27a0916f93d117b8
Instruction ID: 6e6a200b8cba069f0d51fa8073df39509774d4bb27973cd7c8dd592399cf71ff
Opcode Fuzzy Hash: 201522daf60c04d855bfb198d8b51a0ac20a46bb70f1a59c27a0916f93d117b8
Instruction Fuzzy Hash: 46929C73505BC186D300CF35A8882DA37E8F754F48F188A39DF884BA59DB7581A5EB39

Function 00007FF6E459A920 Relevance: 2.6, Strings: 2, Instructions: 131COMMONLIBRARYCODE

Download Yara Rule

Strings

text_end != 0, xrefs: 00007FF6E459A98E
C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp, xrefs: 00007FF6E459A987

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID: C:\Users\55yar\Desktop\imgui-master\imgui_draw.cpp$text_end != 0
API String ID: 0-48455972
Opcode ID: 8f4644060c7aa161de6a38a3744498768bf1a15569a41e06892a2b9e6433394e
Instruction ID: c61a3d14c002e504e717c68f6af99e701d6316c6a1217c75f0bff9fc5f06c663
Opcode Fuzzy Hash: 8f4644060c7aa161de6a38a3744498768bf1a15569a41e06892a2b9e6433394e
Instruction Fuzzy Hash: 87413917A08ACB86E521863685803BA7351AF6E740F4EC333EB5967754DF3BED818305

Function 00000222F2D2BA30 Relevance: 1.7, Strings: 1, Instructions: 479COMMON

Download Yara Rule

Strings

P, xrefs: 00000222F2D2BE43

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID:
String ID: P
API String ID: 0-3110715001
Opcode ID: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction ID: 05614d8d487aa3916ea36424b6f19b3450711497ea6ed7f73be4fb051a236758
Opcode Fuzzy Hash: 69ad6d8646a8d42a4d38cd2fe8030801224298b73a5447b55754f5dd44c8bdc4
Instruction Fuzzy Hash: BA12D0302197489FD348DF28C1A0A6AB7E2FBCD308F504A6DF48AD77A5D674E941CB42

Function 00000222F2E00FD0 Relevance: 1.7, Strings: 1, Instructions: 412COMMON

Download Yara Rule

Strings

@, xrefs: 00000222F2E01358

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 7933f4891e23ad0f94992a3f6eb2be922eb660cd2aa8833eea23840f522815c4
Instruction ID: 0e6dabb7114dc62bb1dcdb614e89aaa3b61f278ba0424d681f5a8c20cd7d1545
Opcode Fuzzy Hash: 7933f4891e23ad0f94992a3f6eb2be922eb660cd2aa8833eea23840f522815c4
Instruction Fuzzy Hash: 7DE1007421CB889FE7A4DF18C45876AB7E1FB99301F204A1DE48ED7260DB74D885CB46

Function 00007FF6E45B32EC Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

\\.\VBoxMiniRdrDN, xrefs: 00007FF6E45B33A5, 00007FF6E45B33E3, 00007FF6E45B341F

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID: \\.\VBoxMiniRdrDN
API String ID: 0-4073649278
Opcode ID: 5e0378687472b45bff07877fe4dbec5d82c952688ec2375240f0d63d55917c3d
Instruction ID: 767ccbf221157c20b8c35593ccaa0759505493d549a2c16f5d00ce7c88934d3e
Opcode Fuzzy Hash: 5e0378687472b45bff07877fe4dbec5d82c952688ec2375240f0d63d55917c3d
Instruction Fuzzy Hash: CF312D2650CBC289D621C73CA88835A6B60E796364F540374F2EE867EADF2ED105DB16

Function 00007FF6E45AACE4 Relevance: .4, Instructions: 407COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4907014f542b12f8e0fb575fa82137cbbfb7b72d3aef68112134a6d505b37532
Instruction ID: 386b01f075d727a352defb3551af270e7ad5cbf8b9fdc2a70a1f5284d92b5bd6
Opcode Fuzzy Hash: 4907014f542b12f8e0fb575fa82137cbbfb7b72d3aef68112134a6d505b37532
Instruction Fuzzy Hash: 07120637E086878AE715CB3690803BDB7A0FF59388F044336DF48A6695DF3AA444DB55

Function 00007FF6E45AC1D0 Relevance: .4, Instructions: 353COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61e158dca8552e804027d152d04ff035f0b4a09b1e18503d36f4284a246e3b44
Instruction ID: ab6d0cf40ee5f362208218ebc3b0dd1c11953dd5ceb369ebd2d45bdcb818c05f
Opcode Fuzzy Hash: 61e158dca8552e804027d152d04ff035f0b4a09b1e18503d36f4284a246e3b44
Instruction Fuzzy Hash: 7FE1152B90C28386E7768A3591807BE6BE0EF45344F085431DE9A476D4CF3EE444EF2A

Function 00007FF6E45A251C Relevance: .3, Instructions: 261COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb2aface8b3cc67acef6fb85ea2df95e7238cd65533e81f3aeba394c8fd56b73
Instruction ID: 0a55d12ef14c1e81be2e10f02a4054fe9ecdfdaf8df70e2b57a2e787df2a4ac9
Opcode Fuzzy Hash: eb2aface8b3cc67acef6fb85ea2df95e7238cd65533e81f3aeba394c8fd56b73
Instruction Fuzzy Hash: AEC13A37F08B8689F311CB3680823F9B361AF6A388F059731EE4877AA5DF256156D705

Function 00007FF6E48905BC Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac2a252cd1f65fe55caedf18794408a0c097a3bbd0fb1df842877cc8c0f94db1
Instruction ID: 45116ab5e83adc552799a35acc16c399a14054cd935761d91a4c329a9db02e6f
Opcode Fuzzy Hash: ac2a252cd1f65fe55caedf18794408a0c097a3bbd0fb1df842877cc8c0f94db1
Instruction Fuzzy Hash: D2415B77B3067147EB288579A8E4FFE2752A396371F90A314E92197EC5CB3E450A8B40

Function 00007FF6E48905C4 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d876ce19136452cc989ef5c18d889106c00f8d68d0732d6d9ab3fb078961520
Instruction ID: 8609373d2d3ee8a89d06ec85310cfd6c74ecfbd7f3927d7404b8a91d783b7b2a
Opcode Fuzzy Hash: 6d876ce19136452cc989ef5c18d889106c00f8d68d0732d6d9ab3fb078961520
Instruction Fuzzy Hash: 8D417D73B3067147EB188579E8E4FFE2752A396370F90A314E92187EC5CB3E450A8B40

Function 00000222F2D63841 Relevance: .1, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3933692052abbb617f534a10efaa6307047042e1db0389fe2a76f298085f77
Instruction ID: 8f60a195d6f7ff8a9d00f3ef039faeb7920a6cf85c5f7e98934ea5b2fa68ee25
Opcode Fuzzy Hash: 1c3933692052abbb617f534a10efaa6307047042e1db0389fe2a76f298085f77
Instruction Fuzzy Hash: 48410DDFC0DAC51BC7428664ACAA6827F709A2324EBCF58DBD498CA587F048D409D712

Function 00000222F2D14850 Relevance: 36.9, APIs: 1, Strings: 20, Instructions: 159COMMON

Download Yara Rule

APIs

Part of subcall function 00000222F2D15360: _WChar_traits.LIBCPMTD ref: 00000222F2D1538D

Part of subcall function 00000222F2D14AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D14AD0
Part of subcall function 00000222F2D14AA0: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D14B2F
Part of subcall function 00000222F2D14AA0: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D14B41

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D148B8

Strings

b, xrefs: 00000222F2D1494B
o, xrefs: 00000222F2D14946
, xrefs: 00000222F2D1490A
, xrefs: 00000222F2D1491E
D, xrefs: 00000222F2D14923
c, xrefs: 00000222F2D14905
a, xrefs: 00000222F2D148F6
i, xrefs: 00000222F2D14900
, xrefs: 00000222F2D14937
K, xrefs: 00000222F2D1490F
e, xrefs: 00000222F2D14914
a, xrefs: 00000222F2D14932
t, xrefs: 00000222F2D1492D
KDBM, xrefs: 00000222F2D149A9
M, xrefs: 00000222F2D148F1
g, xrefs: 00000222F2D148FB
B, xrefs: 00000222F2D1493C
a, xrefs: 00000222F2D14928
l, xrefs: 00000222F2D14941
y, xrefs: 00000222F2D14919

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::Concurrency::details::_CriticalEmptyLock::_Queue::ReentrantScoped_lockScoped_lock::~_StructuredWork$Char_traits
String ID: $ $ $B$D$K$KDBM$M$a$a$a$b$c$e$g$i$l$o$t$y
API String ID: 1777712374-1292890139
Opcode ID: b2d997a1cd0057e47c91f10b8e029a4fbb281733a314e99ff4f758cdf7aee981
Instruction ID: 790ad0881dd9bdec9b55309118d2896961488d52aa9bb8b6df1069ca0ce96fab
Opcode Fuzzy Hash: b2d997a1cd0057e47c91f10b8e029a4fbb281733a314e99ff4f758cdf7aee981
Instruction Fuzzy Hash: 3561EC7050CB848FE760DB68C448B9ABBE1FBA5304F14492DA4C9C7261DBB5D499CB53

