Windows Analysis Report
Solara.exe

Overview

General Information

Sample name:	Solara.exe
Analysis ID:	1532354
MD5:	25e61fd473a4a437c052fe60e4a76e0a
SHA1:	747c49b5e86b4a5c30f2685ec400708f918c814b
SHA256:	58c5681677bccc44d38ca7476282126d6f42810dbf8eaff735ee6d058d843b56
Tags:	exeuser-aachum
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Query firmware table information (likely to detect VMs)

Sample uses string decryption to hide its real strings

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com:443/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/	URL Reputation: Label: malware

Found malware configuration

Source: 1.2.Solara.exe.400000.0.unpack

Malware Configuration Extractor: LummaC {"C2 url": ["enlargkiw.sbs", "condifendteu.sbs", "resinedyw.sbs", "allocatinow.sbs", "explorationmsn.store", "vennurviot.sbs", "drawwyobstacw.sbs", "ehticsprocw.sbs", "mathcucom.sbs"], "Build id": "1AsNN2--6811018700"}

Machine Learning detection for sample

Source: Solara.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: drawwyobstacw.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: condifendteu.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: ehticsprocw.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: vennurviot.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: resinedyw.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: enlargkiw.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: allocatinow.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: mathcucom.sbs
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: explorationmsn.store
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1707226175.0000000000CBA000.00000004.00000001.01000000.00000003.sdmp	String decryptor: 1AsNN2--6811018700

Uses 32bit PE files

Source: Solara.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.249:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.77.78:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.193:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.30.221:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.141.136:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49742 version: TLS 1.2

Source: Solara.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\d67tcqi\Literally.pdb source: Solara.exe
Source:	Binary string: C:\d67tcqi\Literally.pdb source: Solara.exe

Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9546A FindFirstFileExW,	0_2_00C9546A
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C95854 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00C95854
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9546A FindFirstFileExW,	1_2_00C9546A
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C95854 FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00C95854