Function 00007FF6E457827C Relevance: 33.5, APIs: 4, Strings: 15, Instructions: 288COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6E45783A3
_scwprintf.LIBCMT ref: 00007FF6E45783AF
_scwprintf.LIBCMT ref: 00007FF6E45783E1
_scwprintf.LIBCMT ref: 00007FF6E457866B

Strings

gfff, xrefs: 00007FF6E4578726
(Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames), xrefs: 00007FF6E4578664
Debug##Default, xrefs: 00007FF6E45786AE
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6E45786D2
Size > 0, xrefs: 00007FF6E457829E
g.CurrentWindow->IsFallbackWindow == true, xrefs: 00007FF6E45786D9
Left, xrefs: 00007FF6E45783B4
333?, xrefs: 00007FF6E4578383
Press ESC to abort picking., xrefs: 00007FF6E45783A8
Middle, xrefs: 00007FF6E45783CA
Remap w/ Ctrl+Shift: click anywhere to select new mouse button., xrefs: 00007FF6E45783DA
C:\Users\55yar\Desktop\imgui-master\imgui.h, xrefs: 00007FF6E457841D
HoveredId: 0x%08X, xrefs: 00007FF6E457839C
Click %s Button to break in debugger! (remap w/ Ctrl+Shift), xrefs: 00007FF6E45783F0
Right, xrefs: 00007FF6E45783BF

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID: _scwprintf
String ID: (Debug Log: Auto-disabled some ImGuiDebugLogFlags after 2 frames)$333?$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$C:\Users\55yar\Desktop\imgui-master\imgui.h$Click %s Button to break in debugger! (remap w/ Ctrl+Shift)$Debug##Default$HoveredId: 0x%08X$Left$Middle$Press ESC to abort picking.$Remap w/ Ctrl+Shift: click anywhere to select new mouse button.$Right$Size > 0$g.CurrentWindow->IsFallbackWindow == true$gfff
API String ID: 1992661772-144267910
Opcode ID: 95c0efeeac6695517b9ef79687df18c4eb6971258deb0df6ff893b5f5dced54f
Instruction ID: b2ca4ba9bac15ffdf2e358fc21e82b7104ba6aecc610088f008701b939393ef9
Opcode Fuzzy Hash: 95c0efeeac6695517b9ef79687df18c4eb6971258deb0df6ff893b5f5dced54f
Instruction Fuzzy Hash: 76E1CD7BE1868786EB01CF35D4887E837A5EF44748F098236DA0D8B295DF3AE545C706

Function 00007FF6E4583E6C Relevance: 33.3, APIs: 8, Strings: 11, Instructions: 82COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6E4583EC5
_scwprintf.LIBCMT ref: 00007FF6E4583ED1
_scwprintf.LIBCMT ref: 00007FF6E4583EDD
_scwprintf.LIBCMT ref: 00007FF6E4583EE9
_scwprintf.LIBCMT ref: 00007FF6E4583EFA
_scwprintf.LIBCMT ref: 00007FF6E4583F44
_scwprintf.LIBCMT ref: 00007FF6E4583FA4
_scwprintf.LIBCMT ref: 00007FF6E4583FE2

Strings

Programmer error: %d visible items with conflicting ID!, xrefs: 00007FF6E4583EBE
(Hold CTRL to: use, xrefs: 00007FF6E4583EF3
Item Picker, xrefs: 00007FF6E4583F0F
Open FAQ->About ID Stack System, xrefs: 00007FF6E4583F59
Enable Asserts, xrefs: 00007FF6E4583FB9
https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage, xrefs: 00007FF6E4583F75
(Hold CTRL to:, xrefs: 00007FF6E4583F9D
Empty label e.g. Button("") == same ID as parent widget/node. Use Button("##xx") instead!, xrefs: 00007FF6E4583ED6
to break in item call-stack, or, xrefs: 00007FF6E4583F3D
Code should use PushID()/PopID() in loops, or append "##xx" to same-label identifiers!, xrefs: 00007FF6E4583ECA
Set io.ConfigDebugHighlightIdConflicts=false to disable this warning in non-programmers builds., xrefs: 00007FF6E4583EE2

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID: _scwprintf
String ID: (Hold CTRL to:$(Hold CTRL to: use$Code should use PushID()/PopID() in loops, or append "##xx" to same-label identifiers!$Empty label e.g. Button("") == same ID as parent widget/node. Use Button("##xx") instead!$Enable Asserts$Item Picker$Open FAQ->About ID Stack System$Programmer error: %d visible items with conflicting ID!$Set io.ConfigDebugHighlightIdConflicts=false to disable this warning in non-programmers builds.$https://github.com/ocornut/imgui/blob/master/docs/FAQ.md#qa-usage$to break in item call-stack, or
API String ID: 1992661772-3893620544
Opcode ID: 27905361bec1095fdf4065e825a22d720050d65f20a4082e02d5bcf9777f5090
Instruction ID: 8d1fa176fea529a98f2403c036ccbe5b471a4885839e3bc3ea3ddb0d8cd07047
Opcode Fuzzy Hash: 27905361bec1095fdf4065e825a22d720050d65f20a4082e02d5bcf9777f5090
Instruction Fuzzy Hash: 7041492ED1C14395EA11EB31A8C23B82361AF19744F485131E94CDA1E3DF6FF484CB9A

Function 00000222F2D96FF0 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D9722D
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D972AA
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D972C3
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D97303
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D97362
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D9737B
_Min_value.LIBCPMTD ref: 00000222F2D973B2
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D973CE
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D973E7
_Max_value.LIBCPMTD ref: 00000222F2D9741E
_Min_value.LIBCPMTD ref: 00000222F2D9743B

Part of subcall function 00000222F2D9F190: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00000222F2D9F1B5

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: 34194c3b2c4dfd965ddaab666ebbea208bd56193119cc555b2f518073ecbe67a
Instruction ID: 5320f8ac6b9deed5bb18b4e5756a2a7574cfb9f4b7bac6bcdb40944ed40e2ff9
Opcode Fuzzy Hash: 34194c3b2c4dfd965ddaab666ebbea208bd56193119cc555b2f518073ecbe67a
Instruction Fuzzy Hash: 2B02307111CB88EFE7B5EB58C058BDAB3E0FBA9300F400A1EA58DD3691DE719545CB82

Function 00000222F2D969A0 Relevance: 17.0, APIs: 11, Instructions: 484COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D96BDD
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D96C5A
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D96C73
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D96CB3
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D96D12
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D96D2B
_Min_value.LIBCPMTD ref: 00000222F2D96D62
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D96D7E
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D96D97
_Max_value.LIBCPMTD ref: 00000222F2D96DCE
_Min_value.LIBCPMTD ref: 00000222F2D96DEB

Part of subcall function 00000222F2D9F140: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00000222F2D9F165

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_$CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Affinity::operator!=Concurrency::details::HardwareMin_value$Max_valueSchedulerScheduler::_
String ID:
API String ID: 2048856540-0
Opcode ID: e866146c94e960af1540157134187f2a0fce7dbc0c02fbcd93b84c3e2d61bdcf
Instruction ID: 5f242a125785a30a415e6b89b32c3113688a6a17dc48f9076e854141893756ae
Opcode Fuzzy Hash: e866146c94e960af1540157134187f2a0fce7dbc0c02fbcd93b84c3e2d61bdcf
Instruction Fuzzy Hash: CC02217111CB88DFD7B5EB58C098BDAB3E0FBA9300F400A1EA58ED3695DE719545CB82

Function 00000222F2D82A10 Relevance: 15.2, APIs: 10, Instructions: 190COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 00000222F2D82A62

Part of subcall function 00000222F2D28FE0: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D28FFE

std::make_error_code.LIBCPMTD ref: 00000222F2D82AB6
std::make_error_code.LIBCPMTD ref: 00000222F2D82AF1

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 71ef438b1bb58b4182dc28e9ffd7d5b29104a32867a1bdd3a258c92d20c36c8b
Instruction ID: 0429ee5eefa28bce9e49a42f43626dcf7c1a8957bdf52fb68068101ae0d041e0
Opcode Fuzzy Hash: 71ef438b1bb58b4182dc28e9ffd7d5b29104a32867a1bdd3a258c92d20c36c8b
Instruction Fuzzy Hash: 95616331218694FBF254DB99CA58B7B77F1BF86340F40061AF584C69E2CAA6DC09C692

Function 00000222F2D5A850 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 00000222F2D5A955
shared_ptr.LIBCMTD ref: 00000222F2D5A9C3

Strings

d, xrefs: 00000222F2D5A95C

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 9472d0e4b889f094a3cab1acffd77fe61c7aaf73f92bde8c9ff228181d57b494
Instruction ID: 234c979686e07b67e71a7d09aaf46b86a6488684a5c73b905299491054a57e23
Opcode Fuzzy Hash: 9472d0e4b889f094a3cab1acffd77fe61c7aaf73f92bde8c9ff228181d57b494
Instruction Fuzzy Hash: CF917531118784EFE798EB68C15975ABBF1FFDA300F50095EB089C73A2DAB59844CB42

Function 00000222F2D5AB60 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 247COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 00000222F2D5AC65
shared_ptr.LIBCMTD ref: 00000222F2D5ACD3

Strings

d, xrefs: 00000222F2D5AC6C

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: c039b2a57ee3c25890e16ac37221422253289d1338e6c294ba37e84ef54042e4
Instruction ID: 9c5105c23be9b9da23731b8630dcf3023b7dc63556e59ee27f308e8315f888f2
Opcode Fuzzy Hash: c039b2a57ee3c25890e16ac37221422253289d1338e6c294ba37e84ef54042e4
Instruction Fuzzy Hash: 48916531518788EFE794EB68C159B6ABBF1FFDA300F50095EB089C7362DA759844CB42

Function 00000222F2D5A540 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 244COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 00000222F2D5A647
shared_ptr.LIBCMTD ref: 00000222F2D5A6B5

Strings

d, xrefs: 00000222F2D5A64E

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Decorator::getTableTypeshared_ptr
String ID: d
API String ID: 143873753-2564639436
Opcode ID: 9036c0c1e63749c3bc76dfb6a94ead1f4178844c3cfab8ee976c09acc3f1cf2d
Instruction ID: 0c44fd27c6deada38340b854e7237661feb72c393c7c5fe37a9b93d118556031
Opcode Fuzzy Hash: 9036c0c1e63749c3bc76dfb6a94ead1f4178844c3cfab8ee976c09acc3f1cf2d
Instruction Fuzzy Hash: F2917331118784AFE394EB68C15976ABBF1FFDA300F54095EB089C73A2DAB58945CB42

Function 00007FF6E4579020 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 208COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6E4579119

Strings

[io] Calling Platform_SetImeDataFn(): WantVisible: %d, InputPos (%.2f,%.2f), xrefs: 00007FF6E45790FA
g.Initialized, xrefs: 00007FF6E4579055
..., xrefs: 00007FF6E4579228
g.Windows.Size == g.WindowsTempSortBuffer.Size, xrefs: 00007FF6E4579301
g.WithinFrameScope && "Forgot to call ImGui::NewFrame()?", xrefs: 00007FF6E457908A
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6E457904E, 00007FF6E4579083, 00007FF6E45792FA

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID: _scwprintf
String ID: ...$C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[io] Calling Platform_SetImeDataFn(): WantVisible: %d, InputPos (%.2f,%.2f)$g.Initialized$g.Windows.Size == g.WindowsTempSortBuffer.Size$g.WithinFrameScope && "Forgot to call ImGui::NewFrame()?"
API String ID: 1992661772-1859298919
Opcode ID: f8933695fd9438fa6c8d93cfe349f0e4c2cc52ffe89d30926256d05e6267f997
Instruction ID: 9abc2dd39d9d5e86e1eb675349e27face4d2c1b11f448cfefd88fb7fcdc8007d
Opcode Fuzzy Hash: f8933695fd9438fa6c8d93cfe349f0e4c2cc52ffe89d30926256d05e6267f997
Instruction Fuzzy Hash: 04B1843790C6C385E711DF35C4D82E837A1EB45B88F088135DA4D976DACF3AA450C72A

Function 00000222F2D60EC0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 150COMMON

Download Yara Rule

APIs

Part of subcall function 00000222F2D1A110: char_traits.LIBCPMTD ref: 00000222F2D1A13D

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D60F36
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D60F55
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D60FE6
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D61041
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D61093

Strings

, xrefs: 00000222F2D60F08
', xrefs: 00000222F2D60F6D

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID: $'
API String ID: 2432257368-2481900351
Opcode ID: 80be3a970e3a749e1926a631d758321b903abe1dc6e94d3da15c608f29041d81
Instruction ID: c8438060de0d4f6b9c3a45978c3f0d776e23de1870f5f58c368c9ad66954e552
Opcode Fuzzy Hash: 80be3a970e3a749e1926a631d758321b903abe1dc6e94d3da15c608f29041d81
Instruction Fuzzy Hash: 2C513332118A88AFE754EB54C549BDAB7F1FB99300F404A5EB08DC35A2DF759548CB82

Function 00000222F2D4FBC0 Relevance: 9.4, APIs: 6, Instructions: 410COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 00000222F2D4FC91

Part of subcall function 00000222F2D50350: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D5035E

Part of subcall function 00000222F2D53150: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D53163

bool_.LIBCPMTD ref: 00000222F2D4FDA3
shared_ptr.LIBCMTD ref: 00000222F2D4FDB0
UnDecorator::getVbTableType.LIBCMTD ref: 00000222F2D4FE53
bool_.LIBCPMTD ref: 00000222F2D4FF3B
shared_ptr.LIBCMTD ref: 00000222F2D4FF48

Part of subcall function 00000222F2D53080: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D5308E
Part of subcall function 00000222F2D53080: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D530C4

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Decorator::getTableTypebool_shared_ptr
String ID:
API String ID: 2413108386-0
Opcode ID: 6640a39f1901468c84557b978c8c35a8a34c316a8f5c4d8d96b2e16a2f022a2b
Instruction ID: 185864e78ad70965a1fdfe7c39c5e04661f66782378f0a46128b8dc247a42348
Opcode Fuzzy Hash: 6640a39f1901468c84557b978c8c35a8a34c316a8f5c4d8d96b2e16a2f022a2b
Instruction Fuzzy Hash: 34F1693111CA44EFE765EB58C559BDAB3F0FF9A300F504A1AB089C76A1DEF19948C782

Function 00000222F2D7E080 Relevance: 9.4, APIs: 6, Instructions: 408COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00000222F2D7E0A3
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00000222F2D7E0B7
std::make_error_code.LIBCPMTD ref: 00000222F2D7E0D0
std::make_error_code.LIBCPMTD ref: 00000222F2D7E132
std::make_error_code.LIBCPMTD ref: 00000222F2D7E300

Part of subcall function 00000222F2D26020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 00000222F2D2602E

std::make_error_code.LIBCPMTD ref: 00000222F2D7E1B7

Part of subcall function 00000222F2D28FE0: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D28FFE

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
Instruction ID: da2c11e84d1f45f83c2cbe289d98cbf236f9433e79695cfb4b8dc540cd7c52cd
Opcode Fuzzy Hash: 4de1addda922bb358011cb094d11cd136575d8eaefb607a23010c85f2e40a63c
Instruction Fuzzy Hash: 03F11231118788EFE6A4EB58C559BDEB7F1FB9A300F40495EB08DC3692DE759848C782

Function 00000222F2D4BB60 Relevance: 9.1, APIs: 6, Instructions: 129COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D4BBA6
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00000222F2D4BBC9
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00000222F2D4BBEF
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00000222F2D4BC62
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00000222F2D4BC88
List.LIBCMTD ref: 00000222F2D4BC94

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Base::ContextIdentityQueueWork$Affinity::operator!=HardwareList
String ID:
API String ID: 2242293343-0
Opcode ID: 0f09c845dda9b562757045dec8ee4d3361f5b6171332ab6d94f79fbde5fb3f63
Instruction ID: 86a360879a7040104a8fa8b220dc0095b132858975354385133c8198f7b3cd59
Opcode Fuzzy Hash: 0f09c845dda9b562757045dec8ee4d3361f5b6171332ab6d94f79fbde5fb3f63
Instruction Fuzzy Hash: E9419731018A48AFD754EB64D559BDAB7F0FBD5300F404A1EB089C3295DEB5D988C782

Function 00000222F2D91A30 Relevance: 9.1, APIs: 6, Instructions: 93COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D91A5E

Part of subcall function 00000222F2D676A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00000222F2D676B8

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D91A80

Part of subcall function 00000222F2D90D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00000222F2D90D48

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D91AA2
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D91AC4
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D91AE6
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D91B08

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction ID: c57fc885ecec5e01fa15996162cfc1e92afa54c52db77f4a20961440750174ca
Opcode Fuzzy Hash: aeb162027570cbcb45857eaeecfccc621a0a56d2e3941c5bc9fa514a50d9ad9c
Instruction Fuzzy Hash: E331AD30618B889FE694EF6CC15975ABBE1FBDA340F504A5EB08DC3652DA719844CB83

Function 00007FF6E4587C28 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 78COMMON

Download Yara Rule

APIs

_scwprintf.LIBCMT ref: 00007FF6E4587CCE

Strings

[nav] NavInitRequest: from NavInitWindow(), init_for_nav=%d, window="%s", layer=%d, xrefs: 00007FF6E4587CBF
C:\Users\55yar\Desktop\imgui-master\imgui.cpp, xrefs: 00007FF6E4587C5D, 00007FF6E4587C6B, 00007FF6E4587D41
window == g.NavWindow, xrefs: 00007FF6E4587C64
g.NavWindow != 0, xrefs: 00007FF6E4587D48