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+eax*8], 07E776F1h	0_2_00CFE000
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 64567875h	0_2_00CFA6B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then push eax	0_2_00CCA670
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	0_2_00D007E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00CFA800
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00CFA800
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	0_2_00CFA800
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00CFE830
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 731CDBF3h	0_2_00CFE830
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h	0_2_00CF6C20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+752D80C8h]	0_2_00CDCDC0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [edi+ebx]	0_2_00CBF550
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then dec eax	0_2_00CBD560
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00CD98B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov dword ptr [esp+10h], 8F3C8951h	0_2_00CD98B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ebx, eax	0_2_00CF9FB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 53F09CFAh	0_2_00CF9FB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, ebx	0_2_00CF9FB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+ebx*8], 07E776F1h	0_2_00CF9FB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx-33C2697Ah]	1_2_004431C3
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 27BAF212h	1_2_004431C3
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+000001B8h]	1_2_00411183
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	1_2_00411183
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+6B618F2Dh]	1_2_00411183
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-5Eh]	1_2_0042B2D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-522ADBD1h]	1_2_00423490
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [esi+eax-2AE6E5FBh]	1_2_0043C516
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, ebx	1_2_0043C516
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edi, byte ptr [edx]	1_2_004465D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	1_2_004465D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-14h]	1_2_0040E9B5
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edi, byte ptr [esi+edx+035E8DCAh]	1_2_00410AD1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edi, byte ptr [esp+edx]	1_2_0040CF50
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 4E7D7006h	1_2_00442F0D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	1_2_0042F000
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+eax*8], 07E776F1h	1_2_004440D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ebx, eax	1_2_00440080
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 53F09CFAh	1_2_00440080
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, ebx	1_2_00440080
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+ebx*8], 07E776F1h	1_2_00440080
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	1_2_0042D166
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	1_2_0042D1D1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	1_2_00427180
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [ebx+esi+7DD3323Ah]	1_2_004251A6
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [ecx], si	1_2_004251A6
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], F3285E74h	1_2_00441270
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 731CDBF3h	1_2_00441270
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+ecx-0000012Ah]	1_2_0042C204
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov dword ptr [esp+2Ch], esi	1_2_004452A0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	1_2_0041E400
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [ebx], al	1_2_004304A1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [ebx+ecx-4E7A8F49h]	1_2_0043250E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov eax, dword ptr [esi+0Ch]	1_2_0043250E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	1_2_0042F5A0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then jmp eax	1_2_0042C644
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0041D610
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [edi+ebx]	1_2_00405620
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then dec eax	1_2_00403630
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, byte ptr [ebp+ecx-0000012Ah]	1_2_0042C6EF
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ecx, word ptr [esi+eax]	1_2_0043E6B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then push eax	1_2_00410740
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	1_2_00425750
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0042B780
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], 64567875h	1_2_00440780
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	1_2_004408D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	1_2_004408D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	1_2_004408D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	1_2_004468B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0042B963
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	1_2_00444900
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 731CDBF3h	1_2_00444900
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+1Ch]	1_2_0042A920
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx-56h]	1_2_0042A920
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edi, edx	1_2_004309D7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edi, edx	1_2_004309D7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [ebx], al	1_2_004309D7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, dword ptr [esi+0Ch]	1_2_004319E7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [edi], al	1_2_004319E7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, ecx	1_2_004319E7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [esi], al	1_2_0041F980
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov dword ptr [esp+10h], 8F3C8951h	1_2_0041F980
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	1_2_0042FA20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0041DA30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov esi, eax	1_2_0041DA30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, eax	1_2_0041DA30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	1_2_00406AD0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, ebx	1_2_0043CAD0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	1_2_00439A90
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 07E776F1h	1_2_0042CB88
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then jmp ecx	1_2_00408CCF
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebx+edi*8], 07E776F1h	1_2_0043CCF0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], dx	1_2_00424CF1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx esi, word ptr [ebp+eax*4+00h]	1_2_0040BCA0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx eax, word ptr [ebp+ebx*4+00h]	1_2_0040BCA0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then jmp eax	1_2_00429D54
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 07E776F1h	1_2_00429D54
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov esi, eax	1_2_00428D20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, ecx	1_2_00428D20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then jmp eax	1_2_00428D20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, ebx	1_2_00444DC0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [ebx], al	1_2_0042FDD7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [ebx], dl	1_2_0042FDE1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov ecx, dword ptr [esi+28h]	1_2_0042FDE1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov dword ptr [esi+08h], edi	1_2_0042FDE1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx ecx, byte ptr [ebp+eax-4A206314h]	1_2_00420D85
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [ebp+eax-80h]	1_2_00420D85
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [edi+eax-0000008Fh]	1_2_00420D85
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov dword ptr [ebp-34h], edi	1_2_00420D85
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+752D80C8h]	1_2_00422E90
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov word ptr [eax], cx	1_2_0042BE90
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov esi, eax	1_2_00428EB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov edx, ecx	1_2_00428EB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then jmp eax	1_2_00428EB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 4x nop then mov byte ptr [ebx], al	1_2_00430FE2