Memory Dump Source

Source File: 00000000.00000002.4473487968.00007FF6E4571000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6E4570000, based on PE: true

Associated: 00000000.00000002.4473441868.00007FF6E4570000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473560457.00007FF6E45BD000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473615130.00007FF6E4877000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473742855.00007FF6E4878000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473779052.00007FF6E487B000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473827373.00007FF6E48AF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473875322.00007FF6E48B1000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473922619.00007FF6E48B2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4473972190.00007FF6E48B5000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474076581.00007FF6E49A3000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474124555.00007FF6E49A4000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4474225939.00007FF6E4A3F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6e4570000_solara-executor.jbxd

Similarity

API ID: _scwprintf
String ID: C:\Users\55yar\Desktop\imgui-master\imgui.cpp$[nav] NavInitRequest: from NavInitWindow(), init_for_nav=%d, window="%s", layer=%d$g.NavWindow != 0$window == g.NavWindow
API String ID: 1992661772-3051114554
Opcode ID: cbcb67b6c182422ec0642e70e5b60caaea31adab50c0d2da91e89f832378bad1
Instruction ID: c06e13c24253fed2d988718fff627cd9012088dfb90cbacddb2f0a710fdf9b20
Opcode Fuzzy Hash: cbcb67b6c182422ec0642e70e5b60caaea31adab50c0d2da91e89f832378bad1
Instruction Fuzzy Hash: 6F41813BA186839AE7258730E5813BA6BA0FB58744F04003ADB9D57695CF7EF491C70A

Function 00000222F2D65F20 Relevance: 8.0, APIs: 5, Instructions: 479COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 00000222F2D66127

Part of subcall function 00000222F2D3AB90: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D3ABAE

Part of subcall function 00000222F2D455D0: _Func_class.LIBCONCRTD ref: 00000222F2D455E3

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00000222F2D6615A
std::make_error_code.LIBCPMTD ref: 00000222F2D661A5

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::Func_classGroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 831135708-0
Opcode ID: 2b019b4e3f526854cc6463bb2731e43c27d4326d5903197f3522d122ad0e4905
Instruction ID: e716d3eeeadf71fde6731fa8ffd4d10d383512472b2c502ef5ef0416a7ed398a
Opcode Fuzzy Hash: 2b019b4e3f526854cc6463bb2731e43c27d4326d5903197f3522d122ad0e4905
Instruction Fuzzy Hash: F2F10A31118B48AFF7A8FB64C559BDAB3F1FB85300F904A2EB04DC3691DE7998498781

Function 00000222F2D62740 Relevance: 7.9, APIs: 5, Instructions: 422COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00000222F2D627C5
std::make_error_code.LIBCPMTD ref: 00000222F2D62810
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D62904
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00000222F2D62BB3

Part of subcall function 00000222F2D6F6A0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00000222F2D6F6CB

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00000222F2D62C8E

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Scheduler$ProcessorProxyRoot::Virtual$Base::ChoresConcurrency::details::_EmptyGroupQueue::ScheduleScheduler::_SegmentStructuredUnrealizedWorkstd::make_error_code
String ID:
API String ID: 1866601945-0
Opcode ID: 6361466119b5696c76e4a18258010037788d3f824b63a36e6c6d418195eda5b2
Instruction ID: 1588a4eb328a47163728d8130926a82a0efd5428c044102e865f00000e82f145
Opcode Fuzzy Hash: 6361466119b5696c76e4a18258010037788d3f824b63a36e6c6d418195eda5b2
Instruction Fuzzy Hash: ECF14631218B489FE7B4EB68C559BDAB3F1FB99300F500A2EA0CDC3691DE759545CB82

Function 00000222F2D513D0 Relevance: 7.8, APIs: 5, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbede3e1252d999f31721633d94d6373b7396c8f51936095a41df56cef3ba81
Instruction ID: 5196636f23281066f1f22941425d67c70421b65f11f5a7c0987e32f367e9e6e4
Opcode Fuzzy Hash: fcbede3e1252d999f31721633d94d6373b7396c8f51936095a41df56cef3ba81
Instruction Fuzzy Hash: 41B1303111CA88DFDBA4EB18C195F5AB7F4FB99340F504A5EA08EC3651DBB1D885CB42

Function 00000222F2D45960 Relevance: 7.8, APIs: 5, Instructions: 294COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 00000222F2D45A03
fpos.LIBCPMTD ref: 00000222F2D45B8E
fpos.LIBCPMTD ref: 00000222F2D45BC9
fpos.LIBCPMTD ref: 00000222F2D45C3C

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: 6a66e7cf8dba913559191b32390491cef5c931f42b95be3e289b6306e1102091
Instruction ID: a408f52f2fb4dafa81f4be9c047e2a2e4536dedcd8b7699e11c94ded6006d767
Opcode Fuzzy Hash: 6a66e7cf8dba913559191b32390491cef5c931f42b95be3e289b6306e1102091
Instruction Fuzzy Hash: 76B1EE3121CB88EFD7A4DB58C65975AB7F0FBA9301F544A1AF48AC3690C775D848CB42

Function 00000222F2D899B0 Relevance: 7.8, APIs: 5, Instructions: 277COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 00000222F2D899F1

Part of subcall function 00000222F2D28FE0: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D28FFE

std::make_error_code.LIBCPMTD ref: 00000222F2D89A94
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D89B96
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D89BBA

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 1851498522-0
Opcode ID: 492a224b550388b05797882098481dff78dabdcd5a7e14f40c215739ad5c1cc1
Instruction ID: c587986cbead132c3315c038199df0f81a0041a181fd1416242c53356135dc36
Opcode Fuzzy Hash: 492a224b550388b05797882098481dff78dabdcd5a7e14f40c215739ad5c1cc1
Instruction Fuzzy Hash: B7A18232118A48FBE7A5EB54C545BDBB3F0FB96701F400B1AB08AC26E1DEB5D94987C1

Function 00000222F2D7F260 Relevance: 7.7, APIs: 5, Instructions: 229COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 00000222F2D7F2A2

Part of subcall function 00000222F2D28FE0: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D28FFE

std::make_error_code.LIBCPMTD ref: 00000222F2D7F373

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 0e10fe46e0114a2cc6623c5f006bced123683b3bdc98cb0d2afb695f3a3e5abd
Instruction ID: 43da78d3f6065a753c9a43bc177222941156bd65a2c87b0e5b6aaeb61a17dd5f
Opcode Fuzzy Hash: 0e10fe46e0114a2cc6623c5f006bced123683b3bdc98cb0d2afb695f3a3e5abd
Instruction Fuzzy Hash: 5C915F32118788EFE365EB64C555BDBB3F1FB95300F804A1FB08AC6592DE759948CB82

Function 00000222F2D76EA9 Relevance: 7.7, APIs: 5, Instructions: 198COMMON

Download Yara Rule

APIs

Mailbox.LIBCMTD ref: 00000222F2D76EF2
Mailbox.LIBCMTD ref: 00000222F2D76F2A
Mailbox.LIBCMTD ref: 00000222F2D76F95
Mailbox.LIBCMTD ref: 00000222F2D76FC6
Mailbox.LIBCMTD ref: 00000222F2D76FF0

Part of subcall function 00000222F2D3BC30: Mailbox.LIBCMTD ref: 00000222F2D3BC7E

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Mailbox
String ID:
API String ID: 1763892119-0
Opcode ID: 06a3ff207c22bb6f37366860b149ab3668e7e4d9713726df24d0a8770affc0a8
Instruction ID: 08fed2bcf2f91ebf67a0f92fdaa6e79ac258bfe13e9c59a54d363dfa6af2588e
Opcode Fuzzy Hash: 06a3ff207c22bb6f37366860b149ab3668e7e4d9713726df24d0a8770affc0a8
Instruction Fuzzy Hash: C461413110CA8C9FD7A5EA58C458BEBB7E1FBA9301F400A1EB4CAD3691DE75D944C782

Function 00000222F2D326B0 Relevance: 7.7, APIs: 5, Instructions: 190COMMON

Download Yara Rule

APIs

std::bad_exception::bad_exception.LIBCMTD ref: 00000222F2D326D8
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00000222F2D32767

Part of subcall function 00000222F2D30B80: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D30BB2

Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00000222F2D327FE
std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D3286F
Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00000222F2D328DC

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_SchedulerScheduler::_$std::error_condition::error_condition$std::bad_exception::bad_exception
String ID:
API String ID: 3801495819-0
Opcode ID: f3d1858459e0af94582484c269b498f47c4f8567e9ef1adb0021aa434c7c7154
Instruction ID: 6a7e49c1cf494a7fb89bcdb63181d0aa5b87e58f722e0ba3d2fc266b9866dd24
Opcode Fuzzy Hash: f3d1858459e0af94582484c269b498f47c4f8567e9ef1adb0021aa434c7c7154
Instruction Fuzzy Hash: 4B615E31618B489FD7A4EF68C549B9AB7F1FB99310F404A5DE08DC3691DB74D848CB42

Function 00000222F2DAA5E0 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 00000222F2DAA608

Part of subcall function 00000222F2DAC140: shared_ptr.LIBCPMTD ref: 00000222F2DAC161

__crt_scoped_stack_ptr.LIBCPMTD ref: 00000222F2DAA687
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2DAA6E6
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2DAA6FD
__crt_scoped_stack_ptr.LIBCPMTD ref: 00000222F2DAA7A6

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
Instruction ID: fb2af7d111aa1e339421b2018c0cdd10c4989c467c6417b4f996a3382d476a9d
Opcode Fuzzy Hash: f2ef7a86016f0f96fb29ac205b938adafa905e91da66757f72e9247496227554
Instruction Fuzzy Hash: AE612E30518B889FE7A4EF68C549B9AB7F0FB99340F504A1EB48DC3261DB75D885CB42

Function 00000222F2DAAAA0 Relevance: 7.7, APIs: 5, Instructions: 179COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 00000222F2DAAAC8

Part of subcall function 00000222F2DAC040: shared_ptr.LIBCPMTD ref: 00000222F2DAC061

__crt_scoped_stack_ptr.LIBCPMTD ref: 00000222F2DAAB47
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2DAABA6
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2DAABBD
__crt_scoped_stack_ptr.LIBCPMTD ref: 00000222F2DAAC66

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork__crt_scoped_stack_ptr$Decorator::getTableTypeshared_ptr
String ID:
API String ID: 2480882750-0
Opcode ID: 91d403a99b0aa0b9c84ca8b623b580e6659b45cf93c11dcecb02eb8a3e2d9174
Instruction ID: 29176ffa57e405cccf16ce501a1ef67f7edf3998f037cefb8277bd340fcc1012
Opcode Fuzzy Hash: 91d403a99b0aa0b9c84ca8b623b580e6659b45cf93c11dcecb02eb8a3e2d9174
Instruction Fuzzy Hash: CF612D30518B889FE7A4EF68C549B9AB7F0FB99340F504A1EB48CC3261DB75D885CB42

Function 00000222F2D7FF60 Relevance: 7.7, APIs: 5, Instructions: 171COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00000222F2D7FF83
Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00000222F2D7FF97
std::make_error_code.LIBCPMTD ref: 00000222F2D7FFB0
std::make_error_code.LIBCPMTD ref: 00000222F2D80003

Part of subcall function 00000222F2D26020: Concurrency::details::_ReaderWriterLock::_ReaderWriterLock.LIBCMTD ref: 00000222F2D2602E

std::make_error_code.LIBCPMTD ref: 00000222F2D80067

Part of subcall function 00000222F2D28FE0: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D28FFE

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupReaderScheduleSegmentUnrealizedWriter$Concurrency::details::_LockLock::_std::error_condition::error_condition
String ID:
API String ID: 3233732842-0
Opcode ID: a0ef178505f8f42ef101a244ccda7b3a22ccbac74f543580cc5e2d041e4eaf5a
Instruction ID: 7880c7796ffc93a496a597c3aa98747e1cc541dd3a9af034077e59b082b9744b
Opcode Fuzzy Hash: a0ef178505f8f42ef101a244ccda7b3a22ccbac74f543580cc5e2d041e4eaf5a
Instruction Fuzzy Hash: 1451F631114648FFE2A8EB58C659B9EB3F1FB85300F90465EB08DC35D2CE759849CB92

Function 00000222F2D80D30 Relevance: 7.6, APIs: 5, Instructions: 146COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D80D65

Part of subcall function 00000222F2D842A0: type_info::_name_internal_method.LIBCMTD ref: 00000222F2D842B8

std::make_error_code.LIBCPMTD ref: 00000222F2D80D7E

Part of subcall function 00000222F2D28FE0: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D28FFE

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D80DA7
std::make_error_code.LIBCPMTD ref: 00000222F2D80DC0

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
String ID:
API String ID: 2306575402-0
Opcode ID: 4b39966be41b15abd6190cfefa99efc2f337a93b3f9923bc7b93d7348519477d
Instruction ID: 5429044faaf7b8a9ac707d2c1c082c43d43db38dcb61af6b37d595964fbee3e8
Opcode Fuzzy Hash: 4b39966be41b15abd6190cfefa99efc2f337a93b3f9923bc7b93d7348519477d
Instruction Fuzzy Hash: 05517132228744BBE365DBA4C555BEB73F1FB86305F404B1AB089C65D2DBB5D908C782

Function 00000222F2D7FCF0 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D7FD17

Part of subcall function 00000222F2D842A0: type_info::_name_internal_method.LIBCMTD ref: 00000222F2D842B8

std::make_error_code.LIBCPMTD ref: 00000222F2D7FD2D

Part of subcall function 00000222F2D28FE0: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D28FFE

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D7FD50
std::make_error_code.LIBCPMTD ref: 00000222F2D7FD66

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwarestd::make_error_code$std::error_condition::error_conditiontype_info::_name_internal_method
String ID:
API String ID: 2306575402-0
Opcode ID: a32136fa3a3c95708d011456afc3b85815d78c4fd3309404f318db35ddc1acc6
Instruction ID: 2cde98bee5539fdfc895130ce66105e12c66518c9d6b1a2d212f23733cfec58b
Opcode Fuzzy Hash: a32136fa3a3c95708d011456afc3b85815d78c4fd3309404f318db35ddc1acc6
Instruction Fuzzy Hash: 6C219E31118B48EFE754EBA4C555BAA77F1FBC5340F400A1BB085C7AE2CA69D949C7C1

Function 00000222F2D91C70 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D91C9E

Part of subcall function 00000222F2D90D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00000222F2D90D48

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D91CC0
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D91CE2
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D91D04
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D91D26

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction ID: 9ee746eb362b42f3605f229c012e808fc0edcf40f61c669d7b22ef3d54c26c71
Opcode Fuzzy Hash: 1289f65bedd4f753d9bc64e073d9728bff9e2b420633cab40bd45a22262cb7c2
Instruction Fuzzy Hash: 6921DF30618B889FE6A4FB6CC15975ABBF1FBD9340F40491DB08DC3652DA7198448B82

Function 00000222F2D5BF60 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D5BF8E

Part of subcall function 00000222F2D676A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00000222F2D676B8

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D5BFB0
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D5BFD2
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D5BFF4
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D5C016

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
Instruction ID: 307e9e74c2453bcffb548cff41943e6abf32c85452318be1c711c0e4c4cb03e1
Opcode Fuzzy Hash: 815c5ab9791d234820be11a13cdb67723ff592c1cb60b69b78e51ea6d37036d7
Instruction Fuzzy Hash: B921E130618B889FE6A4FB6CC15975ABBF1FBD9340F40491DB08DC3652DA7198448B83

Function 00000222F2D794F0 Relevance: 7.6, APIs: 5, Instructions: 62COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D7951A
shared_ptr.LIBCMTD ref: 00000222F2D7952E

Part of subcall function 00000222F2D81B90: shared_ptr.LIBCMTD ref: 00000222F2D81B9E

allocator.LIBCPMTD ref: 00000222F2D79542
shared_ptr.LIBCMTD ref: 00000222F2D79554
allocator.LIBCPMTD ref: 00000222F2D79568

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: shared_ptr$allocator$Affinity::operator!=Concurrency::details::Hardware
String ID:
API String ID: 1053258265-0
Opcode ID: acecda906a579d1834abe9be22b0447806ffeda9d0483b6f12b57f1678672125
Instruction ID: 0f101009416f3808639e90a133a506d672d1d1ea5132bbe1517ca27cbf9d5e21
Opcode Fuzzy Hash: acecda906a579d1834abe9be22b0447806ffeda9d0483b6f12b57f1678672125
Instruction Fuzzy Hash: 9011603111CB48AFD6A0EB28C449BAAB7F5FBDA300F404A1EB48DC3251DA719849C782

Function 00000222F2D1E510 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 341COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D1E53C
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D1E5F2
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D1E6BA

Part of subcall function 00000222F2D1A110: char_traits.LIBCPMTD ref: 00000222F2D1A13D

Strings

, xrefs: 00000222F2D1E734

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$char_traits
String ID:
API String ID: 2432257368-3916222277
Opcode ID: b974f0540c9058089c82452ed277cccf237f16f2c414a66a2dec336d8410dea1
Instruction ID: a36dad3a2767d6352aeba8394b2793f603cd552e9275a66ae30b92f86fd490f6
Opcode Fuzzy Hash: b974f0540c9058089c82452ed277cccf237f16f2c414a66a2dec336d8410dea1
Instruction Fuzzy Hash: 75C12D32118B58ABF765EB68C559BDBB3F0FB99310F500B1AB08AC3591DE71D544CB82

Function 00000222F2D63328 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D6374F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D637BB
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D63815