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056562 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vennurviot .sbs) : 192.168.2.4:63554 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056570 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mathcucom .sbs) : 192.168.2.4:53019 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056558 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (condifendteu .sbs) : 192.168.2.4:53173 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056566 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enlargkiw .sbs) : 192.168.2.4:62379 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056567 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (enlargkiw .sbs in TLS SNI) : 192.168.2.4:49731 -> 104.21.33.249:443
Source: Network traffic	Suricata IDS: 2056564 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resinedyw .sbs) : 192.168.2.4:51372 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056568 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (allocatinow .sbs) : 192.168.2.4:50815 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056556 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawwyobstacw .sbs) : 192.168.2.4:49523 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056561 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (ehticsprocw .sbs in TLS SNI) : 192.168.2.4:49734 -> 104.21.30.221:443
Source: Network traffic	Suricata IDS: 2056560 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ehticsprocw .sbs) : 192.168.2.4:59870 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056559 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (condifendteu .sbs in TLS SNI) : 192.168.2.4:49735 -> 172.67.141.136:443
Source: Network traffic	Suricata IDS: 2056571 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (mathcucom .sbs in TLS SNI) : 192.168.2.4:49730 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2056565 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (resinedyw .sbs in TLS SNI) : 192.168.2.4:49732 -> 104.21.77.78:443
Source: Network traffic	Suricata IDS: 2056563 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (vennurviot .sbs in TLS SNI) : 192.168.2.4:49733 -> 172.67.140.193:443
Source: Network traffic	Suricata IDS: 2056557 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawwyobstacw .sbs in TLS SNI) : 192.168.2.4:49736 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49736 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49736 -> 188.114.96.3:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49740 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49733 -> 172.67.140.193:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49733 -> 172.67.140.193:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49734 -> 104.21.30.221:443
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49737 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49734 -> 104.21.30.221:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49739 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49739 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49742 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49732 -> 104.21.77.78:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 104.21.77.78:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 188.114.97.3:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49735 -> 172.67.141.136:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49735 -> 172.67.141.136:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.33.249:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.33.249:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49738 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49738 -> 104.21.53.8:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: enlargkiw.sbs
Source: Malware configuration extractor	URLs: condifendteu.sbs
Source: Malware configuration extractor	URLs: resinedyw.sbs
Source: Malware configuration extractor	URLs: allocatinow.sbs
Source: Malware configuration extractor	URLs: explorationmsn.store
Source: Malware configuration extractor	URLs: vennurviot.sbs
Source: Malware configuration extractor	URLs: drawwyobstacw.sbs
Source: Malware configuration extractor	URLs: ehticsprocw.sbs
Source: Malware configuration extractor	URLs: mathcucom.sbs

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.21.53.8 104.21.53.8
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 188.114.97.3 188.114.97.3
Source: Joe Sandbox View	IP Address: 104.21.33.249 104.21.33.249

Internet Provider seen in connection with other malware

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mathcucom.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: enlargkiw.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: resinedyw.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: vennurviot.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: ehticsprocw.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: condifendteu.sbs
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: drawwyobstacw.sbs
Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: sergei-esenin.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1253Host: sergei-esenin.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1091Host: sergei-esenin.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 87Host: sergei-esenin.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=2d3fa37933740902881225c8; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type34837Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSat, 12 Oct 2024 23:33:10 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control> equals www.youtube.com (Youtube)
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: explorationmsn.store
Source: global traffic	DNS traffic detected: DNS query: mathcucom.sbs
Source: global traffic	DNS traffic detected: DNS query: allocatinow.sbs
Source: global traffic	DNS traffic detected: DNS query: enlargkiw.sbs
Source: global traffic	DNS traffic detected: DNS query: resinedyw.sbs
Source: global traffic	DNS traffic detected: DNS query: vennurviot.sbs
Source: global traffic	DNS traffic detected: DNS query: ehticsprocw.sbs
Source: global traffic	DNS traffic detected: DNS query: condifendteu.sbs
Source: global traffic	DNS traffic detected: DNS query: drawwyobstacw.sbs
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: mathcucom.sbs

Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic2~
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.a
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akam0
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/
Source: Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/pu
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=2Ih2WOq7ErXY&a
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PA
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=engliO
Source: Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=bz0kMfQA
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=hgPi
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=jGtzAgjYROne&l=e
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: Solara.exe, 00000001.00000003.1767376212.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://condifendteu.sbs/
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://condifendteu.sbs/1
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://condifendteu.sbs/api
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://condifendteu.sbs/apiNtM
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/
Source: Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/T
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/api
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/api9et
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/apiKtJ
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/apiZ8
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drawwyobstacw.sbs/apioe
Source: Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ehticsprocw.sbs/
Source: Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://enlargkiw.sbs/
Source: Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://enlargkiw.sbs/W
Source: Solara.exe, 00000001.00000003.1738612549.0000000000F9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://enlargkiw.sbs/api
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resinedyw.sbs/
Source: Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resinedyw.sbs/2
Source: Solara.exe, 00000001.00000003.1738612549.0000000000F9D000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748927531.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resinedyw.sbs/api
Source: Solara.exe, 00000001.00000003.1738612549.0000000000F9D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resinedyw.sbs/apitrf
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: Solara.exe, 00000001.00000003.1828000747.0000000000F4D000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1814943292.0000000000FFD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: Solara.exe, 00000001.00000003.1814184391.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/0
Source: Solara.exe, 00000001.00000002.1828698814.0000000000F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apit
Source: Solara.exe, 00000001.00000003.1807430928.0000000000FFD000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807265156.0000000000FF9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/m
Source: Solara.exe, 00000001.00000003.1814184391.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/ny
Source: Solara.exe, 00000001.00000003.1828000747.0000000000F77000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/api
Source: Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/apiU
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vennurviot.sbs/
Source: Solara.exe, 00000001.00000003.1738612549.0000000000F9D000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748927531.0000000000F8E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vennurviot.sbs/api
Source: Solara.exe, 00000001.00000003.1799781454.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1748853374.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1767376212.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1738612549.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://vennurviot.sbs/j
Source: Solara.exe, 00000001.00000003.1828000747.0000000000F77000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000F77000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-err
Source: Solara.exe, 00000001.00000003.1807265156.0000000001005000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1827882998.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807265156.0000000000FF9000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1821266637.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807410571.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1829163932.0000000003536000.00000004.00000800.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828171164.0000000000FD2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807390109.0000000001000000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828891026.0000000000FEC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: Solara.exe, 00000001.00000002.1829163932.0000000003534000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-m
Source: Solara.exe, 00000001.00000003.1799781454.0000000000F84000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-mY
Source: Solara.exe, 00000001.00000003.1814350837.0000000001005000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1814184391.0000000000FFB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-man
Source: Solara.exe, 00000001.00000002.1829163932.0000000003536000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-manHY
Source: Solara.exe, 00000001.00000003.1807265156.0000000001005000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1828000747.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000003.1807410571.0000000001006000.00000004.00000020.00020000.00000000.sdmp, Solara.exe, 00000001.00000002.1828698814.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: Solara.exe, 00000001.00000003.1799727485.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: Solara.exe, 00000001.00000003.1799757603.0000000000FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.33.249:443 -> 192.168.2.4:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.77.78:443 -> 192.168.2.4:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.140.193:443 -> 192.168.2.4:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.30.221:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.141.136:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49742 version: TLS 1.2

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\Solara.exe

Code function: 1_2_00436290 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

1_2_00436290

Contains functionality to read the clipboard data

Source: C:\Users\user\Desktop\Solara.exe

Code function: 1_2_00436290 OpenClipboard,GetWindowLongW,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,