Strings

e, xrefs: 00000222F2D6340C

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID: e
API String ID: 1865873047-4024072794
Opcode ID: 6d00e0167f8e6f836205d1563a8a38a28a10db6f67d0a951b36e1e151ae0e7ba
Instruction ID: 99e509d8f9be3c29e7fafcedc5a48413de95ef4e5f9b1bf6d993c605878d2a77
Opcode Fuzzy Hash: 6d00e0167f8e6f836205d1563a8a38a28a10db6f67d0a951b36e1e151ae0e7ba
Instruction Fuzzy Hash: A1614231518A84EFE794EBA8C548B5ABBF0FB95700F500A1EF149C36A1D7B9D845CF42

Function 00000222F2D2C5F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

APIs

_Subatomic.LIBCONCRTD ref: 00000222F2D2C660
_Subatomic.LIBCONCRTD ref: 00000222F2D2C6FC

Strings

d, xrefs: 00000222F2D2C630

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Subatomic
String ID: d
API String ID: 3648745215-2564639436
Opcode ID: efb1fcbe8c1811717f4302681e42682ec25775e0b23f357535bcb0ed867f423a
Instruction ID: d80b0ca439ec363e9f6ad252ab4b6acaab2715794e5711e2b818fad62edc1ff2
Opcode Fuzzy Hash: efb1fcbe8c1811717f4302681e42682ec25775e0b23f357535bcb0ed867f423a
Instruction Fuzzy Hash: 85416031219B489FD794EF28C44D76AB7E2FB99341F414A1EB08AD3260DBB5D9448B42

Function 00000222F2D14AA0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D14AD0
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D14B2F
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D14B41

Strings

, xrefs: 00000222F2D14B85

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_
String ID:
API String ID: 991905282-3916222277
Opcode ID: ebd1aeb2dcd32d8bef2b6fd8415372f157de3742f8a349a0521ce555ac17b011
Instruction ID: 545633f41baaae89513a02a16cf97689eeeac9b81d2ed7ae4d339ae9e958ea12
Opcode Fuzzy Hash: ebd1aeb2dcd32d8bef2b6fd8415372f157de3742f8a349a0521ce555ac17b011
Instruction Fuzzy Hash: 76411C31118B48AFF394EF68C59975AB7F0FB89301F905A1EB099C36B1CBB59845CB42

Function 00000222F2D82950 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 00000222F2D829A7

Part of subcall function 00000222F2D28FE0: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D28FFE

std::make_error_code.LIBCPMTD ref: 00000222F2D829D2
std::make_error_code.LIBCPMTD ref: 00000222F2D829EE

Strings

}, xrefs: 00000222F2D82996

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID: }
API String ID: 2527301759-4239843852
Opcode ID: be98c45c2635ea1b7c099d9ee1afc8aab728c4e80a3655f5ac3be0dc2360b2bb
Instruction ID: 7f8ad2dba1b5eff0f035d9b25407247901339852554b40912bd5104e020a16e4
Opcode Fuzzy Hash: be98c45c2635ea1b7c099d9ee1afc8aab728c4e80a3655f5ac3be0dc2360b2bb
Instruction Fuzzy Hash: AF215431118684EFE354EB98C548B5EBBF1FB86740F500A2EF089D29E1C6B5C985C782

Function 00000222F2DD7990 Relevance: 6.5, APIs: 4, Instructions: 491COMMON

Download Yara Rule

APIs

Part of subcall function 00000222F2D1A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D1A18D

Part of subcall function 00000222F2D1A110: char_traits.LIBCPMTD ref: 00000222F2D1A13D

type_info::_name_internal_method.LIBCMTD ref: 00000222F2DD7A04

Part of subcall function 00000222F2DF8700: type_info::_name_internal_method.LIBCMTD ref: 00000222F2DF87A0
Part of subcall function 00000222F2DF8700: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2DF8806
Part of subcall function 00000222F2DF8700: CreateFileA.KERNEL32 ref: 00000222F2DF8832

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2DD7AD4

Part of subcall function 00000222F2D15180: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D15217

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$EmptyQueue::StructuredWork$type_info::_name_internal_method$Affinity::operator!=CreateFileHardwarechar_traits
String ID:
API String ID: 2370075206-0
Opcode ID: 2e007a4ca4fa469a8197b78b23d3b49b3e5b4d815bb4c4113d832ba3a2a1e94f
Instruction ID: 0a09ec19b63392ca2bf3d392062321278839d1dc5aa63b0634e6f1631de81be1
Opcode Fuzzy Hash: 2e007a4ca4fa469a8197b78b23d3b49b3e5b4d815bb4c4113d832ba3a2a1e94f
Instruction Fuzzy Hash: AF023732118A48EAF365FB64C5597DFB3F0FB99300F504A5FB04AC25A2DE715949C782

Function 00000222F2D73900 Relevance: 6.4, APIs: 4, Instructions: 439COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00000222F2D73951

Part of subcall function 00000222F2D42880: _Ptr_base.LIBCMTD ref: 00000222F2D42893

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Base::ChoresConcurrency::details::GroupPtr_baseScheduleSegmentUnrealized
String ID:
API String ID: 3333744592-0
Opcode ID: dc1cf510213c58ad9adb572fefbd40c030cd3a53a822791e610936d31df96d76
Instruction ID: cf2c0a3b59acf183d845e032545914c72d289b9d8e17c2412fd3a07d703397fe
Opcode Fuzzy Hash: dc1cf510213c58ad9adb572fefbd40c030cd3a53a822791e610936d31df96d76
Instruction Fuzzy Hash: 7FF13431118B8CAFE7B5EB58C5597DBB3E1FB99300F400A2EA48DC3691DEB59544CB82

Function 00000222F2D65890 Relevance: 6.4, APIs: 4, Instructions: 359COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00000222F2D65917
std::make_error_code.LIBCPMTD ref: 00000222F2D65992
Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00000222F2D65B1C

Part of subcall function 00000222F2D6F870: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00000222F2D6F8CD
Part of subcall function 00000222F2D6F870: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00000222F2D6F8E4

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00000222F2D65CAB

Part of subcall function 00000222F2D46BC0: char_traits.LIBCPMTD ref: 00000222F2D46BE0

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::$Concurrency::details::_ProcessorProxyRoot::Scheduler::_Virtual$Base::ChoresGroupScheduleSegmentUnrealizedchar_traitsstd::make_error_code
String ID:
API String ID: 3113402709-0
Opcode ID: e2d3ee74bc8f1c16197933b13d06f8bb0aa28bf4c35c2e9712a17edbc610efea
Instruction ID: a58d35cd1c2ae2c20ae5e0ec00f67923fe4e7842edca033987445019f94e19e7
Opcode Fuzzy Hash: e2d3ee74bc8f1c16197933b13d06f8bb0aa28bf4c35c2e9712a17edbc610efea
Instruction Fuzzy Hash: 0FC13431118B4C9FE7A5EB68C559BDBB7E1FB99300F500A2FA08DC3291DE759944CB81

Function 00000222F2D22C70 Relevance: 6.4, APIs: 4, Instructions: 351COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D22CA2
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D22E63
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D22E78

Part of subcall function 00000222F2D1B170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D1B17E
Part of subcall function 00000222F2D1B170: _Max_value.LIBCPMTD ref: 00000222F2D1B1A3
Part of subcall function 00000222F2D1B170: _Min_value.LIBCPMTD ref: 00000222F2D1B1D1

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D22FB7

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Max_valueMin_value
String ID:
API String ID: 348937374-0
Opcode ID: 46c4db4a0ba23410846ec0059871a6f14c2db6919ad8fb743b4dd0f0e277dc33
Instruction ID: d92651620a6865feea1f17de6a41ba01a63d119cd2e3155bcbcc7db86c5d3d8d
Opcode Fuzzy Hash: 46c4db4a0ba23410846ec0059871a6f14c2db6919ad8fb743b4dd0f0e277dc33
Instruction Fuzzy Hash: 4FD1EF3121CB889FE794EB58C459B6AB7F1FBAD301F400A5EB08DC3661DA75D984CB42

Function 00000222F2D33390 Relevance: 6.3, APIs: 4, Instructions: 324COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D3352B
std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D33551

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::error_condition::error_condition
String ID:
API String ID: 246976077-0
Opcode ID: d31198dc6dca59d68eecd40352ab4af8a84c35953418963037b8bc59535296e3
Instruction ID: fa5b66f6050b908bbaeb4dffa418aa8a9f0478f2f8b18943f73df70f9d820d9c
Opcode Fuzzy Hash: d31198dc6dca59d68eecd40352ab4af8a84c35953418963037b8bc59535296e3
Instruction Fuzzy Hash: 8AC16231118748EFD7A5EB58C655B9BB7F0FB99300F500A2EB48AC3690DAB5DC45CB82

Function 00000222F2D81370 Relevance: 6.3, APIs: 4, Instructions: 304COMMON

Download Yara Rule

APIs

UnDecorator::getVbTableType.LIBCMTD ref: 00000222F2D81564

Part of subcall function 00000222F2D550A0: char_traits.LIBCPMTD ref: 00000222F2D550C1

Concurrency::details::VirtualProcessorRoot::GetSchedulerProxy.LIBCMTD ref: 00000222F2D815C1

Part of subcall function 00000222F2D8A0F0: Concurrency::details::_Scheduler::_Scheduler.LIBCMTD ref: 00000222F2D8A112

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Scheduler$Concurrency::details::Concurrency::details::_Decorator::getProcessorProxyRoot::Scheduler::_TableTypeVirtualchar_traits
String ID:
API String ID: 1673230147-0
Opcode ID: cfb114ce81b8242a8138127994242184d9f7b02dc7cc79d7158feec11a0593a8
Instruction ID: eedab87182ea4098526c0a1a77614d3cc091249c2fce85cc599da78490bb7106
Opcode Fuzzy Hash: cfb114ce81b8242a8138127994242184d9f7b02dc7cc79d7158feec11a0593a8
Instruction Fuzzy Hash: 16C1ED7111CB889FE7A4EB58C589BDBB7E1FBA9300F504A1EA08DC3251DF759484CB82

Function 00000222F2D824C0 Relevance: 6.3, APIs: 4, Instructions: 266COMMON

Download Yara Rule

APIs

Concurrency::details::ScheduleGroupSegmentBase::HasUnrealizedChores.LIBCMTD ref: 00000222F2D824E3
std::make_error_code.LIBCPMTD ref: 00000222F2D824FC

Part of subcall function 00000222F2D28FE0: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D28FFE

std::make_error_code.LIBCPMTD ref: 00000222F2D8253B

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$Base::ChoresConcurrency::details::GroupScheduleSegmentUnrealizedstd::error_condition::error_condition
String ID:
API String ID: 1046759889-0
Opcode ID: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
Instruction ID: 71696f8b37ec0425017f2ffe7abf189c7608295e853d5a0d601d22a87f349e07
Opcode Fuzzy Hash: 28292fa4d794b396cedd1ba8fdc4833dcd5acff12edfc6de44ad94c6088fe729
Instruction Fuzzy Hash: 7AB1F031118B88EFE6A4EB58C559BDAB7F1FBD9300F404A5EA08DC3691DE719845CB82

Function 00000222F2D4BF20 Relevance: 6.3, APIs: 4, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa309a1d5eda81a3067fdfd55af1e6fde9889dbaabf2b138042415afc4b680ce
Instruction ID: 25564298eae554008a09099d02ed193959456e0d7b8ccb76386df9c22cacac9b
Opcode Fuzzy Hash: fa309a1d5eda81a3067fdfd55af1e6fde9889dbaabf2b138042415afc4b680ce
Instruction Fuzzy Hash: FA913131118A48DFDBA4EB18C095F5AB7F5FFE9304F50495EA08EC7662CA71E845CB42

Function 00000222F2D7DCB0 Relevance: 6.2, APIs: 4, Instructions: 212COMMON

Download Yara Rule

APIs

std::make_error_code.LIBCPMTD ref: 00000222F2D7DCED

Part of subcall function 00000222F2D28FE0: std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D28FFE

std::make_error_code.LIBCPMTD ref: 00000222F2D7DD3C

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: std::make_error_code$std::error_condition::error_condition
String ID:
API String ID: 2527301759-0
Opcode ID: 351f3b0070db385a794c842934449ba9718e5f98f89dc91ef40d8d5444a139a1
Instruction ID: c164a17668de55ef238da02a1cada2ba959648d6e5d702db2a9bee1d5544c827
Opcode Fuzzy Hash: 351f3b0070db385a794c842934449ba9718e5f98f89dc91ef40d8d5444a139a1
Instruction Fuzzy Hash: 94815731118788EFE3A4EB58C554BAEB7F1FBD5300F404A6EB08EC35A1DA759848C782

Function 00000222F2D8B2A0 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D8B33B
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D8B462

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 31633297509520c3cf38a8ab650ddf2738620efd7f833d6bc15245c323a4a252
Instruction ID: ac4b08cec98c1c6fe308c4cba28db574f4766f593e6c48aea49622011a823c48
Opcode Fuzzy Hash: 31633297509520c3cf38a8ab650ddf2738620efd7f833d6bc15245c323a4a252
Instruction Fuzzy Hash: EC71473111DB48EFE7A5EB68C55ABEAB3F1FB99300F80091AB08DC3691DA75D845C742

Function 00000222F2D8B610 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D8B6AB
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D8B7D2

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Affinity::operator!=Concurrency::details::Hardwaretype_info::_name_internal_method
String ID:
API String ID: 1927102706-0
Opcode ID: 99a6b33ae6862e60c4063bc95135201a3c42c6b25746548689089e28a85fb9b4
Instruction ID: 85c8cb2a872968220b2f8cc265db798a4b505ab03e4555a323bfa46b43c9618b
Opcode Fuzzy Hash: 99a6b33ae6862e60c4063bc95135201a3c42c6b25746548689089e28a85fb9b4
Instruction Fuzzy Hash: 70713331118A88FFD7A5EB58C559BEAB3F1FB99300F40491AF04DC3691DEB5D9488782

Function 00000222F2D45700 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

APIs

fpos.LIBCPMTD ref: 00000222F2D4579A
fpos.LIBCPMTD ref: 00000222F2D45863
fpos.LIBCPMTD ref: 00000222F2D458B2
fpos.LIBCPMTD ref: 00000222F2D4594F

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: fpos
String ID:
API String ID: 1083263101-0
Opcode ID: 6482d30fa890008c781780ebb765b1d214955e0675561b79e15b2cde454a484b
Instruction ID: b18934d2f7997c2b1ac23c7623fb53936ea0907aac8664f56c8b57da6b0f2ac4
Opcode Fuzzy Hash: 6482d30fa890008c781780ebb765b1d214955e0675561b79e15b2cde454a484b
Instruction Fuzzy Hash: 2881203151CB48DFE7A4DB68C649B2ABBF0FBA9340F540A1EB499C36A0C775D844CB42

Function 00000222F2D28290 Relevance: 6.1, APIs: 4, Instructions: 147COMMON

Download Yara Rule

APIs

Part of subcall function 00000222F2D1A170: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D1A18D

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D283B2
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D283CD
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D2840F
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D2842A

Part of subcall function 00000222F2D1A110: char_traits.LIBCPMTD ref: 00000222F2D1A13D

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::EmptyQueue::StructuredWorkchar_traits
String ID:
API String ID: 1744367693-0
Opcode ID: 05dacfb44ce026340830ddc3cf9d5ce59777114b69a1943011c7116f23cbb7e6
Instruction ID: e7930176a32870f841c6f23919c3174aeeeb19b726a16f81861ada64238720c6
Opcode Fuzzy Hash: 05dacfb44ce026340830ddc3cf9d5ce59777114b69a1943011c7116f23cbb7e6
Instruction Fuzzy Hash: BD516031118784AFE3A4EB54C544B9BB7F1FB99304F504B1EB089C75A1DB75D849CB82

Function 00000222F2D4C210 Relevance: 6.1, APIs: 4, Instructions: 132COMMON

Download Yara Rule

APIs

shared_ptr.LIBCMTD ref: 00000222F2D4C2E4
Concurrency::details::HardwareAffinity::operator!=.LIBCMTD ref: 00000222F2D4C2F4
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00000222F2D4C305

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::$Affinity::operator!=Base::ContextHardwareIdentityQueueWorkshared_ptr
String ID:
API String ID: 714649587-0
Opcode ID: 606393b9907e576b18da76dfb43c28659ee352b60d92254cb05aa7b94d9479f7
Instruction ID: 28395a8d02ed64618ea9a5cdd3546544b2a541af7e73180e161b27fdc05ec93d
Opcode Fuzzy Hash: 606393b9907e576b18da76dfb43c28659ee352b60d92254cb05aa7b94d9479f7
Instruction Fuzzy Hash: B4414231118E48EFEB94EB58C199B6AB7F0FBA9344F500A1EB089C3671CB75D845CB81

Function 00000222F2DEE540 Relevance: 6.1, APIs: 4, Instructions: 120COMMON

Download Yara Rule

APIs

Part of subcall function 00000222F2DEE740: _Byte_length.LIBCPMTD ref: 00000222F2DEE7AE

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2DEE5C5
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2DEE5EE
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2DEE625
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2DEE64E

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Byte_length
String ID:
API String ID: 1141060839-0
Opcode ID: 02005683d15b1ee098adca8850f0ab6e0817b8d902aef18336bf657ad029fba1
Instruction ID: 65424e6a5688ac3c554911163710ec4b76f7afc4709e92bdd6378f2540571467
Opcode Fuzzy Hash: 02005683d15b1ee098adca8850f0ab6e0817b8d902aef18336bf657ad029fba1
Instruction Fuzzy Hash: 6E412031118B489FF754EB58C459BAAB7F0FB99341F504A1FB089C3671DE719988CB82

Function 00000222F2D6F060 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D6F08B

Part of subcall function 00000222F2D676A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00000222F2D676B8

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D6F0AA
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D6F0C9
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D6F0E8