1_2_00436290

Detected potential crypto function

Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C22093	0_2_00C22093
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C7001B	0_2_00C7001B
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C222DB	0_2_00C222DB
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C7038F	0_2_00C7038F
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CFE350	0_2_00CFE350
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CDC490	0_2_00CDC490
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C8452C	0_2_00C8452C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C706F4	0_2_00C706F4
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00D007E0	0_2_00D007E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C8C87D	0_2_00C8C87D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CFA800	0_2_00CFA800
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6E816	0_2_00C6E816
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CFE830	0_2_00CFE830
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C80980	0_2_00C80980
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C7E901	0_2_00C7E901
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9CA4C	0_2_00C9CA4C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C56A58	0_2_00C56A58
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6EB5E	0_2_00C6EB5E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C70B15	0_2_00C70B15
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CDCDC0	0_2_00CDCDC0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C80EF0	0_2_00C80EF0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6EEB5	0_2_00C6EEB5
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C70F45	0_2_00C70F45
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C930FA	0_2_00C930FA
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6F1FD	0_2_00C6F1FD
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C993F8	0_2_00C993F8
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C81330	0_2_00C81330
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6F58B	0_2_00C6F58B
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CBD560	0_2_00CBD560
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C4F50C	0_2_00C4F50C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CDD510	0_2_00CDD510
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C51670	0_2_00C51670
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9B71C	0_2_00C9B71C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CD98B0	0_2_00CD98B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6F928	0_2_00C6F928
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CF5A60	0_2_00CF5A60
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C6FCB6	0_2_00C6FCB6
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CEFD50	0_2_00CEFD50
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C7DE2E	0_2_00C7DE2E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00CF9FB0	0_2_00CF9FB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00411183	1_2_00411183
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042B2D0	1_2_0042B2D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004283C0	1_2_004283C0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00430570	1_2_00430570
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0043C516	1_2_0043C516
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004465D0	1_2_004465D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040F6A0	1_2_0040F6A0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040DD20	1_2_0040DD20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040CF50	1_2_0040CF50
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042E056	1_2_0042E056
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00436060	1_2_00436060
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00401000	1_2_00401000
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004280F4	1_2_004280F4
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0043A083	1_2_0043A083
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00440080	1_2_00440080
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040A0A0	1_2_0040A0A0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040F150	1_2_0040F150
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00445100	1_2_00445100
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00428110	1_2_00428110
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042D1D1	1_2_0042D1D1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040B190	1_2_0040B190
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040127F	1_2_0040127F
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042C204	1_2_0042C204
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00436290	1_2_00436290
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004452A0	1_2_004452A0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00401356	1_2_00401356
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004273E0	1_2_004273E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0041E400	1_2_0041E400
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00444420	1_2_00444420
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004304A1	1_2_004304A1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00422560	1_2_00422560
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004235E0	1_2_004235E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00434640	1_2_00434640
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0043A65C	1_2_0043A65C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00403630	1_2_00403630
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004096B7	1_2_004096B7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0041771C	1_2_0041771C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040972E	1_2_0040972E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00434860	1_2_00434860
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00407830	1_2_00407830
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0043B8D0	1_2_0043B8D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004408D0	1_2_004408D0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004468B0	1_2_004468B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042B963	1_2_0042B963
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00444900	1_2_00444900
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042A920	1_2_0042A920
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00443930	1_2_00443930
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004309D7	1_2_004309D7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_004319E7	1_2_004319E7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0041F980	1_2_0041F980
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0041DA30	1_2_0041DA30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042CAF1	1_2_0042CAF1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0043BB30	1_2_0043BB30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00446BC0	1_2_00446BC0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00409C01	1_2_00409C01
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00408CCF	1_2_00408CCF
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042DC84	1_2_0042DC84
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040BCA0	1_2_0040BCA0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00429D54	1_2_00429D54
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00404D70	1_2_00404D70
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0040AD00	1_2_0040AD00
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00428D20	1_2_00428D20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00427D3F	1_2_00427D3F
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00444DC0	1_2_00444DC0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042FDD7	1_2_0042FDD7
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0042FDE1	1_2_0042FDE1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00420D85	1_2_00420D85
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00435E20	1_2_00435E20
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00406E30	1_2_00406E30
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00422E90	1_2_00422E90
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00428EB0	1_2_00428EB0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00430FE2	1_2_00430FE2
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C22093	1_2_00C22093
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C7001B	1_2_00C7001B
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C222DB	1_2_00C222DB
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C7038F	1_2_00C7038F
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C8452C	1_2_00C8452C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C706F4	1_2_00C706F4
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C8C87D	1_2_00C8C87D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6E816	1_2_00C6E816
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C80980	1_2_00C80980
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C7E901	1_2_00C7E901
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9CA4C	1_2_00C9CA4C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C56A58	1_2_00C56A58
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6EB5E	1_2_00C6EB5E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C70B15	1_2_00C70B15
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C80EF0	1_2_00C80EF0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6EEB5	1_2_00C6EEB5
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C70F45	1_2_00C70F45
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C930FA	1_2_00C930FA
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6F1FD	1_2_00C6F1FD
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C993F8	1_2_00C993F8
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C81330	1_2_00C81330
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6F58B	1_2_00C6F58B
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C4F50C	1_2_00C4F50C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C51670	1_2_00C51670
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9B71C	1_2_00C9B71C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6F928	1_2_00C6F928
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C6FCB6	1_2_00C6FCB6
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C7DE2E	1_2_00C7DE2E

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 0041D600 appears 217 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C4F210 appears 64 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C5D500 appears 46 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C77A89 appears 58 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C4FFC0 appears 124 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C8B8A4 appears 64 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 0040C800 appears 63 times
Source: C:\Users\user\Desktop\Solara.exe	Code function: String function: 00C4F1DD appears 202 times