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction ID: 9f3f19c760c9243e792df97238c7b61bd820c066eb3e4af79b6e806ad9412010
Opcode Fuzzy Hash: cb956ee21f3a3aaa3678e7144402df0106a8d44125415de00697684bfe6ddcac
Instruction Fuzzy Hash: EE110330618B88AFE694FB6CC55975EBBF1FBD9340F50091EB089C3661DA71D8448B83

Function 00000222F2D5B130 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D5B15B

Part of subcall function 00000222F2D676A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00000222F2D676B8

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D5B17A
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D5B199
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D5B1B8

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction ID: ccd7998f6edb6f7882e4ba24b1fcebaf2b538068c7c5f1607b7ce6703693fae5
Opcode Fuzzy Hash: 5ebaa40a4f578ec32dc140cd4265ac4d15574f18a09faa97c36fcb5168890ab8
Instruction Fuzzy Hash: 97110330628B88AFE694FB6CC55975EBBE1FBD9340F50091EB089C3661DA71D8448B83

Function 00000222F2D9D460 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D9D48B

Part of subcall function 00000222F2D676A0: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00000222F2D676B8

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D9D4AA

Part of subcall function 00000222F2D90D30: Concurrency::details::FreeThreadProxyFactory::Retire.LIBCMTD ref: 00000222F2D90D48

type_info::_name_internal_method.LIBCMTD ref: 00000222F2D9D4C9
type_info::_name_internal_method.LIBCMTD ref: 00000222F2D9D4E8

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: type_info::_name_internal_method$Concurrency::details::Factory::FreeProxyRetireThread
String ID:
API String ID: 1588182640-0
Opcode ID: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction ID: b3c53897041c0fd3da2e90fd39af3f15c743296f57982c1946a5eea4f870cb42
Opcode Fuzzy Hash: 6ae970fd7b6ecd4af07a3924a38ebf6e4c6a300736612a1d38c72f7b099ca0b1
Instruction Fuzzy Hash: CE11003061CB88AFE694FB6CC55975EBBE1FBD9340F50091EB089C3662DA71D8448B83

Function 00000222F2D533B0 Relevance: 6.1, APIs: 4, Instructions: 64COMMON

Download Yara Rule

APIs

_Func_class.LIBCONCRTD ref: 00000222F2D533C3
_Func_class.LIBCONCRTD ref: 00000222F2D5341D

Part of subcall function 00000222F2D49830: _Func_class.LIBCONCRTD ref: 00000222F2D4983E
Part of subcall function 00000222F2D49830: _Func_class.LIBCONCRTD ref: 00000222F2D4989C

_Func_class.LIBCONCRTD ref: 00000222F2D53441
_Func_class.LIBCONCRTD ref: 00000222F2D5344D

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Func_class
String ID:
API String ID: 1670654298-0
Opcode ID: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction ID: 07e43db139aa806cc3a9989a63344dffa46980ee9a4a2ce9334fbdeb18ce845d
Opcode Fuzzy Hash: 38473aa2b5a61d29b27f22a10d69b211cbe67f00fd19cdafc6ac81fe98dbe0f4
Instruction Fuzzy Hash: 69112131618A08AFE288EB5CC55972A77F1FB9A341F40091AB089C36B1DE66DC45C781

Function 00000222F2D6EEC0 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D6EF0A
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D6EF1E

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction ID: 0869ee1bbcaeaeb31f53f919c4721a974b766a937e0e0b22e347acdc908750d2
Opcode Fuzzy Hash: 71fea77b140ac0a4f1f8b75e0cd4dc0f508e3249f89da8f2dac7ae33cd6ace0c
Instruction Fuzzy Hash: A5014431534B49BFE3D4EB69C5597597AE5FB85300F800A1DB049C26D0CBF6D4488B42

Function 00000222F2D6EF60 Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D6EFAA
Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D6EFBE

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork
String ID:
API String ID: 1865873047-0
Opcode ID: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction ID: 8bfdb346e0bb58c971da1f6c323a3cff03e399e112c1cc6fb6c80b90385da321
Opcode Fuzzy Hash: 569c5ed67f06eeb5af1f4773db352e515aab386c18c1098d96fcece9d538aa53
Instruction Fuzzy Hash: E9014031134A5DAFD3D4EB69C65976ABAE2FB85340FC0091EB145C2AE1C7F6C4488B42

Function 00000222F2D13D40 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 321COMMON

Download Yara Rule

APIs

Part of subcall function 00000222F2D15360: _WChar_traits.LIBCPMTD ref: 00000222F2D1538D

Part of subcall function 00000222F2D14740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D1476C
Part of subcall function 00000222F2D14740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D1477E
Part of subcall function 00000222F2D14740: Concurrency::details::WorkQueue::IsStructuredEmpty.LIBCMTD ref: 00000222F2D147BB

Part of subcall function 00000222F2D14850: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D148B8

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::~_Scoped_lock.LIBCMTD ref: 00000222F2D1412A

Strings

, xrefs: 00000222F2D141B1
X, xrefs: 00000222F2D13EE3

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: Concurrency::details::EmptyQueue::StructuredWork$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::~_$Char_traits
String ID: $X
API String ID: 1626164810-1398056850
Opcode ID: 459196e51f94756fb9b3cdccdc4cbd187c8e5dac033fcd7483fa87476d7213ce
Instruction ID: 7907b652bf366dc244b487a897fa2da23c27ad96e5133118d5162fd545ab08de
Opcode Fuzzy Hash: 459196e51f94756fb9b3cdccdc4cbd187c8e5dac033fcd7483fa87476d7213ce
Instruction Fuzzy Hash: D8D1BB70518B889FE7B4EF68C498BDAB7E1FBD8301F50492EA48DC3651DB749885CB42

Function 00000222F2D75560 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON

Download Yara Rule

Strings

", xrefs: 00000222F2D75636
", xrefs: 00000222F2D7574E

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID:
String ID: "$"
API String ID: 0-3758156766
Opcode ID: 8fdaf1600544622fd33f728529cb6508d7889566d47cbe218040ba2ee86dacff
Instruction ID: faed0300a7646c39fd7bd94f5165a8d62143cc34a35195cf40ccc65e95bbce73
Opcode Fuzzy Hash: 8fdaf1600544622fd33f728529cb6508d7889566d47cbe218040ba2ee86dacff
Instruction Fuzzy Hash: 8C711B3211CB88EAE794EB54C585FDBB7F1FB99340F400A1AB48AC35A1DA71D549CB83

Function 00000222F2D34B00 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON

Download Yara Rule

APIs

std::error_condition::error_condition.LIBCPMTD ref: 00000222F2D34CEA

Part of subcall function 00000222F2D301A0: Concurrency::details::VirtualProcessor::ClaimTicket::InitializeTicket.LIBCMTD ref: 00000222F2D301BD

Strings

@, xrefs: 00000222F2D34B66
@, xrefs: 00000222F2D34BED

Memory Dump Source

Source File: 00000000.00000002.4467869232.00000222F2D10000.00000040.00001000.00020000.00000000.sdmp, Offset: 00000222F2D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_222f2d10000_solara-executor.jbxd

Yara matches

Similarity

API ID: ClaimConcurrency::details::InitializeProcessor::TicketTicket::Virtualstd::error_condition::error_condition
String ID: @$@
API String ID: 2004282921-149943524
Opcode ID: 9950cd689140dd32029c8ba334a83ce130f8fc6c6ba909f7c99662a502cc7da8
Instruction ID: 21bcce702c6ca9d76647f9aa00996f1fe6fa530b1990951fceaa122e52214044
Opcode Fuzzy Hash: 9950cd689140dd32029c8ba334a83ce130f8fc6c6ba909f7c99662a502cc7da8
Instruction Fuzzy Hash: 2751F775509744EFE7A4DB58C64879AB7F0FB96304F100A2EF189C3680D7769848CB46

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report solara-executor.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\TGZLHECZ.htm

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
solara-executor.exe

Function 00000222F2D3F46A Relevance: 8.0, APIs: 5, Instructions: 519
fileCOMMON

Function 00000222F2D16FE0 Relevance: 6.7, APIs: 4, Instructions: 693
processCOMMON

Function 00000222F2DD7740 Relevance: 4.7, APIs: 3, Instructions: 164
encryptionCOMMON

Function 00007FF6E4A33508 Relevance: 1.5, APIs: 1, Instructions: 10
nativeCOMMON

Function 00000222F2E1CB20 Relevance: 7.7, APIs: 5, Instructions: 166
processCOMMON

Function 00000222F2DF8700 Relevance: 4.7, APIs: 3, Instructions: 233
fileCOMMON

Function 00000222F2D14740 Relevance: 4.6, APIs: 3, Instructions: 80
COMMON

Function 00000222F2DF8D20 Relevance: 4.6, APIs: 3, Instructions: 80
fileCOMMON

Function 00000222F2DF8C80 Relevance: 4.5, APIs: 3, Instructions: 48
fileCOMMON

Function 00000222F2DF8BA0 Relevance: 3.1, APIs: 2, Instructions: 56
fileCOMMON

Function 00000222F2E39D3C Relevance: 1.6, APIs: 1, Instructions: 52
COMMONLIBRARYCODE