Sample file is different than original file name gathered from version info

Source: Solara.exe, 00000000.00000000.1692136684.0000000000D13000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamePrint.Exej% vs Solara.exe
Source: Solara.exe, 00000001.00000002.1828562373.0000000000D13000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamePrint.Exej% vs Solara.exe
Source: Solara.exe, 00000001.00000003.1706262862.00000000028DB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamePrint.Exej% vs Solara.exe
Source: Solara.exe	Binary or memory string: OriginalFilenamePrint.Exej% vs Solara.exe

Uses 32bit PE files

Source: Solara.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal100.troj.evad.winEXE@3/0@11/9

Source: C:\Users\user\Desktop\Solara.exe

Code function: 1_2_0043C420 CoCreateInstance,

1_2_0043C420

Source: Solara.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Solara.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\Solara.exe "C:\Users\user\Desktop\Solara.exe"
Source: C:\Users\user\Desktop\Solara.exe	Process created: C:\Users\user\Desktop\Solara.exe "C:\Users\user\Desktop\Solara.exe"
Source: C:\Users\user\Desktop\Solara.exe	Process created: C:\Users\user\Desktop\Solara.exe "C:\Users\user\Desktop\Solara.exe"	Jump to behavior

Source: C:\Users\user\Desktop\Solara.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\Solara.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Solara.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: Solara.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Solara.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Solara.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Solara.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Solara.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C4F1AB push ecx; ret	0_2_00C4F1BE
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C2967B push 8B00CA91h; iretd	0_2_00C29680
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C29637 push 8B00CA91h; iretd	0_2_00C2963C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00400000 push eax; iretd	1_2_004000A1
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0041C0F3 push cs; mov dword ptr [esp], esi	1_2_0041C0FB
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0044D3D8 push edx; retf 0041h	1_2_0044D3D9
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0044C991 pushfd ; ret	1_2_0044C99D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0044CD67 pushfd ; iretd	1_2_0044CD8F
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_0044CE33 pushfd ; retf	1_2_0044CE34
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C4F1AB push ecx; ret	1_2_00C4F1BE
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C2967B push 8B00CA91h; iretd	1_2_00C29680
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C29637 push 8B00CA91h; iretd	1_2_00C2963C

Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C22606 mov edi, dword ptr fs:[00000030h]	0_2_00C22606
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C86E1E mov ecx, dword ptr fs:[00000030h]	0_2_00C86E1E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9799C mov eax, dword ptr fs:[00000030h]	0_2_00C9799C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00D0FABD mov edi, dword ptr fs:[00000030h]	0_2_00D0FABD
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C22559 mov edi, dword ptr fs:[00000030h]	0_2_00C22559
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C977F3 mov eax, dword ptr fs:[00000030h]	0_2_00C977F3
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C977B0 mov eax, dword ptr fs:[00000030h]	0_2_00C977B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9776D mov eax, dword ptr fs:[00000030h]	0_2_00C9776D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C9784E mov eax, dword ptr fs:[00000030h]	0_2_00C9784E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C979CD mov eax, dword ptr fs:[00000030h]	0_2_00C979CD
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C97958 mov eax, dword ptr fs:[00000030h]	0_2_00C97958
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C97914 mov eax, dword ptr fs:[00000030h]	0_2_00C97914
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C22559 mov edi, dword ptr fs:[00000030h]	1_2_00C22559
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C22606 mov edi, dword ptr fs:[00000030h]	1_2_00C22606
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C86E1E mov ecx, dword ptr fs:[00000030h]	1_2_00C86E1E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C977F3 mov eax, dword ptr fs:[00000030h]	1_2_00C977F3
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C977B0 mov eax, dword ptr fs:[00000030h]	1_2_00C977B0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9776D mov eax, dword ptr fs:[00000030h]	1_2_00C9776D
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9784E mov eax, dword ptr fs:[00000030h]	1_2_00C9784E
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C979CD mov eax, dword ptr fs:[00000030h]	1_2_00C979CD
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C9799C mov eax, dword ptr fs:[00000030h]	1_2_00C9799C
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C97958 mov eax, dword ptr fs:[00000030h]	1_2_00C97958
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C97914 mov eax, dword ptr fs:[00000030h]	1_2_00C97914

Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C775E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00C775E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C4F8E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00C4F8E8
Source: C:\Users\user\Desktop\Solara.exe	Code function: 0_2_00C4FD68 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00C4FD68
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C775E0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00C775E0
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C4F8E8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00C4F8E8
Source: C:\Users\user\Desktop\Solara.exe	Code function: 1_2_00C4FD68 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00C4FD68

Source: Solara.exe	String found in binary or memory: allocatinow.sbsw
Source: Solara.exe	String found in binary or memory: enlargkiw.sbsk
Source: Solara.exe	String found in binary or memory: explorationmsn.stor
Source: Solara.exe	String found in binary or memory: mathcucom.sbsk
Source: Solara.exe	String found in binary or memory: drawwyobstacw.sbs
Source: Solara.exe	String found in binary or memory: ehticsprocw.sbsw
Source: Solara.exe	String found in binary or memory: condifendteu.sbs
Source: Solara.exe	String found in binary or memory: resinedyw.sbsk
Source: Solara.exe	String found in binary or memory: vennurviot.sbsi

Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	0_2_00C9A011
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00C9A13A
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	0_2_00C9A240
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00C9A30F
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoEx,FormatMessageA,	0_2_00C2C540
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoEx,	0_2_00C4E558
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	0_2_00C8B2A2
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	0_2_00C8B433
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00C9998D
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	0_2_00C99C98
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	0_2_00C99C2F
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00C99DBE
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	0_2_00C8BD5E
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	0_2_00C99D33
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	1_2_00C9A011
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	1_2_00C9A13A
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	1_2_00C9A240
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	1_2_00C9A30F
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoEx,FormatMessageA,	1_2_00C2C540
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoEx,	1_2_00C4E558
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	1_2_00C8B2A2
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	1_2_00C8B433
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	1_2_00C9998D
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	1_2_00C99C98
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	1_2_00C99C2F
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	1_2_00C99DBE
Source: C:\Users\user\Desktop\Solara.exe	Code function: GetLocaleInfoW,	1_2_00C8BD5E
Source: C:\Users\user\Desktop\Solara.exe	Code function: EnumSystemLocalesW,	1_2_00C99D33

Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: Process Memory Space: Solara.exe PID: 6812, type: MEMORYSTR

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.53.8	sergei-esenin.com	United States	13335	CLOUDFLARENETUS	true
188.114.97.3	mathcucom.sbs	European Union	13335	CLOUDFLARENETUS	true
104.21.33.249	enlargkiw.sbs	United States	13335	CLOUDFLARENETUS	true
104.21.30.221	ehticsprocw.sbs	United States	13335	CLOUDFLARENETUS	true
188.114.96.3	drawwyobstacw.sbs	European Union	13335	CLOUDFLARENETUS	true
172.67.141.136	condifendteu.sbs	United States	13335	CLOUDFLARENETUS	true
104.102.49.254	steamcommunity.com	United States	16625	AKAMAI-ASUS	true
172.67.140.193	vennurviot.sbs	United States	13335	CLOUDFLARENETUS	true
104.21.77.78	resinedyw.sbs	United States	13335	CLOUDFLARENETUS	true

Name	Malicious	Antivirus Detection	Reputation
enlargkiw.sbs	true		unknown
allocatinow.sbs	true		unknown
drawwyobstacw.sbs	true		unknown
mathcucom.sbs	true		unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
https://vennurviot.sbs/api	true		unknown
ehticsprocw.sbs	true		unknown
condifendteu.sbs	true		unknown
https://drawwyobstacw.sbs/api	true		unknown

ID:	1532354
Product:	CloudBasic
Start time:	01:32:07
Start date:	13.10.2024
Sample:	Solara.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	25e61fd473a4a437c052fe60e4a76e0a
SHA1:	747c49b5e86b4a5c30f2685ec400708f918c814b
SHA256:	58c5681677bccc44d38ca7476282126d6f42810dbf8eaff735ee6d058d843b56
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report Solara.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
Solara.exe

Malware Threat Intel
Provided by